zdravím.
prosím o kontrolu
Logfile of random's system information tool 1.14 (written by random/random)
Run by petr at 2017-01-21 02:17:34
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 276 GB (91%) free of 305 GB
Total RAM: 3071 MB (62% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:17:50, on 21.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\petr\Desktop\ProcessExplorer\procexp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Users\petr\Desktop\RSIT.exe
C:\Program Files\trend micro\petr_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: procexp.exe – zástupce.lnk = C:\Users\petr\Desktop\ProcessExplorer\procexp.exe
O4 - Global Startup: procexp.exe – zástupce.lnk = C:\Users\petr\Desktop\ProcessExplorer\procexp.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{A10A0466-ACFB-458A-B156-AB6FE24A45CE}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED9F409F-9EE5-42E6-92E0-1C2FDFC74B7B}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{A10A0466-ACFB-458A-B156-AB6FE24A45CE}: NameServer = 213.46.172.36,213.46.172.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{A10A0466-ACFB-458A-B156-AB6FE24A45CE}: NameServer = 213.46.172.36,213.46.172.37
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
End of file - 4261 bytes
======Scheduled tasks folder======
C:\Windows\system32\tasks\AIDA64 AutoStart - C:\Users\petr\Downloads\aida64business575\aida64.exe
C:\Windows\system32\tasks\ATKOSD2 - C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\tasks\CreateChoiceProcessTask - C:\Windows\System32\browserchoice.exe /launch
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan - c:\Program Files\Microsoft Security Client\\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges
=========Mozilla firefox=========
ProfilePath - C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\0geiiaaf.default
prefs.js - "browser.startup.homepage" - "seznam"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\0geiiaaf.default\addons.json
S3.Google Translator - extension - s3google@translator
C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\0geiiaaf.default\extensions.json
S3.Google Translator - extension - s3google@translator - C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\0geiiaaf.default\extensions\s3google@translator.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\0geiiaaf.default\pluginreg.dat
Plugin - Google Update - 1.3.32.7 - C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - NVIDIA 3D VISION - 7.17.13.4195 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
Plugin - NVIDIA 3D Vision - 7.17.13.4195 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
Plugin - Silverlight Plug-In - 5.1.50901.0 - c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll
=========Google Chrome=========
C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 0 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 0 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 0 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 0 YouTube 4.2.8
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.12.4
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 0 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 0 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 0 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage: http://www.seznam.cz/
default_search_provider.search_url:
C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2016-07-30 497024]
"ATKOSD2"=C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-07-06 322208]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [2012-07-17 178848]
"HControlUser"=C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1002984]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
procexp.exe – zástupce.lnk - C:\Users\petr\Desktop\ProcessExplorer\procexp.exe
C:\Users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
procexp.exe – zástupce.lnk - C:\Users\petr\Desktop\ProcessExplorer\procexp.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-01-20 04:01:19 ----D---- C:\FRST
2017-01-20 04:00:13 ----D---- C:\Program Files\trend micro
2017-01-20 04:00:12 ----D---- C:\rsit
2017-01-20 02:47:18 ----D---- C:\Program Files\Lavalys
2017-01-20 02:32:19 ----A---- C:\Windows\system32\FNTCACHE.DAT
2017-01-20 02:32:17 ----A---- C:\Windows\ntbtlog.txt
2017-01-13 19:52:55 ----D---- C:\Program Files\Mozilla Firefox
2017-01-13 19:11:47 ----A---- C:\Windows\system32\wdigest.dll
2017-01-13 19:11:47 ----A---- C:\Windows\system32\schannel.dll
2017-01-13 19:11:47 ----A---- C:\Windows\system32\rpcrt4.dll
2017-01-13 19:11:47 ----A---- C:\Windows\system32\ncrypt.dll
2017-01-13 19:11:47 ----A---- C:\Windows\system32\msv1_0.dll
2017-01-13 19:11:47 ----A---- C:\Windows\system32\lsasrv.dll
2017-01-13 19:11:47 ----A---- C:\Windows\system32\kerberos.dll
2017-01-13 19:11:47 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-01-13 19:11:47 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-01-13 19:11:47 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-01-13 19:11:47 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-01-13 19:11:46 ----A---- C:\Windows\system32\TSpkg.dll
2017-01-13 19:11:46 ----A---- C:\Windows\system32\sspisrv.dll
2017-01-13 19:11:46 ----A---- C:\Windows\system32\sspicli.dll
2017-01-13 19:11:46 ----A---- C:\Windows\system32\secur32.dll
2017-01-13 19:11:46 ----A---- C:\Windows\system32\rpchttp.dll
2017-01-13 19:11:46 ----A---- C:\Windows\system32\msaudite.dll
2017-01-13 19:11:46 ----A---- C:\Windows\system32\lsass.exe
2017-01-13 19:11:46 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-01-13 19:11:46 ----A---- C:\Windows\system32\cryptbase.dll
2017-01-13 19:11:46 ----A---- C:\Windows\system32\credssp.dll
2017-01-13 19:11:46 ----A---- C:\Windows\system32\bcrypt.dll
2017-01-13 19:11:46 ----A---- C:\Windows\system32\auditpol.exe
2017-01-13 19:11:46 ----A---- C:\Windows\system32\adtschema.dll
2017-01-13 19:11:45 ----A---- C:\Windows\system32\msobjs.dll
======List of files/folders modified in the last 1 month======
2017-01-21 02:17:46 ----D---- C:\Windows\Prefetch
2017-01-21 02:17:03 ----D---- C:\Windows
2017-01-21 02:16:42 ----D---- C:\Windows\system32\config
2017-01-21 02:15:38 ----D---- C:\Windows\inf
2017-01-21 02:15:18 ----D---- C:\Windows\Temp
2017-01-21 02:13:54 ----D---- C:\Windows\system32\drivers
2017-01-21 02:13:31 ----D---- C:\ProgramData\NVIDIA
2017-01-20 05:36:21 ----D---- C:\Windows\System32
2017-01-20 05:36:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-20 04:00:13 ----RD---- C:\Program Files
2017-01-19 23:25:58 ----D---- C:\Windows\debug
2017-01-19 04:22:00 ----SHD---- C:\System Volume Information
2017-01-19 02:44:31 ----D---- C:\Windows\winsxs
2017-01-13 21:24:05 ----D---- C:\Windows\system32\cs-CZ
2017-01-13 21:23:07 ----D---- C:\Windows\system32\MRT
2017-01-13 21:21:01 ----AC---- C:\Windows\system32\MRT.exe
2017-01-13 19:34:36 ----D---- C:\Windows\system32\NDF
2017-01-13 19:11:10 ----D---- C:\Windows\system32\catroot2
2017-01-01 17:00:31 ----D---- C:\Windows\system32\Tasks
2016-12-27 18:42:15 ----D---- C:\Windows\Microsoft.NET
2016-12-26 15:50:21 ----RSD---- C:\Windows\assembly
2016-12-26 15:31:03 ----SD---- C:\Users\petr\AppData\Roaming\Microsoft
2016-12-23 19:31:07 ----D---- C:\Windows\system32\en-US
2016-12-23 19:31:07 ----D---- C:\Program Files\Internet Explorer
2016-12-23 19:31:04 ----D---- C:\Windows\system32\Boot
2016-12-23 19:21:53 ----SHD---- C:\Windows\Installer
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 252808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2015-09-15 173400]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2015-09-15 48640]
R3 acpials;Filtr zařízení ALS Sensor; C:\Windows\system32\DRIVERS\acpials.sys [2009-07-14 7680]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2016-07-30 87040]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2016-07-30 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2016-07-30 14392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 105696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2016-01-29 162592]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2011-06-27 2191872]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2015-09-15 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2015-09-15 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2015-09-15 60416]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Users\petr\AppData\Local\Temp\EverestDriver.sys [2010-03-31 27760]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 stornvme;stornvme; C:\Windows\system32\drivers\stornvme.sys [2015-09-15 41408]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2012-07-23 105120]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 103696]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-01-29 678968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-01-29 426040]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 280864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-28 153752]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-28 153752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 102912]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-09-15 1343400]
S3 WiaRpc;@%SystemRoot%\system32\wiarpc.dll,-2; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\wiarpc.dll
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2016-11-29 45752]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
log frst:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2017
Ran by petr (administrator) on PETR-PC (21-01-2017 03:17:46)
Running from C:\Users\petr\Desktop
Loaded Profiles: petr (Available Profiles: petr)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sysinternals - www.sysinternals.com) C:\Users\petr\Desktop\ProcessExplorer\procexp.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> WmiPrvSE.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(forum.viry.cz) C:\Users\petr\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> WmiPrvSE.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [497024 2016-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-07-06] (ASUSTek Computer Inc.)
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe – zástupce.lnk [2017-01-20]
ShortcutTarget: procexp.exe – zástupce.lnk -> C:\Users\petr\Desktop\ProcessExplorer\procexp.exe (Sysinternals - www.sysinternals.com)
Startup: C:\Users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe – zástupce.lnk [2017-01-20]
ShortcutTarget: procexp.exe – zástupce.lnk -> C:\Users\petr\Desktop\ProcessExplorer\procexp.exe (Sysinternals - www.sysinternals.com)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{A10A0466-ACFB-458A-B156-AB6FE24A45CE}: [NameServer] 213.46.172.36,213.46.172.37
Tcpip\..\Interfaces\{ED9F409F-9EE5-42E6-92E0-1C2FDFC74B7B}: [NameServer] 213.46.172.36,213.46.172.37
Internet Explorer:
==================
HKU\S-1-5-21-3582335038-925611730-3776170925-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
FireFox:
========
FF DefaultProfile: 0geiiaaf.default
FF ProfilePath: C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\0geiiaaf.default [2017-01-20]
FF Homepage: Mozilla\Firefox\Profiles\0geiiaaf.default -> seznam
FF Extension: (S3.Google Translator) - C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\0geiiaaf.default\Extensions\s3google@translator.xpi [2016-12-23]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default [2017-01-21]
CHR Extension: (Prezentace Google) - C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-28]
CHR Extension: (Dokumenty Google) - C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-28]
CHR Extension: (Disk Google) - C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-28]
CHR Extension: (YouTube) - C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-28]
CHR Extension: (Adblock Plus) - C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-03]
CHR Extension: (Tabulky Google) - C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-28]
CHR Extension: (Chrome Media Router) - C:\Users\petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
CHR Profile: C:\Users\petr\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-19]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [105120 2012-07-23] (ASUSTek Computer Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-09-15] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [87040 2016-07-30] (ELAN Microelectronic Corp.)
S3 EverestDriver; C:\Users\petr\AppData\Local\Temp\EverestDriver.sys [27760 2010-03-31] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2016-07-30] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2016-07-30] (ASUS)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-21 03:17 - 2017-01-21 03:17 - 00009627 _____ C:\Users\petr\Desktop\FRST.txt
2017-01-20 04:01 - 2017-01-21 03:14 - 00000000 ____D C:\FRST
2017-01-20 04:00 - 2017-01-21 02:59 - 00000000 ____D C:\Program Files\trend micro
2017-01-20 04:00 - 2017-01-20 04:00 - 00000000 ____D C:\rsit
2017-01-20 03:45 - 2017-01-20 03:46 - 00688992 _____ (Swearware) C:\Users\petr\Desktop\dds.exe
2017-01-20 03:44 - 2017-01-20 03:44 - 01201664 _____ C:\Users\petr\Desktop\RSIT.exe
2017-01-20 03:41 - 2017-01-20 03:41 - 00112640 _____ (forum.viry.cz) C:\Users\petr\Desktop\FRSTLauncher.exe
2017-01-20 03:38 - 2017-01-20 03:38 - 01761792 _____ (Farbar) C:\Users\petr\Downloads\FRST (2).exe
2017-01-20 03:35 - 2017-01-20 03:35 - 01761792 _____ (Farbar) C:\Users\petr\Downloads\FRST (1).exe
2017-01-20 03:25 - 2017-01-20 03:25 - 01761792 _____ (Farbar) C:\Users\petr\Desktop\FRST.exe
2017-01-20 02:47 - 2017-01-20 02:47 - 00001096 _____ C:\Users\petr\Desktop\EVEREST Ultimate Edition.lnk
2017-01-20 02:47 - 2017-01-20 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
2017-01-20 02:47 - 2017-01-20 02:47 - 00000000 ____D C:\Program Files\Lavalys
2017-01-20 02:32 - 2017-01-20 03:53 - 00244850 _____ C:\Windows\ntbtlog.txt
2017-01-20 02:32 - 2017-01-20 02:32 - 00269360 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-20 02:20 - 2017-01-20 02:20 - 00058128 _____ C:\Users\petr\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-19 23:16 - 2017-01-19 23:16 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-19 23:15 - 2017-01-19 23:15 - 08813488 _____ (Piriform Ltd) C:\Users\petr\Downloads\ccsetup526.exe
2017-01-13 21:17 - 2017-01-13 21:17 - 00000000 ____D C:\Users\petr\Documents\Security
2017-01-13 20:58 - 2017-01-13 20:58 - 00072552 _____ C:\Users\petr\Desktop\-lkkkkkkkkkkkkkkkkk.xml
2017-01-13 19:53 - 2017-01-20 03:22 - 00000000 ____D C:\Users\petr\AppData\LocalLow\Mozilla
2017-01-13 19:52 - 2017-01-19 02:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-13 19:47 - 2017-01-13 19:47 - 01118208 _____ C:\Users\petr\Downloads\E564D0DF-779C-40A2-9CEE-7A2980AD6ADB.Diagnose.0.evtx
2017-01-13 19:44 - 2017-01-13 19:44 - 01118208 _____ C:\Users\petr\Downloads\CB8980FD-F42B-457B-9A6A-BED20CB0B7E7.Diagnose.0.evtx
2017-01-13 19:34 - 2017-01-13 19:29 - 00262144 _____ C:\Users\petr\Downloads\CB8980FD-F42B-457B-9A6A-BED20CB0B7E7.Diagnose.0.etl
2017-01-13 19:18 - 2017-01-13 19:12 - 00196608 _____ C:\Users\petr\Downloads\E564D0DF-779C-40A2-9CEE-7A2980AD6ADB.Diagnose.0.etl
2017-01-13 19:15 - 2017-01-13 19:16 - 00000000 ____D C:\Users\petr\Desktop\Nová složka
2017-01-13 19:15 - 2017-01-13 19:15 - 00000000 ____D C:\Users\petr\Nová složka
2017-01-13 19:11 - 2017-01-05 18:46 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-13 19:11 - 2017-01-05 18:46 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-13 19:11 - 2017-01-05 18:43 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-13 19:11 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-13 19:11 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-13 19:11 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-13 19:11 - 2017-01-05 18:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-13 19:11 - 2017-01-05 18:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-13 19:11 - 2017-01-05 18:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-13 19:11 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-13 19:11 - 2017-01-05 18:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-13 19:11 - 2017-01-05 18:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-26 15:29 - 2016-12-26 15:29 - 02520576 _____ C:\Users\petr\Downloads\stoma_vyrobky_od2q2016.doc
2016-12-26 15:13 - 2016-12-26 15:13 - 00156672 _____ C:\Users\petr\Downloads\vzor_2_-_Nájemní_smlouva_na_byt.doc
2016-12-25 20:55 - 2016-12-25 20:55 - 01504571 _____ C:\Users\petr\Downloads\LÉKY_DTB.pdf
2016-12-23 19:55 - 2016-12-23 19:55 - 00774606 _____ C:\Users\petr\Downloads\BPTX_2013_2_11230_0_387774_0_148770.pdf
2016-12-23 19:55 - 2016-12-23 19:55 - 00774606 _____ C:\Users\petr\Downloads\BPTX_2013_2_11230_0_387774_0_148770 (1).pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-21 02:21 - 2009-07-14 05:34 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-21 02:21 - 2009-07-14 05:34 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-21 02:18 - 2011-04-12 02:37 - 00613068 _____ C:\Windows\system32\perfh005.dat
2017-01-21 02:18 - 2011-04-12 02:37 - 00125034 _____ C:\Windows\system32\perfc005.dat
2017-01-21 02:18 - 2010-11-20 22:01 - 01435858 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-21 02:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-01-21 02:13 - 2016-07-31 00:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-21 02:13 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-13 21:23 - 2016-11-11 11:23 - 00007626 _____ C:\Users\petr\AppData\Local\Resmon.ResmonCfg
2017-01-13 21:23 - 2016-07-31 11:02 - 00000000 ____D C:\Windows\system32\MRT
2017-01-13 21:21 - 2016-07-31 11:02 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-13 19:34 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-01-13 19:15 - 2016-07-30 18:58 - 00000000 ____D C:\Users\petr
2016-12-27 18:42 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-26 15:50 - 2009-07-14 03:37 - 00000000 __RSD C:\Windows\assembly
2016-12-26 15:31 - 2016-07-30 18:58 - 00000000 ___SD C:\Users\petr\AppData\Roaming\Microsoft
2016-12-23 19:33 - 2009-07-14 03:03 - 00197632 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-23 19:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\en-US
2016-12-23 19:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\Boot
2016-12-23 19:31 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-23 19:21 - 2016-07-30 23:23 - 00000000 __SHD C:\Windows\Installer
2016-12-23 19:14 - 2016-09-28 00:21 - 00000000 ____D C:\Users\petr\AppData\Local\Google
==================== Files in the root of some directories =======
2016-11-11 11:23 - 2017-01-13 21:23 - 0007626 _____ () C:\Users\petr\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-19 03:06
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:297.99 GB) (Free:269.85 GB) NTFS
Available physical RAM: 1942.47 MB
Total physical RAM: 3071.24 MB
Percentage of memory in use: 36%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 97646C29)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\petr\Desktop" je 7 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
notebook -problém
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: notebook -problém
Zdravím!
Nepíšete sice o jaký problém se jedná, ale jestli je NB zpomalen, spusťte tuto utilitu:
Nepíšete sice o jaký problém se jedná, ale jestli je NB zpomalen, spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?