Dobrý den (opět),
jelikož je předchozí téma zamčené, musel jsem založit nové. Psal jsem kvůli té změně data a času po restartu. Ještě jsem vypozoroval, že po jeho aktualizování z internetu setrvá správně a změní se třeba jen po vypnutí Chrome. Stále si myslíte, že je to baterií na motherboardu? Chci zvážit všechny možnosti, než budu rozdělávat laptop.
Děkuji za odpověď
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Změna data podruhé
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Změna data podruhé
Tak pokud se to změní po vypnutí laptopu, je to velmi pravděpodobné. Nicméně pro klid svědomí můžeme PC vyčistit. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Změna data podruhé
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 (ATTENTION: ====> FRSTversion is 32 days old and could be outdated)
Ran by Beďa (administrator) on BEĎACOMP (16-04-2017 12:10:22)
Running from C:\Users\Beďa\Desktop
Loaded Profiles: Beďa (Available Profiles: Beďa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ClanServers Hosting LLC) D:\GameTracker\GSInGameService.exe
(Firebird Project) D:\krosplus\Firebird\FBbin\fbserver.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wargaming.net) D:\World_of_Tanks\WargamingGameUpdater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Hotkey OSD Driver\HotKeyOSD.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [3768832 2009-12-14] (Sentelic Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8123936 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [SideBar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2017-03-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-05] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [HotKeyOSD] => C:\Program Files (x86)\Hotkey OSD Driver\HotKeyOSD.exe [232528 2010-01-18] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [World of Tanks] => D:\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-05-24]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{42914222-8196-45D0-AB4A-C1A0142A4993}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{C1FB6535-D3F9-4D72-9942-90D47C25CAF2}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {01038D8C-7BBB-477B-B522-D7C07A9DB3AF} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {2F9F575F-55DD-46DE-B1AF-DB28B75B0584} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {3C83951A-9153-47CC-AB47-51DDBB6E2A43} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {43A82CA5-683B-48C9-BF49-91A2BA04BA89} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {4D12145F-0FD1-4DE9-862E-BB2FE76ADCA4} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {51ECF79D-55D7-4682-850E-259BC54AD054} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {7B890224-634B-4EF9-946E-D2008B72AE24} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {BF24092B-4DEE-4CE4-B44F-56D3097FAF26} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {DE173B1A-3D3A-454B-B524-0552FF9FCF94} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: No Name -> {82A76710-4F98-4957-92BE-99648A4E2475} -> No File
BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\STATISTICA 12 Trial verze\Support\StaBHO.dll [2013-04-02] (StatSoft, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\java\bin\ssv.dll [2015-12-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO-x32: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\STATISTICA 12 Trial verze\StaBHO.dll [2013-04-02] (StatSoft, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\java\bin\jp2ssv.dll [2015-12-04] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: px9tlgkc.default
FF ProfilePath: C:\Users\Beďa\AppData\Roaming\Mozilla\Firefox\Profiles\px9tlgkc.default [2017-04-16]
FF Homepage: Mozilla\Firefox\Profiles\px9tlgkc.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\px9tlgkc.default -> is enabled.
FF Extension: (Seznam lištička) - C:\Users\Beďa\AppData\Roaming\Mozilla\Firefox\Profiles\px9tlgkc.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-02-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-03]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-25] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: PDF Architect 4 -> C:\Program Files\PDF Architect 4\np-previewer.dll [2016-01-15] (pdfforge GmbH)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> D:\java\bin\dtplugin\npDeployJava1.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> D:\java\bin\plugin2\npjp2.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default [2017-04-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ArcGIS License Manager; D:\ArcGIS\License10.0\bin\lmgrd.exe [1377104 2010-07-12] (Flexera Software, Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-05] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2015-12-05] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 GS In-Game Service; D:\GameTracker\GSInGameService.exe [1677080 2013-12-19] (ClanServers Hosting LLC)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KrosPlusFireBird; D:\krosplus\Firebird\FBbin\fbserver.exe [3784704 2015-07-08] (Firebird Project) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-05] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-12-11] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-08] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-12-11] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [36904 2016-04-25] (Feitian Technologies Co., Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-17] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-16 12:10 - 2017-04-16 12:11 - 00023376 _____ C:\Users\Beďa\Desktop\FRST.txt
2017-04-16 12:08 - 2017-04-16 12:10 - 00000000 ____D C:\FRST
2017-04-16 12:07 - 2017-04-16 12:07 - 02424832 _____ (Farbar) C:\Users\Beďa\Desktop\FRST64.exe
2017-04-16 12:07 - 2017-04-16 12:07 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-15 18:05 - 2017-04-15 18:05 - 01579443 _____ C:\Users\Beďa\Desktop\nb-q1585-manual-en-v1.0.pdf
2017-04-15 07:59 - 2017-04-15 08:00 - 00000000 ____D C:\rsit
2017-04-15 07:59 - 2017-04-15 07:59 - 01329152 _____ C:\Users\Beďa\Desktop\RSITx64.exe
2017-04-15 07:59 - 2017-04-15 07:59 - 00000000 ____D C:\Program Files\trend micro
2017-04-15 07:40 - 2017-04-15 07:40 - 00022216 _____ C:\ComboFix.txt
2017-04-15 07:30 - 2017-04-15 07:31 - 00000489 _____ C:\Users\Beďa\Desktop\CFScript.txt
2017-04-15 07:17 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-15 07:17 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-15 07:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-15 07:15 - 2017-04-15 07:40 - 00000000 ____D C:\Qoobox
2017-04-15 07:15 - 2017-04-15 07:27 - 00000000 ____D C:\Windows\erdnt
2017-04-15 07:14 - 2017-04-15 07:14 - 05659546 ____R (Swearware) C:\Users\Beďa\Desktop\ComboFix.exe
2017-04-15 07:08 - 2017-04-15 07:08 - 00000000 ____D C:\_OTM
2017-04-15 07:07 - 2017-04-15 07:07 - 00522240 _____ (OldTimer Tools) C:\Users\Beďa\Desktop\OTM.exe
2017-04-15 07:01 - 2017-04-15 07:02 - 00000000 ____D C:\Users\Beďa\Desktop\backups
2017-04-14 12:36 - 2017-04-14 13:30 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2017-04-14 12:34 - 2006-02-03 22:51 - 12277672 _____ (Electronic Arts Inc.) C:\Users\Beďa\Desktop\game.dat
2017-04-14 12:34 - 2006-01-26 23:26 - 00495616 _____ C:\Users\Beďa\Desktop\lotrbfme2.exe
2017-04-14 09:07 - 2017-04-14 09:07 - 00000793 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
2017-04-14 09:07 - 2017-04-14 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-04-14 07:36 - 2017-04-14 07:36 - 09376918 _____ C:\Users\Beďa\Desktop\zaprednice-jedovata-opravdu-nejjedovatejsi-pavouk.pdf
2017-04-11 19:49 - 2017-04-11 19:49 - 00389914 _____ C:\Users\Beďa\Desktop\inzerat_specialista_lesni_vyroba_2017-02-08.pdf
2017-04-11 12:52 - 2017-04-11 12:52 - 00000000 ____D C:\ProgramData\BANDISOFT
2017-04-11 10:26 - 2017-04-11 10:26 - 00078873 _____ C:\Users\Beďa\Desktop\guidecz.pdf
2017-04-11 10:07 - 2017-04-11 10:07 - 00043144 _____ C:\Users\Beďa\Desktop\citacebakmag.pdf
2017-04-11 09:49 - 2017-04-11 09:49 - 01189299 _____ C:\Users\Beďa\Desktop\CSN-ISO-690.pdf
2017-04-09 12:43 - 2017-04-09 12:43 - 01276929 _____ C:\Users\Beďa\Desktop\zpradat6.pdf
2017-04-09 09:23 - 2017-04-09 09:23 - 00207205 _____ C:\Users\Beďa\Desktop\4ametody.pdf
2017-04-09 09:22 - 2017-04-09 09:22 - 01607577 _____ C:\Users\Beďa\Desktop\VSM-01.pdf
2017-04-08 19:48 - 2017-04-08 19:48 - 00000000 ____D C:\Users\Beďa\AppData\Local\WB Games
2017-04-08 19:40 - 2017-04-08 19:40 - 00000000 ____D C:\ProgramData\RELOADED
2017-04-08 19:39 - 2017-04-08 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snowblind Studios
2017-04-06 19:35 - 2017-04-06 19:35 - 00000000 ____D C:\Users\Beďa\AppData\Local\GHISLER
2017-04-06 18:45 - 2017-04-08 09:57 - 00009756 _____ C:\Users\Beďa\Desktop\JednorozmEll.xlsx
2017-04-06 18:44 - 2017-04-06 18:44 - 00009804 _____ C:\Users\Beďa\Desktop\ell_HSD.xlsx
2017-04-06 16:18 - 2017-04-06 16:18 - 00953973 _____ C:\Users\Beďa\Desktop\2013_07_02_StatSoft_Moznosti_vlastnich_grafickych_stylu.pdf
2017-04-06 15:35 - 2017-04-06 15:35 - 00749555 _____ C:\Users\Beďa\Desktop\Version9CZ.pdf
2017-04-06 15:04 - 2017-04-06 15:04 - 00009585 _____ C:\Users\Beďa\Desktop\Tukeyův.xlsx
2017-04-05 17:29 - 2017-04-05 17:29 - 02370062 _____ C:\Users\Beďa\Desktop\pravo.rar
2017-04-05 10:29 - 2017-04-11 15:52 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-05 10:29 - 2017-04-05 10:29 - 02156645 _____ C:\Users\Beďa\Desktop\Canoco5_for_Canoco4x_users.pdf
2017-04-05 10:29 - 2017-04-05 10:29 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-05 10:29 - 2017-04-05 10:28 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-05 09:32 - 2017-04-05 09:32 - 03157926 _____ C:\Users\Beďa\Desktop\kvant_ekol2.pdf
2017-04-04 18:24 - 2017-04-04 18:24 - 00000000 _____ C:\Users\Beďa\Desktop\kombinatorika.txt
2017-04-04 04:59 - 2017-04-11 13:33 - 00000000 ____D C:\Users\Beďa\Desktop\nastroje_pro_rozhod_v_LH
2017-04-03 07:55 - 2017-04-03 07:55 - 00340167 _____ C:\Users\Beďa\Desktop\post-507968640-0-04380700-1487947537.zip
2017-03-29 15:33 - 2017-03-29 15:33 - 00627765 _____ C:\Users\Beďa\Desktop\print.pdf
2017-03-28 16:40 - 2017-03-28 16:40 - 01370849 _____ C:\Users\Beďa\Desktop\mnohorozmene_analyzy.pdf
2017-03-27 17:27 - 2017-03-27 17:27 - 00817171 _____ C:\Users\Beďa\Desktop\diplomova_prace_ed.pdf
2017-03-27 08:48 - 2017-03-27 08:48 - 01969557 _____ C:\Users\Beďa\Desktop\71_statistika4.pdf
2017-03-26 14:29 - 2017-03-26 14:29 - 00665659 _____ C:\Users\Beďa\Desktop\diplomka.pdf
2017-03-23 14:42 - 2017-03-23 14:42 - 00000000 ____D C:\Users\Beďa\Documents\My Cheat Tables
2017-03-20 10:59 - 2017-03-20 10:59 - 00000000 ____D C:\Users\Beďa\AppData\Local\StatSoft
2017-03-20 10:45 - 2017-03-20 10:45 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\StatSoft
2017-03-18 14:34 - 2017-03-18 14:34 - 01117104 _____ C:\Users\Beďa\Desktop\LP_4_2013.pdf
2017-03-18 14:28 - 2017-03-18 14:28 - 05500615 _____ C:\Users\Beďa\Desktop\Fytocenologicky_vyzkum.pdf
2017-03-18 14:26 - 2017-03-18 14:26 - 00902089 _____ C:\Users\Beďa\Desktop\Ellenberg_kv_olsiny.pdf
2017-03-18 00:36 - 2017-03-18 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STATISTICA 12 Trial verze
2017-03-18 00:36 - 2017-03-18 00:36 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Softland
2017-03-18 00:36 - 2017-03-18 00:36 - 00000000 ____D C:\ProgramData\StatSoft
2017-03-18 00:36 - 2010-02-05 15:00 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-03-17 21:17 - 2017-04-16 12:10 - 00133410 _____ C:\Windows\ZAM.krnl.trace
2017-03-17 21:17 - 2017-04-16 12:10 - 00109886 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-17 21:17 - 2017-03-17 21:17 - 14504384 _____ (Copyright 2017.) C:\Users\Beďa\Desktop\Zemana.AntiMalware.Portable.exe
2017-03-17 21:17 - 2017-03-17 21:17 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-17 21:17 - 2017-03-17 21:17 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-17 21:17 - 2017-03-17 21:17 - 00000000 ____D C:\Users\Beďa\AppData\Local\Zemana
2017-03-17 17:24 - 2017-03-29 21:31 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-17 17:23 - 2017-04-13 06:12 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-17 17:23 - 2017-04-13 06:12 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-17 11:25 - 2017-03-18 10:54 - 00000000 ____D C:\Users\Beďa\AppData\LocalLow\Mozilla
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-07-06 00:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\drivers
2017-04-15 07:57 - 2017-02-28 11:37 - 00000070 _____ C:\Users\Beďa\Documents\nnerv.txt
2017-04-15 07:39 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2017-04-15 06:50 - 2015-12-03 17:32 - 00000000 ____D C:\Users\Beďa
2017-04-13 20:59 - 2015-12-08 08:29 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\vlc
2017-04-13 18:38 - 2015-12-03 23:24 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-04-13 14:43 - 2015-12-05 12:29 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Skype
2017-04-10 11:38 - 2017-02-20 13:07 - 00000000 ____D C:\Users\Beďa\Desktop\pravo
2017-04-08 22:13 - 2015-12-05 20:34 - 00000000 ____D C:\Users\Beďa\.gimp-2.8
2017-04-08 18:45 - 2016-02-08 00:25 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\DAEMON Tools Lite
2017-04-07 11:56 - 2016-11-16 14:25 - 00000000 ____D C:\Users\Beďa\Desktop\ANJ_C1
2017-04-06 19:29 - 2016-01-20 11:27 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\RStudio
2017-04-06 19:29 - 2016-01-20 11:26 - 00000000 ____D C:\Users\Beďa\AppData\Local\RStudio-Desktop
2017-04-06 07:43 - 2015-12-03 17:42 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-05 20:21 - 2017-02-02 09:17 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\discord
2017-04-05 20:20 - 2016-02-09 21:13 - 00000000 ____D C:\temp
2017-04-05 20:18 - 2016-03-23 10:24 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458721453
2017-04-05 20:15 - 2015-12-03 16:23 - 00304378 ____N C:\Windows\Minidump\040517-78250-01.dmp
2017-04-05 20:15 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-04-05 10:29 - 2015-12-03 18:11 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-05 10:28 - 2016-03-23 10:24 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-05 10:28 - 2015-12-03 18:11 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-03 20:26 - 2015-12-03 16:23 - 00304378 ____N C:\Windows\Minidump\040317-73882-01.dmp
2017-04-03 10:58 - 2016-06-14 07:00 - 00000674 _____ C:\Users\Beďa\Documents\emaily předešlých.TXT
2017-03-29 09:37 - 2016-01-20 11:27 - 00019432 _____ C:\Users\Beďa\Documents\.Rhistory
2017-03-21 21:33 - 2015-12-04 13:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-21 19:23 - 2015-12-04 13:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-03-18 10:47 - 2016-02-24 23:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-18 10:47 - 2016-02-24 23:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-18 10:37 - 2016-02-24 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-17 21:36 - 2017-03-16 06:37 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2017-03-17 21:36 - 2016-08-12 13:02 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Seznam.cz
2017-03-17 17:23 - 2015-12-03 18:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-17 06:20 - 2015-12-03 18:58 - 00000000 ____D C:\Program Files\Google
==================== Files in the root of some directories =======
2017-02-24 07:06 - 2017-02-24 07:06 - 0000870 _____ () C:\Users\Beďa\AppData\Local\recently-used.xbel
2015-12-07 17:51 - 2015-12-07 17:56 - 0007606 _____ () C:\Users\Beďa\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-15 15:35
==================== End of FRST.txt ============================
Ran by Beďa (administrator) on BEĎACOMP (16-04-2017 12:10:22)
Running from C:\Users\Beďa\Desktop
Loaded Profiles: Beďa (Available Profiles: Beďa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ClanServers Hosting LLC) D:\GameTracker\GSInGameService.exe
(Firebird Project) D:\krosplus\Firebird\FBbin\fbserver.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wargaming.net) D:\World_of_Tanks\WargamingGameUpdater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Hotkey OSD Driver\HotKeyOSD.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [3768832 2009-12-14] (Sentelic Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8123936 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [SideBar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2017-03-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-05] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [HotKeyOSD] => C:\Program Files (x86)\Hotkey OSD Driver\HotKeyOSD.exe [232528 2010-01-18] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [World of Tanks] => D:\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-05-24]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{42914222-8196-45D0-AB4A-C1A0142A4993}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{C1FB6535-D3F9-4D72-9942-90D47C25CAF2}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {01038D8C-7BBB-477B-B522-D7C07A9DB3AF} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {2F9F575F-55DD-46DE-B1AF-DB28B75B0584} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {3C83951A-9153-47CC-AB47-51DDBB6E2A43} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {43A82CA5-683B-48C9-BF49-91A2BA04BA89} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {4D12145F-0FD1-4DE9-862E-BB2FE76ADCA4} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {51ECF79D-55D7-4682-850E-259BC54AD054} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {7B890224-634B-4EF9-946E-D2008B72AE24} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {BF24092B-4DEE-4CE4-B44F-56D3097FAF26} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {DE173B1A-3D3A-454B-B524-0552FF9FCF94} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: No Name -> {82A76710-4F98-4957-92BE-99648A4E2475} -> No File
BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\STATISTICA 12 Trial verze\Support\StaBHO.dll [2013-04-02] (StatSoft, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\java\bin\ssv.dll [2015-12-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO-x32: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\STATISTICA 12 Trial verze\StaBHO.dll [2013-04-02] (StatSoft, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\java\bin\jp2ssv.dll [2015-12-04] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: px9tlgkc.default
FF ProfilePath: C:\Users\Beďa\AppData\Roaming\Mozilla\Firefox\Profiles\px9tlgkc.default [2017-04-16]
FF Homepage: Mozilla\Firefox\Profiles\px9tlgkc.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\px9tlgkc.default -> is enabled.
FF Extension: (Seznam lištička) - C:\Users\Beďa\AppData\Roaming\Mozilla\Firefox\Profiles\px9tlgkc.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-02-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-03]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-25] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: PDF Architect 4 -> C:\Program Files\PDF Architect 4\np-previewer.dll [2016-01-15] (pdfforge GmbH)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> D:\java\bin\dtplugin\npDeployJava1.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> D:\java\bin\plugin2\npjp2.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default [2017-04-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ArcGIS License Manager; D:\ArcGIS\License10.0\bin\lmgrd.exe [1377104 2010-07-12] (Flexera Software, Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-05] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2015-12-05] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 GS In-Game Service; D:\GameTracker\GSInGameService.exe [1677080 2013-12-19] (ClanServers Hosting LLC)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KrosPlusFireBird; D:\krosplus\Firebird\FBbin\fbserver.exe [3784704 2015-07-08] (Firebird Project) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-05] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-12-11] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-08] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-12-11] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [36904 2016-04-25] (Feitian Technologies Co., Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-17] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-16 12:10 - 2017-04-16 12:11 - 00023376 _____ C:\Users\Beďa\Desktop\FRST.txt
2017-04-16 12:08 - 2017-04-16 12:10 - 00000000 ____D C:\FRST
2017-04-16 12:07 - 2017-04-16 12:07 - 02424832 _____ (Farbar) C:\Users\Beďa\Desktop\FRST64.exe
2017-04-16 12:07 - 2017-04-16 12:07 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-15 18:05 - 2017-04-15 18:05 - 01579443 _____ C:\Users\Beďa\Desktop\nb-q1585-manual-en-v1.0.pdf
2017-04-15 07:59 - 2017-04-15 08:00 - 00000000 ____D C:\rsit
2017-04-15 07:59 - 2017-04-15 07:59 - 01329152 _____ C:\Users\Beďa\Desktop\RSITx64.exe
2017-04-15 07:59 - 2017-04-15 07:59 - 00000000 ____D C:\Program Files\trend micro
2017-04-15 07:40 - 2017-04-15 07:40 - 00022216 _____ C:\ComboFix.txt
2017-04-15 07:30 - 2017-04-15 07:31 - 00000489 _____ C:\Users\Beďa\Desktop\CFScript.txt
2017-04-15 07:17 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-15 07:17 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-15 07:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-15 07:15 - 2017-04-15 07:40 - 00000000 ____D C:\Qoobox
2017-04-15 07:15 - 2017-04-15 07:27 - 00000000 ____D C:\Windows\erdnt
2017-04-15 07:14 - 2017-04-15 07:14 - 05659546 ____R (Swearware) C:\Users\Beďa\Desktop\ComboFix.exe
2017-04-15 07:08 - 2017-04-15 07:08 - 00000000 ____D C:\_OTM
2017-04-15 07:07 - 2017-04-15 07:07 - 00522240 _____ (OldTimer Tools) C:\Users\Beďa\Desktop\OTM.exe
2017-04-15 07:01 - 2017-04-15 07:02 - 00000000 ____D C:\Users\Beďa\Desktop\backups
2017-04-14 12:36 - 2017-04-14 13:30 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2017-04-14 12:34 - 2006-02-03 22:51 - 12277672 _____ (Electronic Arts Inc.) C:\Users\Beďa\Desktop\game.dat
2017-04-14 12:34 - 2006-01-26 23:26 - 00495616 _____ C:\Users\Beďa\Desktop\lotrbfme2.exe
2017-04-14 09:07 - 2017-04-14 09:07 - 00000793 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
2017-04-14 09:07 - 2017-04-14 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-04-14 07:36 - 2017-04-14 07:36 - 09376918 _____ C:\Users\Beďa\Desktop\zaprednice-jedovata-opravdu-nejjedovatejsi-pavouk.pdf
2017-04-11 19:49 - 2017-04-11 19:49 - 00389914 _____ C:\Users\Beďa\Desktop\inzerat_specialista_lesni_vyroba_2017-02-08.pdf
2017-04-11 12:52 - 2017-04-11 12:52 - 00000000 ____D C:\ProgramData\BANDISOFT
2017-04-11 10:26 - 2017-04-11 10:26 - 00078873 _____ C:\Users\Beďa\Desktop\guidecz.pdf
2017-04-11 10:07 - 2017-04-11 10:07 - 00043144 _____ C:\Users\Beďa\Desktop\citacebakmag.pdf
2017-04-11 09:49 - 2017-04-11 09:49 - 01189299 _____ C:\Users\Beďa\Desktop\CSN-ISO-690.pdf
2017-04-09 12:43 - 2017-04-09 12:43 - 01276929 _____ C:\Users\Beďa\Desktop\zpradat6.pdf
2017-04-09 09:23 - 2017-04-09 09:23 - 00207205 _____ C:\Users\Beďa\Desktop\4ametody.pdf
2017-04-09 09:22 - 2017-04-09 09:22 - 01607577 _____ C:\Users\Beďa\Desktop\VSM-01.pdf
2017-04-08 19:48 - 2017-04-08 19:48 - 00000000 ____D C:\Users\Beďa\AppData\Local\WB Games
2017-04-08 19:40 - 2017-04-08 19:40 - 00000000 ____D C:\ProgramData\RELOADED
2017-04-08 19:39 - 2017-04-08 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snowblind Studios
2017-04-06 19:35 - 2017-04-06 19:35 - 00000000 ____D C:\Users\Beďa\AppData\Local\GHISLER
2017-04-06 18:45 - 2017-04-08 09:57 - 00009756 _____ C:\Users\Beďa\Desktop\JednorozmEll.xlsx
2017-04-06 18:44 - 2017-04-06 18:44 - 00009804 _____ C:\Users\Beďa\Desktop\ell_HSD.xlsx
2017-04-06 16:18 - 2017-04-06 16:18 - 00953973 _____ C:\Users\Beďa\Desktop\2013_07_02_StatSoft_Moznosti_vlastnich_grafickych_stylu.pdf
2017-04-06 15:35 - 2017-04-06 15:35 - 00749555 _____ C:\Users\Beďa\Desktop\Version9CZ.pdf
2017-04-06 15:04 - 2017-04-06 15:04 - 00009585 _____ C:\Users\Beďa\Desktop\Tukeyův.xlsx
2017-04-05 17:29 - 2017-04-05 17:29 - 02370062 _____ C:\Users\Beďa\Desktop\pravo.rar
2017-04-05 10:29 - 2017-04-11 15:52 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-05 10:29 - 2017-04-05 10:29 - 02156645 _____ C:\Users\Beďa\Desktop\Canoco5_for_Canoco4x_users.pdf
2017-04-05 10:29 - 2017-04-05 10:29 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-05 10:29 - 2017-04-05 10:28 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-05 09:32 - 2017-04-05 09:32 - 03157926 _____ C:\Users\Beďa\Desktop\kvant_ekol2.pdf
2017-04-04 18:24 - 2017-04-04 18:24 - 00000000 _____ C:\Users\Beďa\Desktop\kombinatorika.txt
2017-04-04 04:59 - 2017-04-11 13:33 - 00000000 ____D C:\Users\Beďa\Desktop\nastroje_pro_rozhod_v_LH
2017-04-03 07:55 - 2017-04-03 07:55 - 00340167 _____ C:\Users\Beďa\Desktop\post-507968640-0-04380700-1487947537.zip
2017-03-29 15:33 - 2017-03-29 15:33 - 00627765 _____ C:\Users\Beďa\Desktop\print.pdf
2017-03-28 16:40 - 2017-03-28 16:40 - 01370849 _____ C:\Users\Beďa\Desktop\mnohorozmene_analyzy.pdf
2017-03-27 17:27 - 2017-03-27 17:27 - 00817171 _____ C:\Users\Beďa\Desktop\diplomova_prace_ed.pdf
2017-03-27 08:48 - 2017-03-27 08:48 - 01969557 _____ C:\Users\Beďa\Desktop\71_statistika4.pdf
2017-03-26 14:29 - 2017-03-26 14:29 - 00665659 _____ C:\Users\Beďa\Desktop\diplomka.pdf
2017-03-23 14:42 - 2017-03-23 14:42 - 00000000 ____D C:\Users\Beďa\Documents\My Cheat Tables
2017-03-20 10:59 - 2017-03-20 10:59 - 00000000 ____D C:\Users\Beďa\AppData\Local\StatSoft
2017-03-20 10:45 - 2017-03-20 10:45 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\StatSoft
2017-03-18 14:34 - 2017-03-18 14:34 - 01117104 _____ C:\Users\Beďa\Desktop\LP_4_2013.pdf
2017-03-18 14:28 - 2017-03-18 14:28 - 05500615 _____ C:\Users\Beďa\Desktop\Fytocenologicky_vyzkum.pdf
2017-03-18 14:26 - 2017-03-18 14:26 - 00902089 _____ C:\Users\Beďa\Desktop\Ellenberg_kv_olsiny.pdf
2017-03-18 00:36 - 2017-03-18 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STATISTICA 12 Trial verze
2017-03-18 00:36 - 2017-03-18 00:36 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Softland
2017-03-18 00:36 - 2017-03-18 00:36 - 00000000 ____D C:\ProgramData\StatSoft
2017-03-18 00:36 - 2010-02-05 15:00 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-03-17 21:17 - 2017-04-16 12:10 - 00133410 _____ C:\Windows\ZAM.krnl.trace
2017-03-17 21:17 - 2017-04-16 12:10 - 00109886 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-17 21:17 - 2017-03-17 21:17 - 14504384 _____ (Copyright 2017.) C:\Users\Beďa\Desktop\Zemana.AntiMalware.Portable.exe
2017-03-17 21:17 - 2017-03-17 21:17 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-17 21:17 - 2017-03-17 21:17 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-17 21:17 - 2017-03-17 21:17 - 00000000 ____D C:\Users\Beďa\AppData\Local\Zemana
2017-03-17 17:24 - 2017-03-29 21:31 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-17 17:23 - 2017-04-13 06:12 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-17 17:23 - 2017-04-13 06:12 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-17 11:25 - 2017-03-18 10:54 - 00000000 ____D C:\Users\Beďa\AppData\LocalLow\Mozilla
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-07-06 00:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\drivers
2017-04-15 07:57 - 2017-02-28 11:37 - 00000070 _____ C:\Users\Beďa\Documents\nnerv.txt
2017-04-15 07:39 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2017-04-15 06:50 - 2015-12-03 17:32 - 00000000 ____D C:\Users\Beďa
2017-04-13 20:59 - 2015-12-08 08:29 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\vlc
2017-04-13 18:38 - 2015-12-03 23:24 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-04-13 14:43 - 2015-12-05 12:29 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Skype
2017-04-10 11:38 - 2017-02-20 13:07 - 00000000 ____D C:\Users\Beďa\Desktop\pravo
2017-04-08 22:13 - 2015-12-05 20:34 - 00000000 ____D C:\Users\Beďa\.gimp-2.8
2017-04-08 18:45 - 2016-02-08 00:25 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\DAEMON Tools Lite
2017-04-07 11:56 - 2016-11-16 14:25 - 00000000 ____D C:\Users\Beďa\Desktop\ANJ_C1
2017-04-06 19:29 - 2016-01-20 11:27 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\RStudio
2017-04-06 19:29 - 2016-01-20 11:26 - 00000000 ____D C:\Users\Beďa\AppData\Local\RStudio-Desktop
2017-04-06 07:43 - 2015-12-03 17:42 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-05 20:21 - 2017-02-02 09:17 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\discord
2017-04-05 20:20 - 2016-02-09 21:13 - 00000000 ____D C:\temp
2017-04-05 20:18 - 2016-03-23 10:24 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458721453
2017-04-05 20:15 - 2015-12-03 16:23 - 00304378 ____N C:\Windows\Minidump\040517-78250-01.dmp
2017-04-05 20:15 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-04-05 10:29 - 2015-12-03 18:11 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-05 10:28 - 2016-03-23 10:24 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-05 10:28 - 2015-12-03 18:11 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-03 20:26 - 2015-12-03 16:23 - 00304378 ____N C:\Windows\Minidump\040317-73882-01.dmp
2017-04-03 10:58 - 2016-06-14 07:00 - 00000674 _____ C:\Users\Beďa\Documents\emaily předešlých.TXT
2017-03-29 09:37 - 2016-01-20 11:27 - 00019432 _____ C:\Users\Beďa\Documents\.Rhistory
2017-03-21 21:33 - 2015-12-04 13:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-21 19:23 - 2015-12-04 13:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-03-18 10:47 - 2016-02-24 23:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-18 10:47 - 2016-02-24 23:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-18 10:37 - 2016-02-24 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-17 21:36 - 2017-03-16 06:37 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2017-03-17 21:36 - 2016-08-12 13:02 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Seznam.cz
2017-03-17 17:23 - 2015-12-03 18:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-17 06:20 - 2015-12-03 18:58 - 00000000 ____D C:\Program Files\Google
==================== Files in the root of some directories =======
2017-02-24 07:06 - 2017-02-24 07:06 - 0000870 _____ () C:\Users\Beďa\AppData\Local\recently-used.xbel
2015-12-07 17:51 - 2015-12-07 17:56 - 0007606 _____ () C:\Users\Beďa\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-15 15:35
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Změna data podruhé
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Změna data podruhé
# AdwCleaner v6.045 - Log vytvořen 16/04/2017 v 14:08:45
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-03-28.2 [Místní]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Beďa - BEĎACOMP
# Spuštěno z : C:\Users\Beďa\Desktop\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\esriCarto.BGLSharedRasterCache
[-] Klíč smazán: HKLM\SOFTWARE\Classes\esriCarto.BGLSharedRasterCache.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\esriCarto.BGLSharedRasterCache
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\esriCarto.BGLSharedRasterCache.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Klíč smazán: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Reimage
[-] Klíč smazán: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Klíč smazán po restartu: HKCU\Software\Reimage
[#] Klíč smazán po restartu: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Klíč smazán po restartu: [x64] HKCU\Software\Reimage
[#] Klíč smazán po restartu: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Reimage
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2335 Bajty] - [16/04/2017 14:08:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [2730 Bajty] - [16/04/2017 14:08:12]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2481 Bajty] ##########
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-03-28.2 [Místní]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Beďa - BEĎACOMP
# Spuštěno z : C:\Users\Beďa\Desktop\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\esriCarto.BGLSharedRasterCache
[-] Klíč smazán: HKLM\SOFTWARE\Classes\esriCarto.BGLSharedRasterCache.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\esriCarto.BGLSharedRasterCache
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\esriCarto.BGLSharedRasterCache.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Klíč smazán: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Reimage
[-] Klíč smazán: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Klíč smazán po restartu: HKCU\Software\Reimage
[#] Klíč smazán po restartu: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Klíč smazán po restartu: [x64] HKCU\Software\Reimage
[#] Klíč smazán po restartu: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Reimage
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2335 Bajty] - [16/04/2017 14:08:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [2730 Bajty] - [16/04/2017 14:08:12]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2481 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Změna data podruhé
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Změna data podruhé
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 (ATTENTION: ====> FRSTversion is 32 days old and could be outdated)
Ran by Beďa (administrator) on BEĎACOMP (16-04-2017 18:00:31)
Running from C:\Users\Beďa\Desktop
Loaded Profiles: Beďa (Available Profiles: Beďa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ClanServers Hosting LLC) D:\GameTracker\GSInGameService.exe
(Firebird Project) D:\krosplus\Firebird\FBbin\fbserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Wargaming.net) D:\World_of_Tanks\WargamingGameUpdater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Hotkey OSD Driver\HotKeyOSD.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DiscSoftBusService.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [3768832 2009-12-14] (Sentelic Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8123936 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [SideBar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2017-03-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-05] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [HotKeyOSD] => C:\Program Files (x86)\Hotkey OSD Driver\HotKeyOSD.exe [232528 2010-01-18] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [World of Tanks] => D:\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-05-24]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{42914222-8196-45D0-AB4A-C1A0142A4993}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{C1FB6535-D3F9-4D72-9942-90D47C25CAF2}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {01038D8C-7BBB-477B-B522-D7C07A9DB3AF} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {2F9F575F-55DD-46DE-B1AF-DB28B75B0584} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {3C83951A-9153-47CC-AB47-51DDBB6E2A43} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {43A82CA5-683B-48C9-BF49-91A2BA04BA89} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {4D12145F-0FD1-4DE9-862E-BB2FE76ADCA4} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {51ECF79D-55D7-4682-850E-259BC54AD054} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {7B890224-634B-4EF9-946E-D2008B72AE24} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {BF24092B-4DEE-4CE4-B44F-56D3097FAF26} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {DE173B1A-3D3A-454B-B524-0552FF9FCF94} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: No Name -> {82A76710-4F98-4957-92BE-99648A4E2475} -> No File
BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\STATISTICA 12 Trial verze\Support\StaBHO.dll [2013-04-02] (StatSoft, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\java\bin\ssv.dll [2015-12-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO-x32: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\STATISTICA 12 Trial verze\StaBHO.dll [2013-04-02] (StatSoft, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\java\bin\jp2ssv.dll [2015-12-04] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: px9tlgkc.default
FF ProfilePath: C:\Users\Beďa\AppData\Roaming\Mozilla\Firefox\Profiles\px9tlgkc.default [2017-04-16]
FF Homepage: Mozilla\Firefox\Profiles\px9tlgkc.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\px9tlgkc.default -> is enabled.
FF Extension: (Seznam lištička) - C:\Users\Beďa\AppData\Roaming\Mozilla\Firefox\Profiles\px9tlgkc.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-02-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-03]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-25] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: PDF Architect 4 -> C:\Program Files\PDF Architect 4\np-previewer.dll [2016-01-15] (pdfforge GmbH)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> D:\java\bin\dtplugin\npDeployJava1.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> D:\java\bin\plugin2\npjp2.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default [2017-04-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ArcGIS License Manager; D:\ArcGIS\License10.0\bin\lmgrd.exe [1377104 2010-07-12] (Flexera Software, Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-05] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2015-12-05] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 GS In-Game Service; D:\GameTracker\GSInGameService.exe [1677080 2013-12-19] (ClanServers Hosting LLC)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KrosPlusFireBird; D:\krosplus\Firebird\FBbin\fbserver.exe [3784704 2015-07-08] (Firebird Project) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-05] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-12-11] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-08] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-12-11] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [36904 2016-04-25] (Feitian Technologies Co., Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-17] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-16 15:50 - 2017-04-16 15:50 - 00860339 _____ C:\Users\Beďa\Desktop\statistika_prezentace2.pdf
2017-04-16 14:06 - 2017-04-16 14:08 - 00000000 ____D C:\AdwCleaner
2017-04-16 14:06 - 2017-04-16 14:06 - 04089296 _____ C:\Users\Beďa\Desktop\adwcleaner_6.045.exe
2017-04-16 12:11 - 2017-04-16 12:12 - 00039628 _____ C:\Users\Beďa\Desktop\Addition.txt
2017-04-16 12:10 - 2017-04-16 18:01 - 00022929 _____ C:\Users\Beďa\Desktop\FRST.txt
2017-04-16 12:08 - 2017-04-16 18:00 - 00000000 ____D C:\FRST
2017-04-16 12:07 - 2017-04-16 12:07 - 02424832 _____ (Farbar) C:\Users\Beďa\Desktop\FRST64.exe
2017-04-15 18:05 - 2017-04-15 18:05 - 01579443 _____ C:\Users\Beďa\Desktop\nb-q1585-manual-en-v1.0.pdf
2017-04-15 07:59 - 2017-04-15 08:00 - 00000000 ____D C:\rsit
2017-04-15 07:59 - 2017-04-15 07:59 - 01329152 _____ C:\Users\Beďa\Desktop\RSITx64.exe
2017-04-15 07:59 - 2017-04-15 07:59 - 00000000 ____D C:\Program Files\trend micro
2017-04-15 07:40 - 2017-04-15 07:40 - 00022216 _____ C:\ComboFix.txt
2017-04-15 07:30 - 2017-04-15 07:31 - 00000489 _____ C:\Users\Beďa\Desktop\CFScript.txt
2017-04-15 07:17 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-15 07:17 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-15 07:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-15 07:15 - 2017-04-15 07:40 - 00000000 ____D C:\Qoobox
2017-04-15 07:15 - 2017-04-15 07:27 - 00000000 ____D C:\Windows\erdnt
2017-04-15 07:14 - 2017-04-15 07:14 - 05659546 ____R (Swearware) C:\Users\Beďa\Desktop\ComboFix.exe
2017-04-15 07:08 - 2017-04-15 07:08 - 00000000 ____D C:\_OTM
2017-04-15 07:07 - 2017-04-15 07:07 - 00522240 _____ (OldTimer Tools) C:\Users\Beďa\Desktop\OTM.exe
2017-04-15 07:01 - 2017-04-15 07:02 - 00000000 ____D C:\Users\Beďa\Desktop\backups
2017-04-14 12:36 - 2017-04-14 13:30 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2017-04-14 12:34 - 2006-02-03 22:51 - 12277672 _____ (Electronic Arts Inc.) C:\Users\Beďa\Desktop\game.dat
2017-04-14 12:34 - 2006-01-26 23:26 - 00495616 _____ C:\Users\Beďa\Desktop\lotrbfme2.exe
2017-04-14 09:07 - 2017-04-14 09:07 - 00000793 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
2017-04-14 09:07 - 2017-04-14 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-04-14 07:36 - 2017-04-14 07:36 - 09376918 _____ C:\Users\Beďa\Desktop\zaprednice-jedovata-opravdu-nejjedovatejsi-pavouk.pdf
2017-04-11 19:49 - 2017-04-11 19:49 - 00389914 _____ C:\Users\Beďa\Desktop\inzerat_specialista_lesni_vyroba_2017-02-08.pdf
2017-04-11 12:52 - 2017-04-11 12:52 - 00000000 ____D C:\ProgramData\BANDISOFT
2017-04-11 10:26 - 2017-04-11 10:26 - 00078873 _____ C:\Users\Beďa\Desktop\guidecz.pdf
2017-04-11 10:07 - 2017-04-11 10:07 - 00043144 _____ C:\Users\Beďa\Desktop\citacebakmag.pdf
2017-04-11 09:49 - 2017-04-11 09:49 - 01189299 _____ C:\Users\Beďa\Desktop\CSN-ISO-690.pdf
2017-04-09 12:43 - 2017-04-09 12:43 - 01276929 _____ C:\Users\Beďa\Desktop\zpradat6.pdf
2017-04-09 09:23 - 2017-04-09 09:23 - 00207205 _____ C:\Users\Beďa\Desktop\4ametody.pdf
2017-04-09 09:22 - 2017-04-09 09:22 - 01607577 _____ C:\Users\Beďa\Desktop\VSM-01.pdf
2017-04-08 19:48 - 2017-04-08 19:48 - 00000000 ____D C:\Users\Beďa\AppData\Local\WB Games
2017-04-08 19:40 - 2017-04-08 19:40 - 00000000 ____D C:\ProgramData\RELOADED
2017-04-08 19:39 - 2017-04-08 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snowblind Studios
2017-04-06 19:35 - 2017-04-06 19:35 - 00000000 ____D C:\Users\Beďa\AppData\Local\GHISLER
2017-04-06 18:45 - 2017-04-08 09:57 - 00009756 _____ C:\Users\Beďa\Desktop\JednorozmEll.xlsx
2017-04-06 18:44 - 2017-04-06 18:44 - 00009804 _____ C:\Users\Beďa\Desktop\ell_HSD.xlsx
2017-04-06 16:18 - 2017-04-06 16:18 - 00953973 _____ C:\Users\Beďa\Desktop\2013_07_02_StatSoft_Moznosti_vlastnich_grafickych_stylu.pdf
2017-04-06 15:35 - 2017-04-06 15:35 - 00749555 _____ C:\Users\Beďa\Desktop\Version9CZ.pdf
2017-04-06 15:04 - 2017-04-06 15:04 - 00009585 _____ C:\Users\Beďa\Desktop\Tukeyův.xlsx
2017-04-05 17:29 - 2017-04-05 17:29 - 02370062 _____ C:\Users\Beďa\Desktop\pravo.rar
2017-04-05 10:29 - 2017-04-11 15:52 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-05 10:29 - 2017-04-05 10:29 - 02156645 _____ C:\Users\Beďa\Desktop\Canoco5_for_Canoco4x_users.pdf
2017-04-05 10:29 - 2017-04-05 10:29 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-05 10:29 - 2017-04-05 10:28 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-05 09:32 - 2017-04-05 09:32 - 03157926 _____ C:\Users\Beďa\Desktop\kvant_ekol2.pdf
2017-04-04 18:24 - 2017-04-04 18:24 - 00000000 _____ C:\Users\Beďa\Desktop\kombinatorika.txt
2017-04-04 04:59 - 2017-04-11 13:33 - 00000000 ____D C:\Users\Beďa\Desktop\nastroje_pro_rozhod_v_LH
2017-04-03 07:55 - 2017-04-03 07:55 - 00340167 _____ C:\Users\Beďa\Desktop\post-507968640-0-04380700-1487947537.zip
2017-03-29 15:33 - 2017-03-29 15:33 - 00627765 _____ C:\Users\Beďa\Desktop\print.pdf
2017-03-28 16:40 - 2017-03-28 16:40 - 01370849 _____ C:\Users\Beďa\Desktop\mnohorozmene_analyzy.pdf
2017-03-27 17:27 - 2017-03-27 17:27 - 00817171 _____ C:\Users\Beďa\Desktop\diplomova_prace_ed.pdf
2017-03-27 08:48 - 2017-03-27 08:48 - 01969557 _____ C:\Users\Beďa\Desktop\71_statistika4.pdf
2017-03-26 14:29 - 2017-03-26 14:29 - 00665659 _____ C:\Users\Beďa\Desktop\diplomka.pdf
2017-03-23 14:42 - 2017-03-23 14:42 - 00000000 ____D C:\Users\Beďa\Documents\My Cheat Tables
2017-03-20 10:59 - 2017-03-20 10:59 - 00000000 ____D C:\Users\Beďa\AppData\Local\StatSoft
2017-03-20 10:45 - 2017-03-20 10:45 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\StatSoft
2017-03-18 14:34 - 2017-03-18 14:34 - 01117104 _____ C:\Users\Beďa\Desktop\LP_4_2013.pdf
2017-03-18 14:28 - 2017-03-18 14:28 - 05500615 _____ C:\Users\Beďa\Desktop\Fytocenologicky_vyzkum.pdf
2017-03-18 14:26 - 2017-03-18 14:26 - 00902089 _____ C:\Users\Beďa\Desktop\Ellenberg_kv_olsiny.pdf
2017-03-18 00:36 - 2017-03-18 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STATISTICA 12 Trial verze
2017-03-18 00:36 - 2017-03-18 00:36 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Softland
2017-03-18 00:36 - 2017-03-18 00:36 - 00000000 ____D C:\ProgramData\StatSoft
2017-03-18 00:36 - 2010-02-05 15:00 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-03-17 21:17 - 2017-04-16 18:01 - 00112465 _____ C:\Windows\ZAM.krnl.trace
2017-03-17 21:17 - 2017-04-16 18:01 - 00087861 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-17 21:17 - 2017-03-17 21:17 - 14504384 _____ (Copyright 2017.) C:\Users\Beďa\Desktop\Zemana.AntiMalware.Portable.exe
2017-03-17 21:17 - 2017-03-17 21:17 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-17 21:17 - 2017-03-17 21:17 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-17 21:17 - 2017-03-17 21:17 - 00000000 ____D C:\Users\Beďa\AppData\Local\Zemana
2017-03-17 17:24 - 2017-03-29 21:31 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-17 17:23 - 2017-04-13 06:12 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-17 17:23 - 2017-04-13 06:12 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-17 11:25 - 2017-03-18 10:54 - 00000000 ____D C:\Users\Beďa\AppData\LocalLow\Mozilla
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-07-06 00:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\drivers
2017-04-16 14:20 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-16 14:20 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-16 14:17 - 2009-07-14 17:18 - 00669116 _____ C:\Windows\system32\perfh005.dat
2017-04-16 14:17 - 2009-07-14 17:18 - 00141744 _____ C:\Windows\system32\perfc005.dat
2017-04-16 14:17 - 2009-07-14 07:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-16 14:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-16 14:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-15 07:57 - 2017-02-28 11:37 - 00000070 _____ C:\Users\Beďa\Documents\nnerv.txt
2017-04-15 07:39 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2017-04-15 06:50 - 2015-12-03 17:32 - 00000000 ____D C:\Users\Beďa
2017-04-13 20:59 - 2015-12-08 08:29 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\vlc
2017-04-13 18:38 - 2015-12-03 23:24 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-04-13 14:43 - 2015-12-05 12:29 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Skype
2017-04-10 11:38 - 2017-02-20 13:07 - 00000000 ____D C:\Users\Beďa\Desktop\pravo
2017-04-08 22:13 - 2015-12-05 20:34 - 00000000 ____D C:\Users\Beďa\.gimp-2.8
2017-04-08 18:45 - 2016-02-08 00:25 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\DAEMON Tools Lite
2017-04-07 11:56 - 2016-11-16 14:25 - 00000000 ____D C:\Users\Beďa\Desktop\ANJ_C1
2017-04-06 19:29 - 2016-01-20 11:27 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\RStudio
2017-04-06 19:29 - 2016-01-20 11:26 - 00000000 ____D C:\Users\Beďa\AppData\Local\RStudio-Desktop
2017-04-06 07:43 - 2015-12-03 17:42 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-05 20:21 - 2017-02-02 09:17 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\discord
2017-04-05 20:20 - 2016-02-09 21:13 - 00000000 ____D C:\temp
2017-04-05 20:18 - 2016-03-23 10:24 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458721453
2017-04-05 20:15 - 2015-12-03 16:23 - 00304378 ____N C:\Windows\Minidump\040517-78250-01.dmp
2017-04-05 20:15 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-04-05 10:29 - 2015-12-03 18:11 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-05 10:28 - 2016-03-23 10:24 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-05 10:28 - 2015-12-03 18:11 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-03 20:26 - 2015-12-03 16:23 - 00304378 ____N C:\Windows\Minidump\040317-73882-01.dmp
2017-04-03 10:58 - 2016-06-14 07:00 - 00000674 _____ C:\Users\Beďa\Documents\emaily předešlých.TXT
2017-03-29 09:37 - 2016-01-20 11:27 - 00019432 _____ C:\Users\Beďa\Documents\.Rhistory
2017-03-21 21:33 - 2015-12-04 13:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-21 19:23 - 2015-12-04 13:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-03-18 10:47 - 2016-02-24 23:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-18 10:47 - 2016-02-24 23:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-18 10:37 - 2016-02-24 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-17 21:36 - 2017-03-16 06:37 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2017-03-17 21:36 - 2016-08-12 13:02 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Seznam.cz
2017-03-17 17:23 - 2015-12-03 18:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-17 06:20 - 2015-12-03 18:58 - 00000000 ____D C:\Program Files\Google
==================== Files in the root of some directories =======
2017-02-24 07:06 - 2017-02-24 07:06 - 0000870 _____ () C:\Users\Beďa\AppData\Local\recently-used.xbel
2015-12-07 17:51 - 2015-12-07 17:56 - 0007606 _____ () C:\Users\Beďa\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-15 15:35
==================== End of FRST.txt ============================
Ran by Beďa (administrator) on BEĎACOMP (16-04-2017 18:00:31)
Running from C:\Users\Beďa\Desktop
Loaded Profiles: Beďa (Available Profiles: Beďa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ClanServers Hosting LLC) D:\GameTracker\GSInGameService.exe
(Firebird Project) D:\krosplus\Firebird\FBbin\fbserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Wargaming.net) D:\World_of_Tanks\WargamingGameUpdater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Hotkey OSD Driver\HotKeyOSD.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) D:\DAEMON Tools Lite\DiscSoftBusService.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [3768832 2009-12-14] (Sentelic Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8123936 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [SideBar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2017-03-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-05] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [HotKeyOSD] => C:\Program Files (x86)\Hotkey OSD Driver\HotKeyOSD.exe [232528 2010-01-18] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [DAEMON Tools Lite Automount] => D:\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [World of Tanks] => D:\World_of_Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-05] (AVAST Software)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-05-24]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{42914222-8196-45D0-AB4A-C1A0142A4993}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{C1FB6535-D3F9-4D72-9942-90D47C25CAF2}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {01038D8C-7BBB-477B-B522-D7C07A9DB3AF} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {2F9F575F-55DD-46DE-B1AF-DB28B75B0584} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {3C83951A-9153-47CC-AB47-51DDBB6E2A43} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {43A82CA5-683B-48C9-BF49-91A2BA04BA89} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {4D12145F-0FD1-4DE9-862E-BB2FE76ADCA4} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {51ECF79D-55D7-4682-850E-259BC54AD054} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {7B890224-634B-4EF9-946E-D2008B72AE24} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {BF24092B-4DEE-4CE4-B44F-56D3097FAF26} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> {DE173B1A-3D3A-454B-B524-0552FF9FCF94} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: No Name -> {82A76710-4F98-4957-92BE-99648A4E2475} -> No File
BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\STATISTICA 12 Trial verze\Support\StaBHO.dll [2013-04-02] (StatSoft, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\java\bin\ssv.dll [2015-12-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO-x32: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> D:\STATISTICA 12 Trial verze\StaBHO.dll [2013-04-02] (StatSoft, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\java\bin\jp2ssv.dll [2015-12-04] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: px9tlgkc.default
FF ProfilePath: C:\Users\Beďa\AppData\Roaming\Mozilla\Firefox\Profiles\px9tlgkc.default [2017-04-16]
FF Homepage: Mozilla\Firefox\Profiles\px9tlgkc.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\px9tlgkc.default -> is enabled.
FF Extension: (Seznam lištička) - C:\Users\Beďa\AppData\Roaming\Mozilla\Firefox\Profiles\px9tlgkc.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-02-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-03]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-04-25] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: PDF Architect 4 -> C:\Program Files\PDF Architect 4\np-previewer.dll [2016-01-15] (pdfforge GmbH)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> D:\java\bin\dtplugin\npDeployJava1.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> D:\java\bin\plugin2\npjp2.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default [2017-04-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\Beďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ArcGIS License Manager; D:\ArcGIS\License10.0\bin\lmgrd.exe [1377104 2010-07-12] (Flexera Software, Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-05] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2015-12-05] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 GS In-Game Service; D:\GameTracker\GSInGameService.exe [1677080 2013-12-19] (ClanServers Hosting LLC)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KrosPlusFireBird; D:\krosplus\Firebird\FBbin\fbserver.exe [3784704 2015-07-08] (Firebird Project) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-05] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-12-11] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-08] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-12-11] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [36904 2016-04-25] (Feitian Technologies Co., Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-03-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-03-17] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-16 15:50 - 2017-04-16 15:50 - 00860339 _____ C:\Users\Beďa\Desktop\statistika_prezentace2.pdf
2017-04-16 14:06 - 2017-04-16 14:08 - 00000000 ____D C:\AdwCleaner
2017-04-16 14:06 - 2017-04-16 14:06 - 04089296 _____ C:\Users\Beďa\Desktop\adwcleaner_6.045.exe
2017-04-16 12:11 - 2017-04-16 12:12 - 00039628 _____ C:\Users\Beďa\Desktop\Addition.txt
2017-04-16 12:10 - 2017-04-16 18:01 - 00022929 _____ C:\Users\Beďa\Desktop\FRST.txt
2017-04-16 12:08 - 2017-04-16 18:00 - 00000000 ____D C:\FRST
2017-04-16 12:07 - 2017-04-16 12:07 - 02424832 _____ (Farbar) C:\Users\Beďa\Desktop\FRST64.exe
2017-04-15 18:05 - 2017-04-15 18:05 - 01579443 _____ C:\Users\Beďa\Desktop\nb-q1585-manual-en-v1.0.pdf
2017-04-15 07:59 - 2017-04-15 08:00 - 00000000 ____D C:\rsit
2017-04-15 07:59 - 2017-04-15 07:59 - 01329152 _____ C:\Users\Beďa\Desktop\RSITx64.exe
2017-04-15 07:59 - 2017-04-15 07:59 - 00000000 ____D C:\Program Files\trend micro
2017-04-15 07:40 - 2017-04-15 07:40 - 00022216 _____ C:\ComboFix.txt
2017-04-15 07:30 - 2017-04-15 07:31 - 00000489 _____ C:\Users\Beďa\Desktop\CFScript.txt
2017-04-15 07:17 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-04-15 07:17 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-04-15 07:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-04-15 07:17 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-04-15 07:15 - 2017-04-15 07:40 - 00000000 ____D C:\Qoobox
2017-04-15 07:15 - 2017-04-15 07:27 - 00000000 ____D C:\Windows\erdnt
2017-04-15 07:14 - 2017-04-15 07:14 - 05659546 ____R (Swearware) C:\Users\Beďa\Desktop\ComboFix.exe
2017-04-15 07:08 - 2017-04-15 07:08 - 00000000 ____D C:\_OTM
2017-04-15 07:07 - 2017-04-15 07:07 - 00522240 _____ (OldTimer Tools) C:\Users\Beďa\Desktop\OTM.exe
2017-04-15 07:01 - 2017-04-15 07:02 - 00000000 ____D C:\Users\Beďa\Desktop\backups
2017-04-14 12:36 - 2017-04-14 13:30 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2017-04-14 12:34 - 2006-02-03 22:51 - 12277672 _____ (Electronic Arts Inc.) C:\Users\Beďa\Desktop\game.dat
2017-04-14 12:34 - 2006-01-26 23:26 - 00495616 _____ C:\Users\Beďa\Desktop\lotrbfme2.exe
2017-04-14 09:07 - 2017-04-14 09:07 - 00000793 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
2017-04-14 09:07 - 2017-04-14 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-04-14 07:36 - 2017-04-14 07:36 - 09376918 _____ C:\Users\Beďa\Desktop\zaprednice-jedovata-opravdu-nejjedovatejsi-pavouk.pdf
2017-04-11 19:49 - 2017-04-11 19:49 - 00389914 _____ C:\Users\Beďa\Desktop\inzerat_specialista_lesni_vyroba_2017-02-08.pdf
2017-04-11 12:52 - 2017-04-11 12:52 - 00000000 ____D C:\ProgramData\BANDISOFT
2017-04-11 10:26 - 2017-04-11 10:26 - 00078873 _____ C:\Users\Beďa\Desktop\guidecz.pdf
2017-04-11 10:07 - 2017-04-11 10:07 - 00043144 _____ C:\Users\Beďa\Desktop\citacebakmag.pdf
2017-04-11 09:49 - 2017-04-11 09:49 - 01189299 _____ C:\Users\Beďa\Desktop\CSN-ISO-690.pdf
2017-04-09 12:43 - 2017-04-09 12:43 - 01276929 _____ C:\Users\Beďa\Desktop\zpradat6.pdf
2017-04-09 09:23 - 2017-04-09 09:23 - 00207205 _____ C:\Users\Beďa\Desktop\4ametody.pdf
2017-04-09 09:22 - 2017-04-09 09:22 - 01607577 _____ C:\Users\Beďa\Desktop\VSM-01.pdf
2017-04-08 19:48 - 2017-04-08 19:48 - 00000000 ____D C:\Users\Beďa\AppData\Local\WB Games
2017-04-08 19:40 - 2017-04-08 19:40 - 00000000 ____D C:\ProgramData\RELOADED
2017-04-08 19:39 - 2017-04-08 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snowblind Studios
2017-04-06 19:35 - 2017-04-06 19:35 - 00000000 ____D C:\Users\Beďa\AppData\Local\GHISLER
2017-04-06 18:45 - 2017-04-08 09:57 - 00009756 _____ C:\Users\Beďa\Desktop\JednorozmEll.xlsx
2017-04-06 18:44 - 2017-04-06 18:44 - 00009804 _____ C:\Users\Beďa\Desktop\ell_HSD.xlsx
2017-04-06 16:18 - 2017-04-06 16:18 - 00953973 _____ C:\Users\Beďa\Desktop\2013_07_02_StatSoft_Moznosti_vlastnich_grafickych_stylu.pdf
2017-04-06 15:35 - 2017-04-06 15:35 - 00749555 _____ C:\Users\Beďa\Desktop\Version9CZ.pdf
2017-04-06 15:04 - 2017-04-06 15:04 - 00009585 _____ C:\Users\Beďa\Desktop\Tukeyův.xlsx
2017-04-05 17:29 - 2017-04-05 17:29 - 02370062 _____ C:\Users\Beďa\Desktop\pravo.rar
2017-04-05 10:29 - 2017-04-11 15:52 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-05 10:29 - 2017-04-05 10:29 - 02156645 _____ C:\Users\Beďa\Desktop\Canoco5_for_Canoco4x_users.pdf
2017-04-05 10:29 - 2017-04-05 10:29 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-05 10:29 - 2017-04-05 10:28 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-05 10:29 - 2017-04-05 10:28 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-05 09:32 - 2017-04-05 09:32 - 03157926 _____ C:\Users\Beďa\Desktop\kvant_ekol2.pdf
2017-04-04 18:24 - 2017-04-04 18:24 - 00000000 _____ C:\Users\Beďa\Desktop\kombinatorika.txt
2017-04-04 04:59 - 2017-04-11 13:33 - 00000000 ____D C:\Users\Beďa\Desktop\nastroje_pro_rozhod_v_LH
2017-04-03 07:55 - 2017-04-03 07:55 - 00340167 _____ C:\Users\Beďa\Desktop\post-507968640-0-04380700-1487947537.zip
2017-03-29 15:33 - 2017-03-29 15:33 - 00627765 _____ C:\Users\Beďa\Desktop\print.pdf
2017-03-28 16:40 - 2017-03-28 16:40 - 01370849 _____ C:\Users\Beďa\Desktop\mnohorozmene_analyzy.pdf
2017-03-27 17:27 - 2017-03-27 17:27 - 00817171 _____ C:\Users\Beďa\Desktop\diplomova_prace_ed.pdf
2017-03-27 08:48 - 2017-03-27 08:48 - 01969557 _____ C:\Users\Beďa\Desktop\71_statistika4.pdf
2017-03-26 14:29 - 2017-03-26 14:29 - 00665659 _____ C:\Users\Beďa\Desktop\diplomka.pdf
2017-03-23 14:42 - 2017-03-23 14:42 - 00000000 ____D C:\Users\Beďa\Documents\My Cheat Tables
2017-03-20 10:59 - 2017-03-20 10:59 - 00000000 ____D C:\Users\Beďa\AppData\Local\StatSoft
2017-03-20 10:45 - 2017-03-20 10:45 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\StatSoft
2017-03-18 14:34 - 2017-03-18 14:34 - 01117104 _____ C:\Users\Beďa\Desktop\LP_4_2013.pdf
2017-03-18 14:28 - 2017-03-18 14:28 - 05500615 _____ C:\Users\Beďa\Desktop\Fytocenologicky_vyzkum.pdf
2017-03-18 14:26 - 2017-03-18 14:26 - 00902089 _____ C:\Users\Beďa\Desktop\Ellenberg_kv_olsiny.pdf
2017-03-18 00:36 - 2017-03-18 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STATISTICA 12 Trial verze
2017-03-18 00:36 - 2017-03-18 00:36 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Softland
2017-03-18 00:36 - 2017-03-18 00:36 - 00000000 ____D C:\ProgramData\StatSoft
2017-03-18 00:36 - 2010-02-05 15:00 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-03-17 21:17 - 2017-04-16 18:01 - 00112465 _____ C:\Windows\ZAM.krnl.trace
2017-03-17 21:17 - 2017-04-16 18:01 - 00087861 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-17 21:17 - 2017-03-17 21:17 - 14504384 _____ (Copyright 2017.) C:\Users\Beďa\Desktop\Zemana.AntiMalware.Portable.exe
2017-03-17 21:17 - 2017-03-17 21:17 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-03-17 21:17 - 2017-03-17 21:17 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-03-17 21:17 - 2017-03-17 21:17 - 00000000 ____D C:\Users\Beďa\AppData\Local\Zemana
2017-03-17 17:24 - 2017-03-29 21:31 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-17 17:23 - 2017-04-13 06:12 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-17 17:23 - 2017-04-13 06:12 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-17 11:25 - 2017-03-18 10:54 - 00000000 ____D C:\Users\Beďa\AppData\LocalLow\Mozilla
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-07-06 00:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\drivers
2017-04-16 14:20 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-16 14:20 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-16 14:17 - 2009-07-14 17:18 - 00669116 _____ C:\Windows\system32\perfh005.dat
2017-04-16 14:17 - 2009-07-14 17:18 - 00141744 _____ C:\Windows\system32\perfc005.dat
2017-04-16 14:17 - 2009-07-14 07:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-16 14:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-16 14:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-15 07:57 - 2017-02-28 11:37 - 00000070 _____ C:\Users\Beďa\Documents\nnerv.txt
2017-04-15 07:39 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2017-04-15 06:50 - 2015-12-03 17:32 - 00000000 ____D C:\Users\Beďa
2017-04-13 20:59 - 2015-12-08 08:29 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\vlc
2017-04-13 18:38 - 2015-12-03 23:24 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-04-13 14:43 - 2015-12-05 12:29 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Skype
2017-04-10 11:38 - 2017-02-20 13:07 - 00000000 ____D C:\Users\Beďa\Desktop\pravo
2017-04-08 22:13 - 2015-12-05 20:34 - 00000000 ____D C:\Users\Beďa\.gimp-2.8
2017-04-08 18:45 - 2016-02-08 00:25 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\DAEMON Tools Lite
2017-04-07 11:56 - 2016-11-16 14:25 - 00000000 ____D C:\Users\Beďa\Desktop\ANJ_C1
2017-04-06 19:29 - 2016-01-20 11:27 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\RStudio
2017-04-06 19:29 - 2016-01-20 11:26 - 00000000 ____D C:\Users\Beďa\AppData\Local\RStudio-Desktop
2017-04-06 07:43 - 2015-12-03 17:42 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-05 20:21 - 2017-02-02 09:17 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\discord
2017-04-05 20:20 - 2016-02-09 21:13 - 00000000 ____D C:\temp
2017-04-05 20:18 - 2016-03-23 10:24 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458721453
2017-04-05 20:15 - 2015-12-03 16:23 - 00304378 ____N C:\Windows\Minidump\040517-78250-01.dmp
2017-04-05 20:15 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-04-05 10:29 - 2015-12-03 18:11 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-05 10:29 - 2015-12-03 18:11 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-05 10:28 - 2016-03-23 10:24 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-05 10:28 - 2015-12-03 18:11 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-03 20:26 - 2015-12-03 16:23 - 00304378 ____N C:\Windows\Minidump\040317-73882-01.dmp
2017-04-03 10:58 - 2016-06-14 07:00 - 00000674 _____ C:\Users\Beďa\Documents\emaily předešlých.TXT
2017-03-29 09:37 - 2016-01-20 11:27 - 00019432 _____ C:\Users\Beďa\Documents\.Rhistory
2017-03-21 21:33 - 2015-12-04 13:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-21 19:23 - 2015-12-04 13:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-03-18 10:47 - 2016-02-24 23:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-18 10:47 - 2016-02-24 23:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-18 10:37 - 2016-02-24 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-17 21:36 - 2017-03-16 06:37 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2017-03-17 21:36 - 2016-08-12 13:02 - 00000000 ____D C:\Users\Beďa\AppData\Roaming\Seznam.cz
2017-03-17 17:23 - 2015-12-03 18:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-17 06:20 - 2015-12-03 18:58 - 00000000 ____D C:\Program Files\Google
==================== Files in the root of some directories =======
2017-02-24 07:06 - 2017-02-24 07:06 - 0000870 _____ () C:\Users\Beďa\AppData\Local\recently-used.xbel
2015-12-07 17:51 - 2015-12-07 17:56 - 0007606 _____ () C:\Users\Beďa\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-15 15:35
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Změna data podruhé
Otevřte poznámkový blok a zkopírujte do něj:
Proč jste spouštěl ComboFix, utilitu určenou jen profesionálům? Laik si jím poměrně snadno může poškodit systém.
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: No Name -> {82A76710-4F98-4957-92BE-99648A4E2475} -> No File
Toolbar: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
EmptyTemp:
End
Proč jste spouštěl ComboFix, utilitu určenou jen profesionálům? Laik si jím poměrně snadno může poškodit systém.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Změna data podruhé
Fix result of Farbar Recovery Scan Tool (x64) Version: 16-04-2017
Ran by Beďa (16-04-2017 19:24:53) Run:2
Running from C:\Users\Beďa\Desktop
Loaded Profiles: Beďa (Available Profiles: Beďa)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: No Name -> {82A76710-4F98-4957-92BE-99648A4E2475} -> No File
Toolbar: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475} => key not found.
HKCR\CLSID\{82A76710-4F98-4957-92BE-99648A4E2475} => key not found.
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2100480 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 23873590 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Beďa => 74170 B
RecycleBin => 0 B
EmptyTemp: => 24.8 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:24:58 ====
Ran by Beďa (16-04-2017 19:24:53) Run:2
Running from C:\Users\Beďa\Desktop
Loaded Profiles: Beďa (Available Profiles: Beďa)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: No Name -> {82A76710-4F98-4957-92BE-99648A4E2475} -> No File
Toolbar: HKU\S-1-5-21-3193549996-4210416090-1819883145-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475} => key not found.
HKCR\CLSID\{82A76710-4F98-4957-92BE-99648A4E2475} => key not found.
HKU\S-1-5-21-3193549996-4210416090-1819883145-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2100480 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 23873590 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Beďa => 74170 B
RecycleBin => 0 B
EmptyTemp: => 24.8 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:24:58 ====
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Změna data podruhé
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Změna data podruhé
Po použití adwcleaneru dopoledne se po restartování datum a čas nezměnil, ale teď už to zase zlobí a po aktualizování data z internetu se po různě dlouhé době zase změní...
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Změna data podruhé
Sice nevěřím moc tomu, že to způsobuje malware, nicméně ještě udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Změna data podruhé
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 16.04.17
Čas skenování: 21:00
Logovací soubor: log.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.103
Aktualizovat verzi balíku komponent: 1.0.1742
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Be\u00c4\u008faComp\Be\u00c4\u008fa
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 405796
Uplynulý čas: 4 min, 38 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 2
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Žádná uživatelská akce, [965], [327197],1.0.1742
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Žádná uživatelská akce, [965], [327197],1.0.1742
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 16.04.17
Čas skenování: 21:00
Logovací soubor: log.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.103
Aktualizovat verzi balíku komponent: 1.0.1742
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Be\u00c4\u008faComp\Be\u00c4\u008fa
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 405796
Uplynulý čas: 4 min, 38 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 2
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Žádná uživatelská akce, [965], [327197],1.0.1742
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Žádná uživatelská akce, [965], [327197],1.0.1742
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Změna data podruhé
Nálezy MBAM smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Změna data podruhé
Smazáno
Přispějete na provoz fóra?