VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vir qtipr.com

https://forum.viry.cz:443/viewtopic.php?t=151472

Stránka 2 z 2

Re: Vir qtipr.com

Napsal: 05 bře 2017 09:43
od Jenda939
Log z Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by DOMA (05-03-2017 09:30:11)
Running from C:\Users\DOMA\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-04-18 07:46:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-58790212-2234761543-3166528618-500 - Administrator - Disabled)
ASPNET (S-1-5-21-58790212-2234761543-3166528618-1002 - Limited - Enabled)
DOMA (S-1-5-21-58790212-2234761543-3166528618-1000 - Administrator - Enabled) => C:\Users\DOMA
Guest (S-1-5-21-58790212-2234761543-3166528618-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AIDA64 Engineer v4.30 (HKLM-x32\...\AIDA64 Engineer_is1) (Version: 4.30 - FinalWire Ltd.)
Aktualizace NVIDIA 2.11.4.125 (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.307 - ArcSoft)
Ashampoo Burning Studio 14 v.14.0.5 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.5 - Ashampoo GmbH & Co. KG)
Assassin's Creed ® III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.00 - Ubisoft)
Assassins Creed III version 5.1 (HKLM-x32\...\{B810D852-DFD6-ACIII-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.67.1076 - AB Team, d.o.o.)
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Název společnosti:) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
DRIVERfighter (x32 Version: 1.1.160 - SPAMfighter ApS) Hidden
EXFO FastReporter 2 (64 Bit) (HKLM\...\{06949587-E622-4C72-962A-562FE0F06D2A}) (Version: 2.12.0.1747 - EXFO Inc.)
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
GanttProject (HKLM-x32\...\GanttProject) (Version: - )
GIANTS Editor 5.0.3 64-bit (HKLM-x32\...\giants_editor_5.0.3_win64_is1) (Version: 5.0.3 - GIANTS Software GmbH)
GIANTS Editor 6.0.3 64-bit (HKLM-x32\...\giants_editor_6.0.3_win64_is1) (Version: 6.0.3 - GIANTS Software GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}) (Version: 13.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
MATLAB Production Server R2015a (HKLM\...\MATLAB Production Server R2015a) (Version: 2.1 - MathWorks)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000405-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 51.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 51.0.1 (x64 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
nanoCAD 5.0 (HKLM-x32\...\{6D4250F7-DB33-4530-A9BD-A9D66BA34586}) (Version: 5.0.2520.2000 - Nanosoft)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NOT ONLY TV (HKLM-x32\...\{213E2CCF-8265-444F-A6CA-40BD946A8D4A}) (Version: 1.00.0000 - Geniatech)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 342.01 (Version: 342.01 - NVIDIA Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF Editor 64bit 4 (HKLM\...\PDF Editor 64bit 4) (Version: - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - PhotoScape)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM\...\{450EE212-9867-4585-A7E5-02BFAED9D462}) (Version: 13.0.12.1494 - SAP)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - SumatraPDF)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51 - Ghisler Software GmbH)
TotalMedia Setup (HKLM-x32\...\{24C4BB38-F45D-4247-90B9-7E6CAA877FF3}) (Version: 1.00.0000 - Conexant)
Traffic Exchange (x32 Version: 2.0.0 - Microleaves) Hidden <==== ATTENTION
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Zoner Photo Studio X (HKLM\...\ZonerPhotoStudioX_CZ_is1) (Version: 19.1610.2.7 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6AA84F91-E58B-407A-855B-D18B8819A7EA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {C2278BAF-3495-4440-A1EC-47A9D081EF48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {C71C3586-61A5-4BE2-B30D-6766419EFFF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-20] (Google Inc.)
Task: {EBD990B5-1519-4727-B3FE-B7BF93C27F8A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F5B4BE66-6B08-4AC2-8237-EA01252688F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехplоrer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Еxрlоrer (Nо Аdd-оns).lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Ехplorer Вrowsеr.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhromе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Еxрlorer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfox.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firеfoх.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2014-04-22 14:04 - 2016-11-14 12:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2016-11-25 07:16 - 2016-11-25 07:16 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-12-20 09:10 - 2016-11-14 13:30 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-10-09 14:02 - 2016-10-09 14:02 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-02-08 03:52 - 2017-02-08 03:52 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2017-02-06 08:11 - 2017-03-03 20:26 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-12-20 09:10 - 2016-11-14 13:30 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-04-22 19:32 - 2007-04-19 08:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2014-04-22 19:31 - 2007-04-19 08:39 - 00436992 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\fpxlib.dll
2014-04-22 19:31 - 2007-04-19 08:29 - 00273216 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\magengin.dll
2014-04-22 19:31 - 2007-04-19 08:29 - 00187136 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\kgl.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-03-01 12:51 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-58790212-2234761543-3166528618-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{986E42F8-0DCC-4C21-9EA2-4AF5F868A22E}] => (Allow) D:\setup\hpznui40.exe
FirewallRules: [{5E0C5700-A21B-4D92-B1C3-C58D76B16E0F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{D753D0F5-5788-41F9-818B-9C543C9BEB43}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3CCACBAD-94B7-4687-B9A2-91E989FC2698}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{02D5C63E-EAC2-4070-9030-C7DBC6FD5B4F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{8B6F2DA3-0E8B-4F8C-B861-5615AF5719BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8796D2D7-FA0B-4025-859A-15A0CB593714}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A24F502E-286B-480E-A56D-8D4DA04B3E7C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{429DFE64-C847-4F93-9190-C908AC26FFAC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{10B16006-959F-437A-8B65-BEEC2D939D80}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{F5DFC530-3D07-4F0C-8572-5C5B6E7376A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{4FB7C90B-BEB4-4DBA-88AD-270BF149124D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{9DB5A591-3657-4E04-BDFE-35314B4B4EA4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{280AE985-4B49-4555-ABC7-9E5096CBB61D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{180D482D-1E10-4043-9B29-226503180B9F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{41989347-7A83-4E18-A3C5-31143D33B0E6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{F9B0ED26-B26E-4389-A79E-2C2F7F240ECD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E02074CC-0AEE-475B-8206-379AB687AD31}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{8979B06C-96F4-43ED-98B0-24D32089227B}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{768B527E-1FF6-4B99-8E07-FE751287256E}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [{3C58F50C-6ECA-4E6E-889D-5EC0DF15FB04}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [TCP Query User{93B8802B-ADF5-49C5-85B6-4AD12BA10099}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{5991A7FA-0B75-42CE-B36C-B5963C44AC12}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [{6A1AB645-6FE1-4121-B671-906CBB9769F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C4175045-2B20-497C-B1EF-E26426A024E5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F727BF5E-550E-4FB8-B360-2403725974A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1520BDA0-4209-4B79-A54E-D81BE1602902}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8AA5A525-210F-4ACC-8888-3B87F716CEBE}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{23569C2F-BC4C-45A9-93ED-F88CD9CA9702}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1E0EFA09-A367-4514-A30D-B1879E10BEC7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9F5E2451-C8DB-4785-82C2-CB8A3ED7939F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E1D51801-60CF-4D0B-A8CD-464BC7CB2920}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3A0EAF2B-DC9C-4D49-BD45-2F5BEDF3CC0E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E700B23D-5214-4B63-A2B2-E55A7822C8F2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D442EB9F-8C21-4215-B6A0-19329C8E300A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{08FFF55B-6C7F-417E-BC7E-02C16FDDEE64}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{987EC8E3-660D-4547-9B49-5D1C1217B28B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FB66F217-B802-4443-946D-B855D9CD43A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D33FC8C6-EC02-4AD7-902B-A3074A887248}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CC25B0E5-B6AB-4DC2-BF0B-1993E46A347D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1EDB1E46-4CEB-4739-ADF6-B701371BAA57}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FDDEDD80-8D46-41AE-BBF7-A5F2FAE88A77}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{16467020-2FA0-496B-8DBA-8F5494B94CA4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Adaptér tunelového režimu Microsoft Teredo
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2017 12:43:00 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {ab576a98-03e6-4563-860e-a862eecc0511}

Error: (03/01/2017 12:40:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: NvStreamUserAgent.exe, verze: 7.1.2117.8928, časové razítko: 0x57e24380
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.23572, časové razítko: 0x57fd0651
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000004da56
ID chybujícího procesu: 0x1330
Čas spuštění chybující aplikace: 0x01d2928094b49fb0
Cesta k chybující aplikaci: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: dec93234-fe73-11e6-9448-001e8c336939

Error: (02/25/2017 11:17:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Skype.exe verze 7.17.0.105 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: de8

Čas spuštění: 01d28f441cd69ee7

Čas ukončení: 220

Cesta k aplikaci: C:\Program Files (x86)\Skype\Phone\Skype.exe

ID hlášení:

Error: (02/20/2017 01:10:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {88f89f43-7d70-427e-93cd-1af7bc5d7afd}

Error: (02/18/2017 08:11:41 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/18/2017 08:11:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/18/2017 08:11:41 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/18/2017 08:11:41 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)

Error: (02/18/2017 08:11:40 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/18/2017 08:11:39 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (03/05/2017 08:31:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/05/2017 08:30:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (22:18:21, ‎4.‎3.‎2017) bylo neočekávané.

Error: (03/04/2017 04:35:24 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (03/04/2017 12:37:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/03/2017 07:15:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/03/2017 12:51:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/02/2017 08:09:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/02/2017 08:07:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (8:03:49, ‎2.‎3.‎2017) bylo neočekávané.

Error: (03/02/2017 08:01:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/01/2017 12:55:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================
Date: 2017-02-23 12:51:41.524
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-23 12:51:41.394
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-23 12:51:41.264
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-23 12:51:41.134
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-14 12:20:55.541
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-14 12:20:55.401
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 4095.12 MB
Available physical RAM: 2897.48 MB
Total Virtual: 8188.42 MB
Available Virtual: 6709.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:10.23 GB) NTFS
Drive e: (Data) (Fixed) (Total:368.1 GB) (Free:145.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 24C224C1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Vir qtipr.com

Napsal: 05 bře 2017 14:43
od altrok
:arrow: Pokud fixlist nepomuze, zazalohujte zalozky a hesla Mozilly napr. pomoci http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ , nasledne Mozillu odinstanstalujte vcetne jejiho profilu a pote provedte cistou instalaci.


:arrow: Nainstalujte nejaky antivir, protoze Defender na Win7 plni pouze funkci antispywarovou. Dale zapnete firewall.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
C:\Users\DOMA\AppData\Local\cmsiex
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехplоrer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Еxрlоrer (Nо Аdd-оns).lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Ехplorer Вrowsеr.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhromе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Еxрlorer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfox.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firеfoх.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End

Re: Vir qtipr.com

Napsal: 06 bře 2017 13:25
od Jenda939
Zdravím, přidávám fixlog. Jinak jsem musel provést novou instalaci firefoxu. Děkuji za odpověď.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by DOMA (06-03-2017 13:01:14) Run:2
Running from C:\Users\DOMA\Desktop
Loaded Profiles: DOMA (Available Profiles: DOMA)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\Users\DOMA\AppData\Local\cmsiex
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rnet ??pl?rer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ?x?l?rer (N? ?dd-?ns).lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Internet ??plorer ?rows?r.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G?ogl? ?hrom?.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rnet ?x?lorer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?fox.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogle Chr?me.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?ozill? Fir?fo?.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\DOMA\AppData\Local\cmsiex => moved successfully
"C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rnet ??pl?rer.lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ?x?l?rer (N? ?dd-?ns).lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Internet ??plorer ?rows?r.lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G?ogl? ?hrom?.lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rnet ?x?lorer.lnk" => Could not move.
"C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?fox.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogle Chr?me.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?ozill? Fir?fo?.lnk" => Could not move.

========= dir "C:\Windows\Inf" /AD =========

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\Windows\Inf

06.03.2017 12:50 <DIR> .
06.03.2017 12:50 <DIR> ..
14.07.2009 16:18 <DIR> .NET CLR Data
14.07.2009 16:18 <DIR> .NET CLR Networking
28.04.2014 12:57 <DIR> .NET CLR Networking 4.0.0.0
14.07.2009 16:18 <DIR> .NET Data Provider for Oracle
14.07.2009 16:18 <DIR> .NET Data Provider for SqlServer
28.04.2014 12:58 <DIR> .NET Memory Cache 4.0
14.07.2009 16:18 <DIR> .NETFramework
15.12.2016 08:14 <DIR> ASP.NET
09.10.2016 14:04 <DIR> ASP.NET_1.1.4322
11.11.2015 22:08 <DIR> ASP.NET_4.0.30319
09.10.2016 14:04 <DIR> aspnet_state
14.07.2009 16:18 <DIR> BITS
14.07.2009 16:18 <DIR> cs-CZ
14.07.2009 16:13 <DIR> en-US
14.07.2009 16:18 <DIR> ESENT
14.07.2009 16:18 <DIR> MSDTC
14.07.2009 16:18 <DIR> MSDTC Bridge 3.0.0.0
04.05.2014 08:40 <DIR> MSDTC Bridge 4.0.0.0
18.03.2015 17:02 <DIR> Outlook
14.07.2009 16:18 <DIR> PERFLIB
14.07.2009 16:18 <DIR> PNRPSvc
14.07.2009 16:18 <DIR> rdyboost
14.07.2009 16:18 <DIR> RemoteAccess
14.07.2009 16:18 <DIR> ServiceModelEndpoint 3.0.0.0
14.07.2009 16:18 <DIR> ServiceModelOperation 3.0.0.0
14.07.2009 16:18 <DIR> ServiceModelService 3.0.0.0
14.07.2009 16:18 <DIR> SMSvcHost 3.0.0.0
04.05.2014 08:40 <DIR> SMSvcHost 4.0.0.0
14.07.2009 16:18 <DIR> TAPISRV
14.07.2009 16:18 <DIR> TermService
14.07.2009 16:18 <DIR> UGatherer
14.07.2009 16:18 <DIR> UGTHRSVC
14.07.2009 16:18 <DIR> usbhub
14.07.2009 16:18 <DIR> Windows Workflow Foundation 3.0.0.0
04.05.2014 08:40 <DIR> Windows Workflow Foundation 4.0.0.0
18.02.2017 10:47 <DIR> WmiApRpl
14.07.2009 16:18 <DIR> wsearchidxpi
Soubor…: 0, Bajt…: 0
Adres ý…: 39, Volněch bajt…: 9˙613˙213˙696

========= End of CMD: =========


========= dir "C:\PROGRA~1" =========

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\PROGRA~1

06.03.2017 12:44 <DIR> .
06.03.2017 12:44 <DIR> ..
06.03.2017 12:55 <DIR> AVAST Software
07.02.2017 20:15 <DIR> BitTorrent
18.02.2017 20:05 <DIR> CCleaner
19.12.2015 02:07 <DIR> Code Industry
06.03.2017 12:50 <DIR> Common Files
03.05.2014 08:49 <DIR> DVD Maker
14.12.2015 19:38 <DIR> EXFO
12.10.2015 10:00 <DIR> GIANTS Software
15.12.2016 08:36 <DIR> Internet Explorer
06.02.2017 08:11 <DIR> Malwarebytes
20.04.2016 10:19 <DIR> MATLAB
14.07.2009 16:37 <DIR> Microsoft Games
28.04.2014 08:01 <DIR> Microsoft Office
13.10.2016 06:09 <DIR> Microsoft Silverlight
19.02.2017 21:26 <DIR> Mozilla Firefox
14.07.2009 06:32 <DIR> MSBuild
20.12.2016 09:10 <DIR> NVIDIA Corporation
26.01.2015 16:06 <DIR> paint.net
19.12.2015 02:15 <DIR> PDF Editor 64bit 4
14.07.2009 06:32 <DIR> Reference Assemblies
26.12.2014 17:59 <DIR> SAMSUNG
18.02.2017 17:48 <DIR> VS Revo Group
04.05.2014 08:50 <DIR> Windows Defender
03.05.2014 08:49 <DIR> Windows Mail
13.10.2016 06:12 <DIR> Windows Media Player
18.04.2014 08:46 <DIR> Windows NT
03.05.2014 08:49 <DIR> Windows Photo Viewer
03.05.2014 08:49 <DIR> Windows Portable Devices
03.05.2014 08:49 <DIR> Windows Sidebar
06.01.2017 14:31 <DIR> Zoner
Soubor…: 0, Bajt…: 0
Adres ý…: 32, Volněch bajt…: 9˙613˙209˙600

========= End of CMD: =========


========= dir "C:\PROGRA~2" =========

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\PROGRA~2

01.03.2017 12:51 <DIR> .
01.03.2017 12:51 <DIR> ..
10.11.2016 09:01 <DIR> Activision
23.11.2015 09:50 <DIR> Adobe
22.04.2014 19:31 <DIR> ArcSoft
04.02.2017 15:10 <DIR> Ashampoo
20.12.2016 09:46 <DIR> Assassins Creed III
07.02.2017 11:24 <DIR> Blazers
06.03.2017 12:50 <DIR> Common Files
13.10.2016 23:10 <DIR> Electronic Arts
20.12.2016 08:50 <DIR> Farming Simulator 2013
13.02.2017 10:02 <DIR> Fighters
22.04.2014 16:52 <DIR> FinalWire
16.05.2016 11:38 <DIR> GanttProject-2.6
20.02.2017 13:13 <DIR> Google
22.01.2017 20:07 <DIR> HiSuite
15.05.2014 07:52 <DIR> HP
15.12.2016 08:36 <DIR> Internet Explorer
06.02.2017 09:04 <DIR> IObit
20.12.2016 08:49 <DIR> KMPlayer
24.05.2016 19:51 <DIR> Microsoft
28.04.2014 07:46 <DIR> Microsoft FrontPage
10.08.2014 09:14 <DIR> Microsoft Office
13.10.2016 06:09 <DIR> Microsoft Silverlight
28.04.2014 07:47 <DIR> Microsoft Visual Studio
28.04.2014 08:01 <DIR> Microsoft Visual Studio 8
21.12.2015 20:25 <DIR> Microsoft Works
28.04.2014 12:56 <DIR> Microsoft.NET
12.02.2017 17:02 <DIR> MozBackup
19.02.2017 21:26 <DIR> Mozilla Maintenance Service
21.12.2015 20:25 <DIR> MSBuild
28.04.2014 08:35 <DIR> MSECache
15.09.2016 10:41 <DIR> Nanosoft
14.12.2015 19:38 <DIR> National Instruments
22.04.2014 19:28 <DIR> NOT ONLY TV
10.05.2014 16:34 <DIR> Notepad++
20.12.2016 09:10 <DIR> NVIDIA Corporation
12.02.2015 18:30 <DIR> Origin
07.02.2017 11:32 <DIR> PhotoScape
14.10.2016 10:20 <DIR> Reality Pump
22.04.2014 19:35 <DIR> Realtek
14.07.2009 06:32 <DIR> Reference Assemblies
14.12.2015 19:33 <DIR> SAP BusinessObjects
20.02.2017 13:11 <DIR> Seznam.cz
21.12.2015 18:38 <DIR> Skype
07.02.2017 11:33 <DIR> SumatraPDF
01.12.2016 07:48 <DIR> TeamViewer
02.12.2014 08:26 <DIR> Valve
06.05.2014 12:47 <DIR> Webteh
04.05.2014 08:50 <DIR> Windows Defender
03.05.2014 08:49 <DIR> Windows Mail
13.10.2016 06:12 <DIR> Windows Media Player
14.07.2009 06:32 <DIR> Windows NT
03.05.2014 08:49 <DIR> Windows Photo Viewer
03.05.2014 08:49 <DIR> Windows Portable Devices
03.05.2014 08:49 <DIR> Windows Sidebar
06.11.2015 19:07 <DIR> WinPcap
Soubor…: 0, Bajt…: 0
Adres ý…: 57, Volněch bajt…: 9˙613˙209˙600

========= End of CMD: =========


========= dir "C:\PROGRA~3" =========

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\PROGRA~3

06.03.2017 12:51 <DIR> .
06.03.2017 12:51 <DIR> ..
23.11.2015 09:50 <DIR> Adobe
23.04.2014 19:38 <DIR> ArcSoft
04.02.2017 15:10 <DIR> Ashampoo
06.03.2017 12:55 <DIR> AVAST Software
13.10.2016 22:41 <DIR> EA Core
12.02.2015 18:30 <DIR> Electronic Arts
14.12.2015 19:38 <DIR> Exfo
13.02.2017 10:02 <DIR> Fighters
04.02.2017 18:10 <DIR> GridinSoft
15.05.2014 07:52 <DIR> HP
15.05.2014 07:52 <DIR> HP Product Assistant
19.12.2015 04:37 4˙818 hpzinstall.log
06.02.2017 09:05 <DIR> IObit
06.05.2015 20:50 <DIR> LGMOBILEAX
06.02.2017 08:23 <DIR> Malwarebytes
15.12.2016 08:24 <DIR> Microsoft Help
15.09.2016 11:13 <DIR> Nanosoft
06.03.2017 07:42 <DIR> NVIDIA
23.12.2016 13:01 <DIR> NVIDIA Corporation
01.03.2017 12:45 <DIR> Oracle
05.08.2016 21:00 <DIR> Origin
14.12.2015 19:40 <DIR> SafeNet Sentinel
26.12.2014 17:59 <DIR> Samsung
21.12.2015 18:39 <DIR> Skype
29.12.2015 20:50 <DIR> Steam
06.03.2017 12:51 <DIR> SWCUTemp
06.02.2017 11:42 <DIR> TEMP
18.02.2017 17:48 <DIR> VS Revo Group
22.04.2014 13:01 <DIR> WEBREG
09.05.2014 20:15 <DIR> Zoner
Soubor…: 1, Bajt…: 4˙818
Adres ý…: 31, Volněch bajt…: 9˙613˙205˙504

========= End of CMD: =========


========= dir "%localappdata%" =========

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\Users\DOMA\AppData\Local

06.03.2017 13:01 <DIR> .
06.03.2017 13:01 <DIR> ..
10.11.2016 11:02 <DIR> Activision
23.11.2015 09:56 <DIR> Adobe
10.10.2016 07:36 <DIR> ApplicationHistory
18.04.2014 12:55 <DIR> Apps
22.04.2014 19:34 <DIR> ArcSoft
28.04.2014 13:03 <DIR> ashampoo
23.11.2015 09:56 <DIR> CEF
18.02.2017 20:06 <DIR> CrashDumps
18.04.2014 12:55 <DIR> Deployment
15.02.2017 08:29 <DIR> Diagnostics
02.12.2014 10:18 <DIR> Downloaded Installations
20.01.2016 17:00 <DIR> ElevatedDiagnostics
06.02.2017 11:53 <DIR> ESET
14.12.2015 20:17 <DIR> EXFO Inc
14.12.2015 20:16 <DIR> EXFO_Inc
10.10.2016 07:35 92 fusioncache.dat
11.10.2016 13:47 109˙568 GDIPFONTCACHEV1.DAT
14.02.2017 12:10 <DIR> GHISLER
09.05.2014 13:39 <DIR> GIANTS Editor 64bit 5.0.3
12.10.2015 10:00 <DIR> GIANTS Editor 64bit 6.0.3
12.10.2015 10:00 <DIR> GIANTSPackageRegistry
20.02.2017 13:21 <DIR> Google
20.12.2016 08:48 <DIR> GscWare
06.11.2015 22:08 <DIR> gtk-2.0
02.06.2015 07:57 <DIR> GWX
22.01.2017 20:07 <DIR> Hisuite
22.04.2014 13:01 <DIR> HP
02.12.2016 09:10 <DIR> LightComp
21.04.2014 09:33 <DIR> Macromedia
22.04.2016 09:40 <DIR> MathWorks
04.02.2017 15:33 <DIR> Microsoft
07.02.2015 11:25 <DIR> Microsoft Games
01.04.2016 20:37 <DIR> Microsoft Help
18.02.2017 20:19 <DIR> Mozilla
22.04.2014 14:07 <DIR> NVIDIA
20.12.2016 09:11 <DIR> NVIDIA Corporation
05.08.2016 21:00 <DIR> Origin
13.05.2014 13:45 <DIR> paint.net
22.04.2014 19:33 <DIR> Programs
06.11.2015 22:52 218 recently-used.xbel
25.02.2017 11:52 7˙607 resmon.resmoncfg
14.12.2015 20:17 <DIR> SafeNet Sentinel
02.12.2014 08:49 <DIR> SKIDROW
06.03.2017 12:51 <DIR> Temp
17.05.2016 12:30 <DIR> VirtualStore
18.02.2017 17:48 <DIR> VS Revo Group
06.01.2017 14:31 <DIR> Zoner
Soubor…: 4, Bajt…: 117˙485
Adres ý…: 45, Volněch bajt…: 9˙613˙201˙408

========= End of CMD: =========


========= dir "%appdata%" =========

Svazek v jednotce C nem  § dnou jmenovku.
S‚riov‚ źˇslo svazku je 1AB0-B548.

Věpis adres ýe C:\Users\DOMA\AppData\Roaming

06.03.2017 12:51 <DIR> .
06.03.2017 12:51 <DIR> ..
06.02.2017 09:04 <DIR> Adobe
22.04.2014 19:36 <DIR> ArcSoft
28.04.2014 13:03 <DIR> Ashampoo
06.03.2017 12:51 <DIR> AVAST Software
14.10.2016 19:19 <DIR> BSplayer PRO
19.12.2015 02:16 <DIR> CAD-KAS
13.02.2017 10:02 <DIR> Fighters
18.02.2015 20:11 <DIR> GHISLER
10.05.2014 17:21 <DIR> HP
21.11.2014 20:38 <DIR> HpUpdate
18.04.2014 08:46 <DIR> Identities
22.04.2014 19:35 <DIR> InstallShield
06.02.2017 09:04 <DIR> IObit
02.12.2016 09:10 <DIR> LightComp
21.04.2014 09:33 <DIR> Macromedia
20.04.2016 12:14 <DIR> MathWorks
14.07.2009 16:36 <DIR> Media Center Programs
28.04.2014 07:45 <DIR> Microsoft Web Folders
18.02.2017 20:13 <DIR> Mozilla
15.09.2016 11:11 <DIR> Nanosoft
12.02.2017 16:17 <DIR> Navigator
10.05.2014 16:34 <DIR> Notepad++
09.05.2014 13:39 <DIR> NVIDIA
06.02.2017 08:21 <DIR> Obsidium
12.02.2015 19:06 <DIR> Origin
20.02.2017 20:13 <DIR> Seznam.cz
06.03.2017 12:37 <DIR> Skype
22.04.2016 09:41 <DIR> Subversion
23.03.2015 20:39 <DIR> SumatraPDF
01.03.2017 12:45 <DIR> Sun
18.02.2017 20:06 <DIR> TeamViewer
20.12.2016 09:48 <DIR> Theta
04.05.2014 08:09 <DIR> URSoft
10.05.2014 08:11 <DIR> VitySoft
06.11.2015 19:40 <DIR> Wireshark
06.01.2017 14:31 <DIR> Zoner
Soubor…: 0, Bajt…: 0
Adres ý…: 38, Volněch bajt…: 9˙613˙201˙408

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4600797 B
Java, Flash, Steam htmlcache => 3633 B
Windows/system/drivers => 125598 B
Edge => 0 B
Chrome => 450062184 B
Firefox => 377057583 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
DOMA => 1375092 B

RecycleBin => 0 B
EmptyTemp: => 802.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:02:09 ====

Re: Vir qtipr.com

Napsal: 06 bře 2017 14:00
od altrok
:arrow: Nova instalace firefoxu pomohla?


:arrow: Vytvorte novy fixlist.txt, ale tentokrat ho ulozte v kodovani UTF-8. Zbytek postupu je stejny (tentokrate bez restartu).

Kód: Vybrat vše

Start
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехplоrer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Еxрlоrer (Nо Аdd-оns).lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Ехplorer Вrowsеr.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhromе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Еxрlorer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfox.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firеfoх.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
End

Re: Vir qtipr.com

Napsal: 07 bře 2017 13:12
od Jenda939
Zdravím, po nové instalaci firefoxu, už můžu provést jeho nastavení a i zobrazení nové stránky nevykazuje chybu. Přidávám log z fixlistu. Děkuji za odpověď.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by DOMA (07-03-2017 13:06:27) Run:3
Running from C:\Users\DOMA\Desktop
Loaded Profiles: DOMA (Available Profiles: DOMA)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехplоrer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Еxрlоrer (Nо Аdd-оns).lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Ехplorer Вrowsеr.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhromе.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Еxрlorer.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfox.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firеfoх.lnk -> C:\Users\DOMA\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
End
*****************

C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехplоrer.lnk => moved successfully
C:\Users\DOMA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Еxрlоrer (Nо Аdd-оns).lnk => moved successfully
C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk => moved successfully
C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Ехplorer Вrowsеr.lnk => moved successfully
C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhromе.lnk => moved successfully
C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Еxрlorer.lnk => moved successfully
C:\Users\DOMA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfox.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrоme.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozillа Firеfoх.lnk => moved successfully

==== End of Fixlog 13:06:27 ====

Re: Vir qtipr.com

Napsal: 07 bře 2017 13:19
od altrok
Takze jeste uklidime.
A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

Re: Vir qtipr.com

Napsal: 08 bře 2017 13:31
od Jenda939
Zdravím, ještě jednou moc děkuji za pomoc. Vše běží v pořádku.

Re: Vir qtipr.com

Napsal: 08 bře 2017 13:34
od altrok
Nemate zac, rad jsem pomohl :worship:


Mejte se krasne a treba zase nekdy :bye:
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz