Dobrý den
cca před týdne se mi výrazně spomalil NTB, a nod začal hlásit trojany a blokuje stránky. Jak zapnu int. prohlížeč tak eset blokuje stránku http://alfhadd.no-ip.biz:100/is-ready. Prosím o pomoc děkuji
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by kik (administrator) on KIK-PC (27-12-2016 12:23:01)
Running from C:\Users\kik\Desktop
Loaded Profiles: kik & UpdatusUser (Available Profiles: kik & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\kik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\kik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2016-02-12] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2014-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2014-03-10] (Synaptics Incorporated)
HKLM\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKLM\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: {67d556a0-affd-11e6-ba41-ac72891e4f5a} - G:\Startme.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-05-28] (NVIDIA Corporation)
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs [2016-11-06] ()
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.250.192.1 213.250.194.1
Tcpip\..\Interfaces\{98B0165E-2F05-4440-86BB-FB65468E077E}: [DhcpNameServer] 213.250.192.1 213.250.194.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {08D2BA02-E2BE-481C-BAFA-27B666E6A236} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {12154D41-8799-45BF-BDCE-298659E6B639} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {29A01E2D-7A1A-470B-BA9B-4BBB6C3290CD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {6113D045-0CD7-4843-B9CE-676152EC90BA} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {9FC9731A-A0E6-4CFF-B6B6-EF80586EFD47} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {DB21617D-D6A1-4BB0-89C0-0A590B6B7FBA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {F6ADA3E3-6B5C-410A-95F2-C77CB78F982F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {FB766F29-D473-4113-8FE8-424F01401D37} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {08D2BA02-E2BE-481C-BAFA-27B666E6A236} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {12154D41-8799-45BF-BDCE-298659E6B639} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {29A01E2D-7A1A-470B-BA9B-4BBB6C3290CD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {6113D045-0CD7-4843-B9CE-676152EC90BA} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {7917A5FC-B7C0-434D-9D4E-DEEAC7916BC8} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {9FC9731A-A0E6-4CFF-B6B6-EF80586EFD47} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {DB21617D-D6A1-4BB0-89C0-0A590B6B7FBA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {F6ADA3E3-6B5C-410A-95F2-C77CB78F982F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {FB766F29-D473-4113-8FE8-424F01401D37} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
DPF: HKLM-x32 {4ED0ADAD-9FFA-4315-9E02-6B21A9F5C235}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: r9n6jj6g.default
FF ProfilePath: C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default [2016-12-27]
FF Homepage: Mozilla\Firefox\Profiles\r9n6jj6g.default -> hxxp://seznam.cz/
FF Extension: (Firefox Hotfix) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-15]
FF Extension: (Seznam lištička) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-07-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default [2016-12-25]
CHR Extension: (Prezentace Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-08]
CHR Extension: (Dokumenty Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-08]
CHR Extension: (Disk Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-08]
CHR Extension: (YouTube) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-08]
CHR Extension: (Tabulky Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Gmail) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-08]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-18] (ESET)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2016-03-14] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-18] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-11-18] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-11-18] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-11-18] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-11-18] (ESET)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-12-22] (Kingsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-27 12:23 - 2016-12-27 12:23 - 00021104 _____ C:\Users\kik\Desktop\FRST.txt
2016-12-27 12:22 - 2016-12-27 12:23 - 00000000 ____D C:\FRST
2016-12-27 12:05 - 2016-12-27 12:07 - 00000000 ____D C:\AdwCleaner
2016-12-27 12:05 - 2016-12-27 12:05 - 03977168 _____ C:\Users\kik\Desktop\AdwCleaner.exe
2016-12-27 12:04 - 2016-12-27 12:04 - 02420736 _____ (Farbar) C:\Users\kik\Desktop\FRST64.exe
2016-12-27 12:04 - 2016-12-27 12:04 - 01663040 _____ (Malwarebytes) C:\Users\kik\Desktop\JRT.exe
2016-12-27 08:59 - 2016-12-27 08:59 - 00019066 _____ C:\ComboFix.txt
2016-12-27 08:29 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-27 08:29 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-27 08:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-27 08:28 - 2016-12-27 09:00 - 00000000 ____D C:\Qoobox
2016-12-27 08:28 - 2016-12-27 08:55 - 00000000 ____D C:\Windows\erdnt
2016-12-27 08:28 - 2016-12-27 08:28 - 05659917 ____R (Swearware) C:\Users\kik\Desktop\ComboFix.exe
2016-12-23 09:48 - 2016-12-23 09:48 - 00426104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-23 09:19 - 2016-12-23 09:19 - 00118248 _____ C:\Users\kik\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-22 21:31 - 2016-12-22 21:31 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2016-12-22 21:31 - 2016-12-22 21:31 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\ProgramData\Kingsoft
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\ProgramData\cmcm
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\Program Files (x86)\cmcm
2016-12-21 18:33 - 2016-12-21 18:33 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-12-18 16:27 - 2016-12-18 16:28 - 00000000 ____D C:\Program Files (x86)\mp3DirectCut
2016-12-18 16:27 - 2016-12-18 16:27 - 00001055 _____ C:\Users\kik\Desktop\mp3DirectCut.lnk
2016-12-18 14:43 - 2016-12-18 14:43 - 00001862 _____ C:\Users\Public\Desktop\linguatec Voice Reader.lnk
2016-12-18 14:43 - 2016-12-18 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec
2016-12-18 14:43 - 2016-12-18 14:43 - 00000000 ____D C:\Program Files (x86)\linguatec
2016-12-18 14:43 - 2004-10-11 13:29 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2016-12-18 14:43 - 2004-10-11 13:29 - 00499712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2016-12-18 14:43 - 2004-10-11 13:29 - 00348160 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-12-18 14:43 - 2003-03-19 07:12 - 01047552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll
2016-12-17 16:20 - 2016-12-17 16:20 - 00000000 ____D C:\Users\kik\Nová složka
2016-12-17 11:08 - 2016-12-17 11:08 - 00001029 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk
2016-12-17 11:08 - 2016-12-17 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2016-12-16 22:08 - 2016-12-21 18:32 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2016-12-14 19:35 - 2016-12-14 19:35 - 00000000 ____D C:\Users\kik\AppData\Local\Chromium
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\%LOCALAPPDATA%
2016-12-08 20:43 - 2016-12-08 20:45 - 57375934 _____ C:\Users\kik\Documents\ĺSCN9076.MOV
2016-12-08 19:50 - 2016-12-08 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program
2016-12-08 19:50 - 2016-12-08 19:50 - 00000000 ____D C:\Program Files (x86)\My Program
2016-12-08 19:48 - 2016-11-06 23:07 - 00045902 _____ C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
2016-12-08 17:59 - 2016-12-08 17:59 - 00000000 ____D C:\Program Files\EaseUS
2016-12-08 16:48 - 2016-12-15 19:27 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-08 16:47 - 2016-12-08 18:10 - 00000000 ____D C:\Users\kik\AppData\Local\Google
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-27 12:22 - 2016-11-15 19:49 - 00000000 ____D C:\Users\kik\AppData\LocalLow\Mozilla
2016-12-27 12:20 - 2011-04-12 09:34 - 00671630 _____ C:\Windows\system32\perfh005.dat
2016-12-27 12:20 - 2011-04-12 09:34 - 00142194 _____ C:\Windows\system32\perfc005.dat
2016-12-27 12:20 - 2009-07-14 06:13 - 01590786 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-27 12:20 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-27 12:20 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-27 12:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-27 12:19 - 2016-04-07 20:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-27 12:18 - 2016-03-17 20:47 - 00000000 ____D C:\Users\kik\AppData\Roaming\Seznam.cz
2016-12-27 12:13 - 2016-04-03 20:15 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-27 12:13 - 2016-02-12 16:14 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-27 12:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-27 09:44 - 2016-02-12 16:31 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-27 08:40 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-12-27 00:02 - 2016-03-13 18:34 - 00000000 ____D C:\Users\kik\AppData\Roaming\vlc
2016-12-23 12:09 - 2016-03-13 18:33 - 00371200 _____ C:\Users\kik\Desktop\účet 2009.xls
2016-12-22 21:35 - 2016-03-14 18:46 - 00000000 ____D C:\Users\kik\AppData\Roaming\DAEMON Tools Lite
2016-12-22 21:32 - 2016-02-12 14:31 - 00000000 ____D C:\Windows\Panther
2016-12-22 21:32 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-12-18 14:43 - 2016-02-12 16:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-18 09:08 - 2016-06-28 18:04 - 00000000 ____D C:\Users\kik\AppData\Local\ElevatedDiagnostics
2016-12-18 09:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-17 16:20 - 2016-02-12 15:09 - 00000000 ____D C:\Users\kik
2016-12-16 21:27 - 2016-05-11 18:21 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933
2016-12-16 21:27 - 2016-04-03 20:15 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-15 19:06 - 2016-02-12 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 20:44 - 2016-02-12 16:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 20:44 - 2016-02-12 16:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 20:44 - 2016-02-12 16:31 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 20:44 - 2016-02-12 16:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 20:44 - 2016-02-12 16:31 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 20:14 - 2016-11-15 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-14 19:36 - 2016-04-07 20:11 - 00000000 ____D C:\Users\kik\AppData\Local\Steam
2016-12-14 19:34 - 2016-02-12 16:14 - 00000000 ____D C:\Users\UpdatusUser
2016-12-08 16:48 - 2016-04-03 20:15 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-08 15:28 - 2016-02-12 15:11 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2016-12-07 16:03 - 2016-03-20 18:08 - 00000000 ____D C:\Users\kik\AppData\Roaming\dvdcss
2016-12-07 15:51 - 2016-02-12 15:11 - 00001153 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2016-12-07 15:51 - 2016-02-12 15:11 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-11-27 11:28 - 2016-03-13 18:33 - 00010263 _____ C:\Users\kik\Desktop\p z k.xlsx
==================== Files in the root of some directories =======
2016-12-08 19:48 - 2016-11-06 23:07 - 0045902 _____ () C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
2016-10-11 19:18 - 2016-10-21 14:58 - 0004608 _____ () C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Users\kik\AppData\Local\Temp\libeay32.dll
C:\Users\kik\AppData\Local\Temp\msvcr120.dll
C:\Users\kik\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-24 13:12
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by kik (27-12-2016 12:23:31)
Running from C:\Users\kik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-12 14:09:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3848322618-442018629-1780355425-500 - Administrator - Disabled)
Guest (S-1-5-21-3848322618-442018629-1780355425-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3848322618-442018629-1780355425-1003 - Limited - Enabled)
kik (S-1-5-21-3848322618-442018629-1780355425-1000 - Administrator - Enabled) => C:\Users\kik
UpdatusUser (S-1-5-21-3848322618-442018629-1780355425-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.6.3.0 - Asmedia Technology)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0013 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
ESET Smart Security (HKLM\...\{B7DE9695-00B8-4935-97B5-A2CBFBA6A3F8}) (Version: 9.0.376.1 - ESET, spol. s r.o.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 cs)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
My Program version 1.5 (HKLM-x32\...\{11C0B447-2D00-4891-B686-367E63EDAC63}_is1) (Version: 1.5 - My Company, Inc.)
NVIDIA Ovladač 3D Vision 268.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 268.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.74 - NVIDIA Corporation)
Ovládací panel NVIDIA 268.74 (Version: 268.74 - NVIDIA Corporation) Hidden
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM\...\Steam App 4500) (Version: - GSC Game World)
Seznam Software (HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\SeznamInstall) (Version: - Seznam.cz)
Seznam Software (HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\SeznamInstall) (Version: - Seznam.cz)
Slideshow Creator (HKLM-x32\...\{4E1A63B1-F547-4CFC-91F7-F32F1A6BF430}_is1) (Version: 1.4 - Bolide Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {062E3D81-37CB-4AFC-9099-B80101F17491} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {07B27044-6E8C-4717-AF7E-AA85B45144A7} - System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {093C71EA-A147-43C0-A495-B11A3ED46C4B} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {0BB7DBA3-E1EC-4BEC-9E22-75A6D3372D94} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {0EFF2C3E-02A6-42C2-BF76-2593DE06D45D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {14631C8D-B636-4F9F-B71B-5B5013F67550} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {155A9281-C6A6-4770-B36A-05E50ED05FED} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1D25DFBE-1A92-4F17-ADFC-EE604932C50F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {25EEE18A-5CC8-4EAC-8B36-BB9BF7A40451} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {2AFE5FE1-554E-475E-A609-43071913EA90} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B9A048B-F9C6-45BD-A1D5-275FA63DA658} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {2ED7D93E-3C84-475F-9EEB-5CB1493D7BDE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {2FCAAC55-5239-4831-A3EF-70138DB15331} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {30CA994A-4AD5-4489-A314-B5D8D5EA5D04} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {40998701-8693-45F4-B716-32B7B2CB32C9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {5D8783EB-A2F8-491E-B1D4-87B2F400412F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {65722CEB-898F-4DB6-8B5C-527959478998} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {85BD1173-8997-422B-BB95-391606F20E12} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {933F48B3-F598-4C79-8FC9-C07BDD85D56B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {9E4B6383-6268-46BE-8C85-DFCF644CF1D4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AA621048-FF7A-4708-A073-42D0BAAA403C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C1360B99-1C98-451C-B579-1852EE81DE84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {C646F5CB-5A97-4EFF-98DB-0F094323308F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C99C02A0-36EA-443E-8A59-5001192B1F75} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {D1A843A6-D4FD-447E-834D-02E721DEEE14} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {D6FDE686-B4E7-4907-87A5-8E9BA9AF0FA0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {EB1E6AEB-6D0C-414C-ABB3-760480EF4204} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {EC4E4B4E-9461-4986-AD96-F82782338039} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F34C6BCF-E242-4E78-8258-EF4F26B847C6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-03-17 20:47 - 2015-05-26 12:35 - 00079872 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\1927libfoxloader-x64.dll
2016-02-12 16:09 - 2011-04-10 10:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-03-13 18:27 - 2014-03-10 22:00 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-09-25 19:44 - 2014-09-25 19:44 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-03-17 20:47 - 2015-05-26 12:38 - 00457384 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2016-03-17 20:47 - 2015-05-26 12:36 - 00073896 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2016-03-17 20:47 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\1927libfoxloader.dll
2016-04-07 20:11 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-07 20:11 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-03-17 20:47 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-12-14 19:35 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-07 20:11 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-12-27 08:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.250.192.1 - 213.250.194.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9B8694DF-571E-4774-A10E-3187262659BC}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6233870B-1DE6-4996-AD8C-3B33B48E8208}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{A2C55146-019D-4270-A981-8B6B18CADBF9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41152431-5129-4833-9856-3BE0620A7B20}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BEC1CD2-BE0B-43DB-ABDC-AC4DCFE8BD31}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C207833-534B-43BD-B9FD-BD106979C909}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{32CBE80F-D2BD-4279-82FC-E8D8B0C8B55F}] => C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{6100EFE1-AC24-4E6B-89B0-97FB556C6101}] => C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{0E4A21A3-D0C8-4F45-8C02-C533CBD609B4}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{13B5884B-7313-45E2-B8C3-8B4D97D05F40}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{14DE22E1-9935-44C9-AD6B-C0C3545FDFB5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
09-12-2016 05:11:44 Windows Update
17-12-2016 00:01:20 Naplánovaný kontrolní bod
17-12-2016 05:41:08 Windows Update
18-12-2016 14:43:16 Installed linguatec Voice Reader
25-12-2016 19:21:35 Naplánovaný kontrolní bod
27-12-2016 08:29:47 ComboFix created restore point
27-12-2016 12:09:54 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2016 12:13:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 12:08:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (12/27/2016 12:08:04 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 12:08:04 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 12:08:04 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 11:56:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (12/27/2016 11:56:13 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0
System errors:
=============
Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.
Cesta k modulu: C:\Windows\System32\IWMSSvc.dll
Kód chyby: 126
Error: (12/27/2016 12:13:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 12:10:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Driver Helper Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/27/2016 12:08:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.
Cesta k modulu: C:\Windows\System32\IWMSSvc.dll
Kód chyby: 126
Error: (12/27/2016 12:08:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 12:07:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Update Service Daemon byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/27/2016 12:07:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (12/27/2016 12:07:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Office Software Protection Platform byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/27/2016 12:07:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bluetooth Media Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/27/2016 12:07:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bluetooth OBEX Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
CodeIntegrity:
===================================
Date: 2016-12-27 09:29:41.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:41.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:41.293
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:41.246
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 08:35:04.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-27 08:35:04.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-26 09:03:55.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 8102.06 MB
Available physical RAM: 6405.6 MB
Total Virtual: 16202.32 MB
Available Virtual: 14422.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.47 GB) (Free:186.4 GB) NTFS
Drive d: () (Fixed) (Total:146.39 GB) (Free:62.37 GB) NTFS
Drive e: (Nový svazek) (Fixed) (Total:319.27 GB) (Free:4.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 9152EE0C)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9A8E8901)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
pomalý NTB, eset neustale odstranuje trojany
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalý NTB, eset neustale odstranuje trojany
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pomalý NTB, eset neustale odstranuje trojany
# AdwCleaner v6.041 - Log vytvořen 27/12/2016 v 17:35:53
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-26.3 [Místní]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : kik - KIK-PC
# Spuštěno z : C:\Users\kik\Desktop\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC
***** [ Registry ] *****
[#] Klíč smazán po restartu: HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3415 Bajty] - [27/12/2016 12:07:22]
C:\AdwCleaner\AdwCleaner[C2].txt - [1141 Bajty] - [27/12/2016 17:35:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [3427 Bajty] - [27/12/2016 12:06:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [1681 Bajty] - [27/12/2016 17:35:39]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1360 Bajty] ##########
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-26.3 [Místní]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : kik - KIK-PC
# Spuštěno z : C:\Users\kik\Desktop\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC
***** [ Registry ] *****
[#] Klíč smazán po restartu: HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3415 Bajty] - [27/12/2016 12:07:22]
C:\AdwCleaner\AdwCleaner[C2].txt - [1141 Bajty] - [27/12/2016 17:35:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [3427 Bajty] - [27/12/2016 12:06:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [1681 Bajty] - [27/12/2016 17:35:39]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1360 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalý NTB, eset neustale odstranuje trojany
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pomalý NTB, eset neustale odstranuje trojany
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by kik (administrator) on KIK-PC (27-12-2016 19:12:43)
Running from C:\Users\kik\Desktop
Loaded Profiles: kik & UpdatusUser (Available Profiles: kik & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Users\kik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Users\kik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2016-02-12] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2014-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2014-03-10] (Synaptics Incorporated)
HKLM\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKLM\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: {67d556a0-affd-11e6-ba41-ac72891e4f5a} - G:\Startme.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-05-28] (NVIDIA Corporation)
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs [2016-11-06] ()
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.250.192.1 213.250.194.1
Tcpip\..\Interfaces\{98B0165E-2F05-4440-86BB-FB65468E077E}: [DhcpNameServer] 213.250.192.1 213.250.194.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {08D2BA02-E2BE-481C-BAFA-27B666E6A236} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {12154D41-8799-45BF-BDCE-298659E6B639} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {29A01E2D-7A1A-470B-BA9B-4BBB6C3290CD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {6113D045-0CD7-4843-B9CE-676152EC90BA} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {9FC9731A-A0E6-4CFF-B6B6-EF80586EFD47} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {DB21617D-D6A1-4BB0-89C0-0A590B6B7FBA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {F6ADA3E3-6B5C-410A-95F2-C77CB78F982F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {FB766F29-D473-4113-8FE8-424F01401D37} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {08D2BA02-E2BE-481C-BAFA-27B666E6A236} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {12154D41-8799-45BF-BDCE-298659E6B639} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {29A01E2D-7A1A-470B-BA9B-4BBB6C3290CD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {6113D045-0CD7-4843-B9CE-676152EC90BA} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {7917A5FC-B7C0-434D-9D4E-DEEAC7916BC8} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {9FC9731A-A0E6-4CFF-B6B6-EF80586EFD47} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {DB21617D-D6A1-4BB0-89C0-0A590B6B7FBA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {F6ADA3E3-6B5C-410A-95F2-C77CB78F982F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {FB766F29-D473-4113-8FE8-424F01401D37} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
DPF: HKLM-x32 {4ED0ADAD-9FFA-4315-9E02-6B21A9F5C235}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: r9n6jj6g.default
FF ProfilePath: C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default [2016-12-27]
FF Homepage: Mozilla\Firefox\Profiles\r9n6jj6g.default -> hxxp://seznam.cz/
FF Extension: (Firefox Hotfix) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-15]
FF Extension: (Seznam lištička) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-07-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default [2016-12-25]
CHR Extension: (Prezentace Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-08]
CHR Extension: (Dokumenty Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-08]
CHR Extension: (Disk Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-08]
CHR Extension: (YouTube) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-08]
CHR Extension: (Tabulky Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Gmail) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-08]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-18] (ESET)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2016-03-14] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-18] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-11-18] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-11-18] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-11-18] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-11-18] (ESET)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-12-22] (Kingsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-27 17:34 - 2016-12-27 17:34 - 03977168 _____ C:\Users\kik\Desktop\adwcleaner_6.041.exe
2016-12-27 12:23 - 2016-12-27 19:12 - 00021104 _____ C:\Users\kik\Desktop\FRST.txt
2016-12-27 12:23 - 2016-12-27 12:23 - 00027190 _____ C:\Users\kik\Desktop\Addition.txt
2016-12-27 12:22 - 2016-12-27 19:12 - 00000000 ____D C:\FRST
2016-12-27 12:05 - 2016-12-27 17:35 - 00000000 ____D C:\AdwCleaner
2016-12-27 12:05 - 2016-12-27 12:05 - 03977168 _____ C:\Users\kik\Desktop\AdwCleaner.exe
2016-12-27 12:04 - 2016-12-27 12:04 - 02420736 _____ (Farbar) C:\Users\kik\Desktop\FRST64.exe
2016-12-27 12:04 - 2016-12-27 12:04 - 01663040 _____ (Malwarebytes) C:\Users\kik\Desktop\JRT.exe
2016-12-27 08:59 - 2016-12-27 08:59 - 00019066 _____ C:\ComboFix.txt
2016-12-27 08:29 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-27 08:29 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-27 08:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-27 08:28 - 2016-12-27 09:00 - 00000000 ____D C:\Qoobox
2016-12-27 08:28 - 2016-12-27 08:55 - 00000000 ____D C:\Windows\erdnt
2016-12-27 08:28 - 2016-12-27 08:28 - 05659917 ____R (Swearware) C:\Users\kik\Desktop\ComboFix.exe
2016-12-23 09:48 - 2016-12-23 09:48 - 00426104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-23 09:19 - 2016-12-23 09:19 - 00118248 _____ C:\Users\kik\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-22 21:31 - 2016-12-22 21:31 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2016-12-22 21:31 - 2016-12-22 21:31 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\ProgramData\Kingsoft
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\ProgramData\cmcm
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\Program Files (x86)\cmcm
2016-12-21 18:33 - 2016-12-21 18:33 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-12-18 16:27 - 2016-12-18 16:28 - 00000000 ____D C:\Program Files (x86)\mp3DirectCut
2016-12-18 16:27 - 2016-12-18 16:27 - 00001055 _____ C:\Users\kik\Desktop\mp3DirectCut.lnk
2016-12-18 14:43 - 2016-12-18 14:43 - 00001862 _____ C:\Users\Public\Desktop\linguatec Voice Reader.lnk
2016-12-18 14:43 - 2016-12-18 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec
2016-12-18 14:43 - 2016-12-18 14:43 - 00000000 ____D C:\Program Files (x86)\linguatec
2016-12-18 14:43 - 2004-10-11 13:29 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2016-12-18 14:43 - 2004-10-11 13:29 - 00499712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2016-12-18 14:43 - 2004-10-11 13:29 - 00348160 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-12-18 14:43 - 2003-03-19 07:12 - 01047552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll
2016-12-17 16:20 - 2016-12-17 16:20 - 00000000 ____D C:\Users\kik\Nová složka
2016-12-17 11:08 - 2016-12-17 11:08 - 00001029 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk
2016-12-17 11:08 - 2016-12-17 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2016-12-16 22:08 - 2016-12-21 18:32 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2016-12-14 19:35 - 2016-12-14 19:35 - 00000000 ____D C:\Users\kik\AppData\Local\Chromium
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\%LOCALAPPDATA%
2016-12-08 20:43 - 2016-12-08 20:45 - 57375934 _____ C:\Users\kik\Documents\ĺSCN9076.MOV
2016-12-08 19:50 - 2016-12-08 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program
2016-12-08 19:50 - 2016-12-08 19:50 - 00000000 ____D C:\Program Files (x86)\My Program
2016-12-08 19:48 - 2016-11-06 23:07 - 00045902 _____ C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
2016-12-08 17:59 - 2016-12-08 17:59 - 00000000 ____D C:\Program Files\EaseUS
2016-12-08 16:48 - 2016-12-15 19:27 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-08 16:47 - 2016-12-08 18:10 - 00000000 ____D C:\Users\kik\AppData\Local\Google
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-27 18:44 - 2016-02-12 16:31 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-27 17:43 - 2011-04-12 09:34 - 00671630 _____ C:\Windows\system32\perfh005.dat
2016-12-27 17:43 - 2011-04-12 09:34 - 00142194 _____ C:\Windows\system32\perfc005.dat
2016-12-27 17:43 - 2009-07-14 06:13 - 01590786 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-27 17:43 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-27 17:43 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-27 17:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-27 17:42 - 2016-04-07 20:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-27 17:41 - 2016-03-17 20:47 - 00000000 ____D C:\Users\kik\AppData\Roaming\Seznam.cz
2016-12-27 17:37 - 2016-11-15 19:49 - 00000000 ____D C:\Users\kik\AppData\LocalLow\Mozilla
2016-12-27 17:37 - 2016-04-03 20:15 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-27 17:36 - 2016-02-12 16:14 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-27 17:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-27 08:40 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-12-27 00:02 - 2016-03-13 18:34 - 00000000 ____D C:\Users\kik\AppData\Roaming\vlc
2016-12-23 12:09 - 2016-03-13 18:33 - 00371200 _____ C:\Users\kik\Desktop\účet 2009.xls
2016-12-22 21:35 - 2016-03-14 18:46 - 00000000 ____D C:\Users\kik\AppData\Roaming\DAEMON Tools Lite
2016-12-22 21:32 - 2016-02-12 14:31 - 00000000 ____D C:\Windows\Panther
2016-12-22 21:32 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-12-18 14:43 - 2016-02-12 16:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-18 09:08 - 2016-06-28 18:04 - 00000000 ____D C:\Users\kik\AppData\Local\ElevatedDiagnostics
2016-12-18 09:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-17 16:20 - 2016-02-12 15:09 - 00000000 ____D C:\Users\kik
2016-12-16 21:27 - 2016-05-11 18:21 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933
2016-12-16 21:27 - 2016-04-03 20:15 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-15 19:06 - 2016-02-12 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 20:44 - 2016-02-12 16:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 20:44 - 2016-02-12 16:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 20:44 - 2016-02-12 16:31 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 20:44 - 2016-02-12 16:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 20:44 - 2016-02-12 16:31 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 20:14 - 2016-11-15 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-14 19:36 - 2016-04-07 20:11 - 00000000 ____D C:\Users\kik\AppData\Local\Steam
2016-12-14 19:34 - 2016-02-12 16:14 - 00000000 ____D C:\Users\UpdatusUser
2016-12-08 16:48 - 2016-04-03 20:15 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-08 15:28 - 2016-02-12 15:11 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2016-12-07 16:03 - 2016-03-20 18:08 - 00000000 ____D C:\Users\kik\AppData\Roaming\dvdcss
2016-12-07 15:51 - 2016-02-12 15:11 - 00001153 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2016-12-07 15:51 - 2016-02-12 15:11 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-11-27 11:28 - 2016-03-13 18:33 - 00010263 _____ C:\Users\kik\Desktop\p z k.xlsx
==================== Files in the root of some directories =======
2016-12-08 19:48 - 2016-11-06 23:07 - 0045902 _____ () C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
2016-10-11 19:18 - 2016-10-21 14:58 - 0004608 _____ () C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Users\kik\AppData\Local\Temp\libeay32.dll
C:\Users\kik\AppData\Local\Temp\msvcr120.dll
C:\Users\kik\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-24 13:12
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by kik (27-12-2016 19:13:05)
Running from C:\Users\kik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-12 14:09:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3848322618-442018629-1780355425-500 - Administrator - Disabled)
Guest (S-1-5-21-3848322618-442018629-1780355425-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3848322618-442018629-1780355425-1003 - Limited - Enabled)
kik (S-1-5-21-3848322618-442018629-1780355425-1000 - Administrator - Enabled) => C:\Users\kik
UpdatusUser (S-1-5-21-3848322618-442018629-1780355425-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.6.3.0 - Asmedia Technology)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0013 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
ESET Smart Security (HKLM\...\{B7DE9695-00B8-4935-97B5-A2CBFBA6A3F8}) (Version: 9.0.376.1 - ESET, spol. s r.o.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 cs)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
My Program version 1.5 (HKLM-x32\...\{11C0B447-2D00-4891-B686-367E63EDAC63}_is1) (Version: 1.5 - My Company, Inc.)
NVIDIA Ovladač 3D Vision 268.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 268.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.74 - NVIDIA Corporation)
Ovládací panel NVIDIA 268.74 (Version: 268.74 - NVIDIA Corporation) Hidden
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM\...\Steam App 4500) (Version: - GSC Game World)
Seznam Software (HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\SeznamInstall) (Version: - Seznam.cz)
Seznam Software (HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\SeznamInstall) (Version: - Seznam.cz)
Slideshow Creator (HKLM-x32\...\{4E1A63B1-F547-4CFC-91F7-F32F1A6BF430}_is1) (Version: 1.4 - Bolide Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {062E3D81-37CB-4AFC-9099-B80101F17491} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {07B27044-6E8C-4717-AF7E-AA85B45144A7} - System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {093C71EA-A147-43C0-A495-B11A3ED46C4B} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {0BB7DBA3-E1EC-4BEC-9E22-75A6D3372D94} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {0EFF2C3E-02A6-42C2-BF76-2593DE06D45D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {14631C8D-B636-4F9F-B71B-5B5013F67550} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {155A9281-C6A6-4770-B36A-05E50ED05FED} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1D25DFBE-1A92-4F17-ADFC-EE604932C50F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {25EEE18A-5CC8-4EAC-8B36-BB9BF7A40451} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {2AFE5FE1-554E-475E-A609-43071913EA90} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B9A048B-F9C6-45BD-A1D5-275FA63DA658} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {2ED7D93E-3C84-475F-9EEB-5CB1493D7BDE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {2FCAAC55-5239-4831-A3EF-70138DB15331} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {30CA994A-4AD5-4489-A314-B5D8D5EA5D04} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {40998701-8693-45F4-B716-32B7B2CB32C9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {5D8783EB-A2F8-491E-B1D4-87B2F400412F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {65722CEB-898F-4DB6-8B5C-527959478998} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {85BD1173-8997-422B-BB95-391606F20E12} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {933F48B3-F598-4C79-8FC9-C07BDD85D56B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {9E4B6383-6268-46BE-8C85-DFCF644CF1D4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AA621048-FF7A-4708-A073-42D0BAAA403C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C1360B99-1C98-451C-B579-1852EE81DE84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {C646F5CB-5A97-4EFF-98DB-0F094323308F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C99C02A0-36EA-443E-8A59-5001192B1F75} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {D1A843A6-D4FD-447E-834D-02E721DEEE14} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {D6FDE686-B4E7-4907-87A5-8E9BA9AF0FA0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {EB1E6AEB-6D0C-414C-ABB3-760480EF4204} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {EC4E4B4E-9461-4986-AD96-F82782338039} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F34C6BCF-E242-4E78-8258-EF4F26B847C6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-03-17 20:47 - 2015-05-26 12:35 - 00079872 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\1927libfoxloader-x64.dll
2016-02-12 16:09 - 2011-04-10 10:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-03-13 18:27 - 2014-03-10 22:00 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-09-25 19:44 - 2014-09-25 19:44 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-03-17 20:47 - 2015-05-26 12:38 - 00457384 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2016-03-17 20:47 - 2015-05-26 12:36 - 00073896 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2016-03-17 20:47 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\1927libfoxloader.dll
2016-04-07 20:11 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-07 20:11 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-03-17 20:47 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-12-14 19:35 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-07 20:11 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-12-27 08:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.250.192.1 - 213.250.194.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9B8694DF-571E-4774-A10E-3187262659BC}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6233870B-1DE6-4996-AD8C-3B33B48E8208}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{A2C55146-019D-4270-A981-8B6B18CADBF9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41152431-5129-4833-9856-3BE0620A7B20}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BEC1CD2-BE0B-43DB-ABDC-AC4DCFE8BD31}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C207833-534B-43BD-B9FD-BD106979C909}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{32CBE80F-D2BD-4279-82FC-E8D8B0C8B55F}] => C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{6100EFE1-AC24-4E6B-89B0-97FB556C6101}] => C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{0E4A21A3-D0C8-4F45-8C02-C533CBD609B4}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{13B5884B-7313-45E2-B8C3-8B4D97D05F40}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{14DE22E1-9935-44C9-AD6B-C0C3545FDFB5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
09-12-2016 05:11:44 Windows Update
17-12-2016 00:01:20 Naplánovaný kontrolní bod
17-12-2016 05:41:08 Windows Update
18-12-2016 14:43:16 Installed linguatec Voice Reader
25-12-2016 19:21:35 Naplánovaný kontrolní bod
27-12-2016 08:29:47 ComboFix created restore point
27-12-2016 12:09:54 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2016 05:36:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (12/27/2016 05:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 05:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 05:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 04:12:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80004005).
Error: (12/27/2016 12:13:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 12:08:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (12/27/2016 07:07:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 05:58:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 05:58:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 05:58:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
CodeIntegrity:
===================================
Date: 2016-12-27 09:29:41.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:41.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:41.293
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:41.246
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 08:35:04.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-27 08:35:04.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-26 09:03:55.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8102.06 MB
Available physical RAM: 5867.03 MB
Total Virtual: 16202.32 MB
Available Virtual: 13778.22 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.47 GB) (Free:186.05 GB) NTFS
Drive d: () (Fixed) (Total:146.39 GB) (Free:62.37 GB) NTFS
Drive e: (Nový svazek) (Fixed) (Total:319.27 GB) (Free:4.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 9152EE0C)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9A8E8901)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by kik (administrator) on KIK-PC (27-12-2016 19:12:43)
Running from C:\Users\kik\Desktop
Loaded Profiles: kik & UpdatusUser (Available Profiles: kik & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Users\kik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Users\kik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2016-02-12] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2014-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2014-03-10] (Synaptics Incorporated)
HKLM\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKLM\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: {67d556a0-affd-11e6-ba41-ac72891e4f5a} - G:\Startme.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-05-28] (NVIDIA Corporation)
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs [2016-11-06] ()
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.250.192.1 213.250.194.1
Tcpip\..\Interfaces\{98B0165E-2F05-4440-86BB-FB65468E077E}: [DhcpNameServer] 213.250.192.1 213.250.194.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {08D2BA02-E2BE-481C-BAFA-27B666E6A236} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {12154D41-8799-45BF-BDCE-298659E6B639} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {29A01E2D-7A1A-470B-BA9B-4BBB6C3290CD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {6113D045-0CD7-4843-B9CE-676152EC90BA} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {9FC9731A-A0E6-4CFF-B6B6-EF80586EFD47} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {DB21617D-D6A1-4BB0-89C0-0A590B6B7FBA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {F6ADA3E3-6B5C-410A-95F2-C77CB78F982F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {FB766F29-D473-4113-8FE8-424F01401D37} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {08D2BA02-E2BE-481C-BAFA-27B666E6A236} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {12154D41-8799-45BF-BDCE-298659E6B639} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {29A01E2D-7A1A-470B-BA9B-4BBB6C3290CD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {6113D045-0CD7-4843-B9CE-676152EC90BA} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {7917A5FC-B7C0-434D-9D4E-DEEAC7916BC8} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {9FC9731A-A0E6-4CFF-B6B6-EF80586EFD47} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {DB21617D-D6A1-4BB0-89C0-0A590B6B7FBA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {F6ADA3E3-6B5C-410A-95F2-C77CB78F982F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {FB766F29-D473-4113-8FE8-424F01401D37} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
DPF: HKLM-x32 {4ED0ADAD-9FFA-4315-9E02-6B21A9F5C235}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: r9n6jj6g.default
FF ProfilePath: C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default [2016-12-27]
FF Homepage: Mozilla\Firefox\Profiles\r9n6jj6g.default -> hxxp://seznam.cz/
FF Extension: (Firefox Hotfix) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-15]
FF Extension: (Seznam lištička) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-07-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default [2016-12-25]
CHR Extension: (Prezentace Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-08]
CHR Extension: (Dokumenty Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-08]
CHR Extension: (Disk Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-08]
CHR Extension: (YouTube) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-08]
CHR Extension: (Tabulky Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Gmail) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-08]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-18] (ESET)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2016-03-14] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-18] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-11-18] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-11-18] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-11-18] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-11-18] (ESET)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-12-22] (Kingsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-27 17:34 - 2016-12-27 17:34 - 03977168 _____ C:\Users\kik\Desktop\adwcleaner_6.041.exe
2016-12-27 12:23 - 2016-12-27 19:12 - 00021104 _____ C:\Users\kik\Desktop\FRST.txt
2016-12-27 12:23 - 2016-12-27 12:23 - 00027190 _____ C:\Users\kik\Desktop\Addition.txt
2016-12-27 12:22 - 2016-12-27 19:12 - 00000000 ____D C:\FRST
2016-12-27 12:05 - 2016-12-27 17:35 - 00000000 ____D C:\AdwCleaner
2016-12-27 12:05 - 2016-12-27 12:05 - 03977168 _____ C:\Users\kik\Desktop\AdwCleaner.exe
2016-12-27 12:04 - 2016-12-27 12:04 - 02420736 _____ (Farbar) C:\Users\kik\Desktop\FRST64.exe
2016-12-27 12:04 - 2016-12-27 12:04 - 01663040 _____ (Malwarebytes) C:\Users\kik\Desktop\JRT.exe
2016-12-27 08:59 - 2016-12-27 08:59 - 00019066 _____ C:\ComboFix.txt
2016-12-27 08:29 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-27 08:29 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-27 08:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-27 08:28 - 2016-12-27 09:00 - 00000000 ____D C:\Qoobox
2016-12-27 08:28 - 2016-12-27 08:55 - 00000000 ____D C:\Windows\erdnt
2016-12-27 08:28 - 2016-12-27 08:28 - 05659917 ____R (Swearware) C:\Users\kik\Desktop\ComboFix.exe
2016-12-23 09:48 - 2016-12-23 09:48 - 00426104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-23 09:19 - 2016-12-23 09:19 - 00118248 _____ C:\Users\kik\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-22 21:31 - 2016-12-22 21:31 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2016-12-22 21:31 - 2016-12-22 21:31 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\ProgramData\Kingsoft
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\ProgramData\cmcm
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\Program Files (x86)\cmcm
2016-12-21 18:33 - 2016-12-21 18:33 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-12-18 16:27 - 2016-12-18 16:28 - 00000000 ____D C:\Program Files (x86)\mp3DirectCut
2016-12-18 16:27 - 2016-12-18 16:27 - 00001055 _____ C:\Users\kik\Desktop\mp3DirectCut.lnk
2016-12-18 14:43 - 2016-12-18 14:43 - 00001862 _____ C:\Users\Public\Desktop\linguatec Voice Reader.lnk
2016-12-18 14:43 - 2016-12-18 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec
2016-12-18 14:43 - 2016-12-18 14:43 - 00000000 ____D C:\Program Files (x86)\linguatec
2016-12-18 14:43 - 2004-10-11 13:29 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2016-12-18 14:43 - 2004-10-11 13:29 - 00499712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2016-12-18 14:43 - 2004-10-11 13:29 - 00348160 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-12-18 14:43 - 2003-03-19 07:12 - 01047552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll
2016-12-17 16:20 - 2016-12-17 16:20 - 00000000 ____D C:\Users\kik\Nová složka
2016-12-17 11:08 - 2016-12-17 11:08 - 00001029 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk
2016-12-17 11:08 - 2016-12-17 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2016-12-16 22:08 - 2016-12-21 18:32 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2016-12-14 19:35 - 2016-12-14 19:35 - 00000000 ____D C:\Users\kik\AppData\Local\Chromium
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\%LOCALAPPDATA%
2016-12-08 20:43 - 2016-12-08 20:45 - 57375934 _____ C:\Users\kik\Documents\ĺSCN9076.MOV
2016-12-08 19:50 - 2016-12-08 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program
2016-12-08 19:50 - 2016-12-08 19:50 - 00000000 ____D C:\Program Files (x86)\My Program
2016-12-08 19:48 - 2016-11-06 23:07 - 00045902 _____ C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
2016-12-08 17:59 - 2016-12-08 17:59 - 00000000 ____D C:\Program Files\EaseUS
2016-12-08 16:48 - 2016-12-15 19:27 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-08 16:47 - 2016-12-08 18:10 - 00000000 ____D C:\Users\kik\AppData\Local\Google
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-27 18:44 - 2016-02-12 16:31 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-27 17:43 - 2011-04-12 09:34 - 00671630 _____ C:\Windows\system32\perfh005.dat
2016-12-27 17:43 - 2011-04-12 09:34 - 00142194 _____ C:\Windows\system32\perfc005.dat
2016-12-27 17:43 - 2009-07-14 06:13 - 01590786 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-27 17:43 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-27 17:43 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-27 17:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-27 17:42 - 2016-04-07 20:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-27 17:41 - 2016-03-17 20:47 - 00000000 ____D C:\Users\kik\AppData\Roaming\Seznam.cz
2016-12-27 17:37 - 2016-11-15 19:49 - 00000000 ____D C:\Users\kik\AppData\LocalLow\Mozilla
2016-12-27 17:37 - 2016-04-03 20:15 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-27 17:36 - 2016-02-12 16:14 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-27 17:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-27 08:40 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-12-27 00:02 - 2016-03-13 18:34 - 00000000 ____D C:\Users\kik\AppData\Roaming\vlc
2016-12-23 12:09 - 2016-03-13 18:33 - 00371200 _____ C:\Users\kik\Desktop\účet 2009.xls
2016-12-22 21:35 - 2016-03-14 18:46 - 00000000 ____D C:\Users\kik\AppData\Roaming\DAEMON Tools Lite
2016-12-22 21:32 - 2016-02-12 14:31 - 00000000 ____D C:\Windows\Panther
2016-12-22 21:32 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-12-18 14:43 - 2016-02-12 16:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-18 09:08 - 2016-06-28 18:04 - 00000000 ____D C:\Users\kik\AppData\Local\ElevatedDiagnostics
2016-12-18 09:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-17 16:20 - 2016-02-12 15:09 - 00000000 ____D C:\Users\kik
2016-12-16 21:27 - 2016-05-11 18:21 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933
2016-12-16 21:27 - 2016-04-03 20:15 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-15 19:06 - 2016-02-12 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 20:44 - 2016-02-12 16:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 20:44 - 2016-02-12 16:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 20:44 - 2016-02-12 16:31 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 20:44 - 2016-02-12 16:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 20:44 - 2016-02-12 16:31 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 20:14 - 2016-11-15 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-14 19:36 - 2016-04-07 20:11 - 00000000 ____D C:\Users\kik\AppData\Local\Steam
2016-12-14 19:34 - 2016-02-12 16:14 - 00000000 ____D C:\Users\UpdatusUser
2016-12-08 16:48 - 2016-04-03 20:15 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-08 15:28 - 2016-02-12 15:11 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2016-12-07 16:03 - 2016-03-20 18:08 - 00000000 ____D C:\Users\kik\AppData\Roaming\dvdcss
2016-12-07 15:51 - 2016-02-12 15:11 - 00001153 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2016-12-07 15:51 - 2016-02-12 15:11 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-11-27 11:28 - 2016-03-13 18:33 - 00010263 _____ C:\Users\kik\Desktop\p z k.xlsx
==================== Files in the root of some directories =======
2016-12-08 19:48 - 2016-11-06 23:07 - 0045902 _____ () C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
2016-10-11 19:18 - 2016-10-21 14:58 - 0004608 _____ () C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Users\kik\AppData\Local\Temp\libeay32.dll
C:\Users\kik\AppData\Local\Temp\msvcr120.dll
C:\Users\kik\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-24 13:12
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by kik (27-12-2016 19:13:05)
Running from C:\Users\kik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-12 14:09:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3848322618-442018629-1780355425-500 - Administrator - Disabled)
Guest (S-1-5-21-3848322618-442018629-1780355425-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3848322618-442018629-1780355425-1003 - Limited - Enabled)
kik (S-1-5-21-3848322618-442018629-1780355425-1000 - Administrator - Enabled) => C:\Users\kik
UpdatusUser (S-1-5-21-3848322618-442018629-1780355425-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.6.3.0 - Asmedia Technology)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0013 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
ESET Smart Security (HKLM\...\{B7DE9695-00B8-4935-97B5-A2CBFBA6A3F8}) (Version: 9.0.376.1 - ESET, spol. s r.o.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 cs)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
My Program version 1.5 (HKLM-x32\...\{11C0B447-2D00-4891-B686-367E63EDAC63}_is1) (Version: 1.5 - My Company, Inc.)
NVIDIA Ovladač 3D Vision 268.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 268.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.74 - NVIDIA Corporation)
Ovládací panel NVIDIA 268.74 (Version: 268.74 - NVIDIA Corporation) Hidden
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM\...\Steam App 4500) (Version: - GSC Game World)
Seznam Software (HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\SeznamInstall) (Version: - Seznam.cz)
Seznam Software (HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\SeznamInstall) (Version: - Seznam.cz)
Slideshow Creator (HKLM-x32\...\{4E1A63B1-F547-4CFC-91F7-F32F1A6BF430}_is1) (Version: 1.4 - Bolide Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {062E3D81-37CB-4AFC-9099-B80101F17491} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {07B27044-6E8C-4717-AF7E-AA85B45144A7} - System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {093C71EA-A147-43C0-A495-B11A3ED46C4B} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {0BB7DBA3-E1EC-4BEC-9E22-75A6D3372D94} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {0EFF2C3E-02A6-42C2-BF76-2593DE06D45D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {14631C8D-B636-4F9F-B71B-5B5013F67550} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {155A9281-C6A6-4770-B36A-05E50ED05FED} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1D25DFBE-1A92-4F17-ADFC-EE604932C50F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {25EEE18A-5CC8-4EAC-8B36-BB9BF7A40451} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {2AFE5FE1-554E-475E-A609-43071913EA90} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B9A048B-F9C6-45BD-A1D5-275FA63DA658} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {2ED7D93E-3C84-475F-9EEB-5CB1493D7BDE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {2FCAAC55-5239-4831-A3EF-70138DB15331} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {30CA994A-4AD5-4489-A314-B5D8D5EA5D04} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {40998701-8693-45F4-B716-32B7B2CB32C9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {5D8783EB-A2F8-491E-B1D4-87B2F400412F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {65722CEB-898F-4DB6-8B5C-527959478998} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {85BD1173-8997-422B-BB95-391606F20E12} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {933F48B3-F598-4C79-8FC9-C07BDD85D56B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {9E4B6383-6268-46BE-8C85-DFCF644CF1D4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AA621048-FF7A-4708-A073-42D0BAAA403C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C1360B99-1C98-451C-B579-1852EE81DE84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {C646F5CB-5A97-4EFF-98DB-0F094323308F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C99C02A0-36EA-443E-8A59-5001192B1F75} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {D1A843A6-D4FD-447E-834D-02E721DEEE14} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {D6FDE686-B4E7-4907-87A5-8E9BA9AF0FA0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {EB1E6AEB-6D0C-414C-ABB3-760480EF4204} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {EC4E4B4E-9461-4986-AD96-F82782338039} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F34C6BCF-E242-4E78-8258-EF4F26B847C6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-03-17 20:47 - 2015-05-26 12:35 - 00079872 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\1927libfoxloader-x64.dll
2016-02-12 16:09 - 2011-04-10 10:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-03-13 18:27 - 2014-03-10 22:00 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-09-25 19:44 - 2014-09-25 19:44 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-03-17 20:47 - 2015-05-26 12:38 - 00457384 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2016-03-17 20:47 - 2015-05-26 12:36 - 00073896 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2016-03-17 20:47 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\1927libfoxloader.dll
2016-04-07 20:11 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-07 20:11 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-03-17 20:47 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-12-14 19:35 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-07 20:11 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-12-27 08:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.250.192.1 - 213.250.194.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9B8694DF-571E-4774-A10E-3187262659BC}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6233870B-1DE6-4996-AD8C-3B33B48E8208}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{A2C55146-019D-4270-A981-8B6B18CADBF9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41152431-5129-4833-9856-3BE0620A7B20}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BEC1CD2-BE0B-43DB-ABDC-AC4DCFE8BD31}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C207833-534B-43BD-B9FD-BD106979C909}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{32CBE80F-D2BD-4279-82FC-E8D8B0C8B55F}] => C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{6100EFE1-AC24-4E6B-89B0-97FB556C6101}] => C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{0E4A21A3-D0C8-4F45-8C02-C533CBD609B4}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{13B5884B-7313-45E2-B8C3-8B4D97D05F40}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{14DE22E1-9935-44C9-AD6B-C0C3545FDFB5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
09-12-2016 05:11:44 Windows Update
17-12-2016 00:01:20 Naplánovaný kontrolní bod
17-12-2016 05:41:08 Windows Update
18-12-2016 14:43:16 Installed linguatec Voice Reader
25-12-2016 19:21:35 Naplánovaný kontrolní bod
27-12-2016 08:29:47 ComboFix created restore point
27-12-2016 12:09:54 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/27/2016 05:36:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (12/27/2016 05:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 05:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 05:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 04:12:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80004005).
Error: (12/27/2016 12:13:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0
Error: (12/27/2016 12:08:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (12/27/2016 07:07:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 07:06:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 05:58:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 05:58:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (12/27/2016 05:58:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
CodeIntegrity:
===================================
Date: 2016-12-27 09:29:41.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:41.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:41.293
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:41.246
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-12-27 08:35:04.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-27 08:35:04.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-26 09:03:55.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8102.06 MB
Available physical RAM: 5867.03 MB
Total Virtual: 16202.32 MB
Available Virtual: 13778.22 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.47 GB) (Free:186.05 GB) NTFS
Drive d: () (Fixed) (Total:146.39 GB) (Free:62.37 GB) NTFS
Drive e: (Nový svazek) (Fixed) (Total:319.27 GB) (Free:4.62 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 9152EE0C)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9A8E8901)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalý NTB, eset neustale odstranuje trojany
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
C:\Windows\AutoKMS.exe
HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2016-02-12] ()
HKLM\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKLM\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: {67d556a0-affd-11e6-ba41-ac72891e4f5a} - G:\Startme.exe
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs [2016-11-06] ()
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\kik\AppData\Local\Temp
Task: {65722CEB-898F-4DB6-8B5C-527959478998} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
EmptyTemp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pomalý NTB, eset neustale odstranuje trojany
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by kik (27-12-2016 20:11:45) Run:1
Running from C:\Users\kik\Desktop
Loaded Profiles: kik & UpdatusUser (Available Profiles: kik & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
C:\Windows\AutoKMS.exe
HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2016-02-12] ()
HKLM\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKLM\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: {67d556a0-affd-11e6-ba41-ac72891e4f5a} - G:\Startme.exe
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs [2016-11-06] ()
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\kik\AppData\Local\Temp
Task: {65722CEB-898F-4DB6-8B5C-527959478998} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
EmptyTemp
End
*****************
C:\Windows\AutoKMS.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EaseUS Data Recovery Wizard Technician 10 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
"HKU\S-1-5-21-3848322618-442018629-1780355425-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-3848322618-442018629-1780355425-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67d556a0-affd-11e6-ba41-ac72891e4f5a}" => key removed successfully
HKCR\CLSID\{67d556a0-affd-11e6-ba41-ac72891e4f5a} => key not found.
C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen => not found.
C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value removed successfully
"HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}" => key removed successfully
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value removed successfully
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933 => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
Could not move "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs" => Scheduled to move on reboot.
C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\kik\AppData\Local\Temp" folder move:
Could not move "C:\Users\kik\AppData\Local\Temp" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65722CEB-898F-4DB6-8B5C-527959478998}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65722CEB-898F-4DB6-8B5C-527959478998}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => not found.
EmptyTemp => Error: No automatic fix found for this entry.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-12-2016 20:13:10)
C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs => Is moved successfully
C:\Users\kik\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:13:10 ====
Ran by kik (27-12-2016 20:11:45) Run:1
Running from C:\Users\kik\Desktop
Loaded Profiles: kik & UpdatusUser (Available Profiles: kik & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
C:\Windows\AutoKMS.exe
HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2016-02-12] ()
HKLM\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKLM\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: {67d556a0-affd-11e6-ba41-ac72891e4f5a} - G:\Startme.exe
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs [2016-11-06] ()
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\kik\AppData\Local\Temp
Task: {65722CEB-898F-4DB6-8B5C-527959478998} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
EmptyTemp
End
*****************
C:\Windows\AutoKMS.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EaseUS Data Recovery Wizard Technician 10 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
"HKU\S-1-5-21-3848322618-442018629-1780355425-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-3848322618-442018629-1780355425-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67d556a0-affd-11e6-ba41-ac72891e4f5a}" => key removed successfully
HKCR\CLSID\{67d556a0-affd-11e6-ba41-ac72891e4f5a} => key not found.
C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen => not found.
C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value removed successfully
"HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}" => key removed successfully
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value removed successfully
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933 => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
Could not move "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs" => Scheduled to move on reboot.
C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\kik\AppData\Local\Temp" folder move:
Could not move "C:\Users\kik\AppData\Local\Temp" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65722CEB-898F-4DB6-8B5C-527959478998}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65722CEB-898F-4DB6-8B5C-527959478998}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => not found.
EmptyTemp => Error: No automatic fix found for this entry.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-12-2016 20:13:10)
C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs => Is moved successfully
C:\Users\kik\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:13:10 ====
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalý NTB, eset neustale odstranuje trojany
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pomalý NTB, eset neustale odstranuje trojany
Už to zase valí jako dříve, a zdá se že to nemusí blokovat tu stránku. Děkuju moc a hezký svátky
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pomalý NTB, eset neustale odstranuje trojany
Šťastný nový rok a nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?