Dobrý den,
obracím se na Vás po dlouhé době s žádostí o pomoc. Tentokrát se jedná o PC mých rodičů. Zmizel jim uživatelský profil a vytvořil se jakýsi dočasný, po pokusu se do něj přihlásit - černá obrazovka. Chybová hláška, že chybí modul /hview.dll atp. + mají takové ty fake reklamy (typu jste tisící návštěvník... vyhráváte...) velmi časté. Tudíž se domnívám, že tam něco schovaného bude.
Přiládám log z FRST a děkuji za případnou odpověď.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Jirka Martínek (administrator) on OSITMACHINE on 12-09-2014 22:47:03
Running from C:\Documents and Settings\Jirka Martínek\Dokumenty\Stažené soubory
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Portrait Displays, Inc) C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files\Winamp\winampa.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files\Verbatim GREEN BUTTON\GREEN BUTTON.exe
() C:\Program Files\Portrait Displays\Pivot Pro Plugin\Floater.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files\Winamp\winampa.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Portrait Displays, Inc) C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
(Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
() C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files\Portrait Displays\Pivot Pro Plugin\Floater.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [PivotSoftware] => C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-13] ()
HKLM\...\Run: [DT ACR] => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-06-30] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1632360 2011-05-05] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [826896 2011-05-26] (GlavSoft LLC.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [33792 2004-12-20] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-10] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\Run: [EPSON Stylus DX4400 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [180736 2007-03-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\Policies\Explorer: []
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\MountPoints2: {b95a6abd-2036-11dd-8a2d-001e8cce015d} - F:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "Mount"
HKU\S-1-5-21-57989841-1500820517-725345543-1026\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-57989841-1500820517-725345543-1026\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG)
Startup: C:\Documents and Settings\Jirka Martínek\Nabídka Start\Programy\Po spuštění\Verbatim GREEN BUTTON.lnk
ShortcutTarget: Verbatim GREEN BUTTON.lnk -> C:\Program Files\Verbatim GREEN BUTTON\GREEN BUTTON.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: Správa překryvné ikony digitálních podpisů AutoCADu -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... A74801B0E5
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredimail.com//?search ... eyogCQb0kx
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jirka Martínek\Data aplikací\Mozilla\Firefox\Profiles\d6hhcrrp.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.cz/
FF Keyword.URL: hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1eyogCQb0kx&search=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\Jirka Martínek\Data aplikací\Mozilla\Firefox\Profiles\d6hhcrrp.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-07-30]
Chrome:
=======
CHR HomePage: Default -> https://www.seznam.cz/?clid=22668
CHR StartupUrls: Default -> "https://www.seznam.cz/?clid=22668"
CHR DefaultSearchKeyword: Default -> search.seznam.cz
CHR DefaultSearchProvider: Default -> Seznam
CHR DefaultSearchURL: Default -> http://search.seznam.cz/?sourceid=quick ... earchTerms}
CHR DefaultSuggestURL: Default -> http://suggest.fulltext.seznam.cz/fullt ... earchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Unity Player) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U3) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-26]
CHR Extension: (LoU Tweak) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\iglgjgbiphjfbkbdgaffpdplhhbmpmkb [2011-07-30]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2008-05-13] (Autodesk) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-10] (AVAST Software)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [121456 2010-06-30] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-07] (Flexera Software, Inc.)
S2 MSSQL$AUTODESKVAULT; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-25] (NVIDIA Corporation)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2010-04-16] (Portrait Displays, Inc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [826896 2011-05-26] (GlavSoft LLC.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ADIHdAudAddService; C:\WINDOWS\System32\drivers\ADIHdAud.sys [293888 2007-01-16] (Analog Devices, Inc.) [File not signed]
R3 AEAudio; C:\WINDOWS\System32\drivers\AEAudio.sys [93952 2006-08-07] (Andrea Electronics Corporation) [File not signed]
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [19915 2011-07-30] (Meetinghouse Data Communications) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12664 2006-10-18] ()
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-08-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-08-10] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [252872 2014-08-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [265728 2003-07-17] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [20400 1999-10-21] (EnTech Taiwan) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17136 2010-04-16] (Portrait Displays, Inc.)
S1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2010-05-13] (Portrait Displays, Inc.) [File not signed]
S3 pivotmou; C:\WINDOWS\System32\drivers\pivotmou.sys [11323 2010-05-13] (Portrait Displays, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2004-12-20] (Sonic Solutions) [File not signed]
R3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [176128 2006-06-16] (Realtek Semiconductor Corporation )
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura) [File not signed]
S3 SjyPkt; C:\WINDOWS\System32\Drivers\SjyPkt.sys [13532 2006-03-31] (Windows (R) 2000 DDK provider) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [265856 2007-08-15] (Marvell)
S3 C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS [X]
S4 IntelIde; No ImagePath
U2 MSSQLSERVER; No ImagePath
S3 RTCore; \??\G:\Nastroje-SERVIS\_TESTY\_PAMĚŤ\RightMark memory analyzer\RTCore.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U2 W3SVC; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 22:44 - 2014-09-12 22:47 - 00000000 ____D () C:\FRST
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ___SD () C:\Documents and Settings\TEMP.OSITMACHINE
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ___HD () C:\Documents and Settings\TEMP.OSITMACHINE\Data aplikací(2)
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Šablony(2)
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Oblíbené položky(2)
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Local Settings(2)
2014-09-12 19:46 - 2011-07-30 14:47 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\IETldCache(2)
2014-09-12 19:46 - 2008-05-12 22:40 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Cookies(2)
2014-09-06 21:12 - 2014-09-06 21:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-25 18:19 - 2014-08-25 19:07 - 00000000 ____D () C:\TOPO_Czech_2
2014-08-15 19:39 - 2014-08-15 19:39 - 00001610 _____ () C:\Documents and Settings\All Users\Plocha\QuickTime Player.lnk
2014-08-15 19:39 - 2014-08-15 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\QuickTime
2014-08-15 19:39 - 2014-08-15 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2014-08-15 19:38 - 2014-08-15 19:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-15 19:38 - 2014-08-15 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Mozilla
2014-08-13 22:40 - 2014-08-25 18:11 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Garmin
2014-08-13 22:39 - 2014-08-25 18:11 - 00000000 ____D () C:\Garmin
2014-08-13 22:39 - 2014-08-13 22:40 - 00000000 ____D () C:\Program Files\Garmin
2014-08-13 22:39 - 2014-08-13 22:39 - 00000000 ____D () C:\Program Files\DIFX
2014-08-13 16:04 - 2014-08-13 16:04 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin
2014-08-13 16:03 - 2014-08-25 19:19 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Data aplikací\Garmin
2014-08-13 15:49 - 2014-08-13 15:49 - 151800029 _____ (Igor Pavlov) C:\TOPO_Czech_2.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 22:47 - 2014-09-12 22:44 - 00000000 ____D () C:\FRST
2014-09-12 22:47 - 2011-11-28 11:51 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Dokumenty\Stažené soubory
2014-09-12 22:47 - 2008-05-13 18:02 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Local Settings\Temp
2014-09-12 22:40 - 2012-06-09 11:02 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-12 22:28 - 2012-09-22 22:32 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 22:04 - 2012-02-26 11:45 - 00000178 __SHC () C:\Documents and Settings\Alenka\ntuser.ini
2014-09-12 22:04 - 2012-02-26 11:45 - 00000000 ____D () C:\Documents and Settings\Alenka
2014-09-12 22:03 - 2012-02-26 11:45 - 00000000 ____D () C:\Documents and Settings\Alenka\Local Settings\Temp
2014-09-12 22:03 - 2007-10-29 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-12 21:56 - 2011-08-25 13:40 - 00000000 ____D () C:\Documents and Settings\Zita\Local Settings\Temp
2014-09-12 21:23 - 2011-07-30 12:15 - 00000484 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{E89B1460-8DD0-4028-9911-65D15D089B24}.job
2014-09-12 20:56 - 2012-07-06 20:58 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-12 20:31 - 2011-07-30 11:50 - 00001819 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-09-12 20:22 - 2009-08-04 19:59 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-09-12 19:57 - 2008-05-12 22:38 - 01715533 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-12 19:54 - 2014-03-24 21:21 - 00000240 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-12 19:54 - 2012-09-22 22:32 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 19:54 - 2008-05-13 00:12 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-09-12 19:54 - 2008-05-13 00:12 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2014-09-12 19:54 - 2008-05-12 22:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-12 19:54 - 2008-05-12 22:42 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-09-12 19:53 - 2011-08-25 13:40 - 00000000 ____D () C:\Documents and Settings\Zita
2014-09-12 19:53 - 2008-09-10 16:33 - 00000000 ____D () C:\Documents and Settings\Barbora
2014-09-12 19:53 - 2008-05-13 18:02 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek
2014-09-12 19:53 - 2008-05-12 22:47 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-09-12 19:53 - 2008-05-12 22:46 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-09-12 19:53 - 2008-05-12 22:42 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ___SD () C:\Documents and Settings\TEMP.OSITMACHINE
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ___HD () C:\Documents and Settings\TEMP.OSITMACHINE\Data aplikací(2)
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Šablony(2)
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Oblíbené položky(2)
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Local Settings(2)
2014-09-12 19:52 - 2008-05-13 18:02 - 00000178 ___SH () C:\Documents and Settings\Jirka Martínek\ntuser.ini
2014-09-12 19:52 - 2008-05-12 22:46 - 00032502 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-12 19:52 - 2008-05-12 22:37 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-12 17:40 - 2012-06-09 11:02 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-12 17:40 - 2011-11-28 11:52 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-12 15:26 - 2013-08-15 22:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-12 15:18 - 2008-05-12 18:14 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 22:35 - 2014-08-10 13:21 - 00033542 _____ () C:\WINDOWS\setupapi.log
2014-09-11 20:59 - 2012-03-14 16:07 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-11 20:59 - 2011-07-30 16:03 - 00000000 ____D () C:\Program Files\TightVNC
2014-09-11 20:59 - 2011-07-30 11:58 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-09-11 20:57 - 2014-08-10 13:21 - 00001745 _____ () C:\Documents and Settings\All Users\Plocha\avast! Internet Security.lnk
2014-09-11 20:57 - 2014-08-10 12:52 - 00001805 _____ () C:\Documents and Settings\All Users\Plocha\avast! SafeZone.lnk
2014-09-10 22:42 - 2012-02-26 12:20 - 00000725 _____ () C:\Documents and Settings\All Users\Plocha\VLC media player.lnk
2014-09-10 22:42 - 2012-02-26 12:20 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\VideoLAN
2014-09-10 22:41 - 2011-09-10 09:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-08 16:47 - 2012-09-16 11:18 - 00019995 _____ () C:\WINDOWS\setupact.log
2014-09-08 16:16 - 2014-03-24 21:21 - 00000234 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-07 21:46 - 2011-08-25 13:40 - 00000178 ___SH () C:\Documents and Settings\Zita\ntuser.ini
2014-09-07 00:01 - 2011-08-26 12:51 - 00000000 ____D () C:\Documents and Settings\Zita\Data aplikací\Skype
2014-09-06 21:12 - 2014-09-06 21:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-06 21:12 - 2011-08-26 12:32 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-08-31 17:44 - 2014-03-03 23:21 - 00002515 _____ () C:\Documents and Settings\Zita\Plocha\Microsoft Office Word 2007.lnk
2014-08-28 09:01 - 2012-09-22 22:11 - 00000000 ____D () C:\Documents and Settings\Zita\Dokumenty\Úřadování
2014-08-26 20:00 - 2008-05-13 18:02 - 00000000 ___RD () C:\Documents and Settings\Jirka Martínek\Oblíbené položky
2014-08-26 19:40 - 2011-08-25 13:40 - 00000000 ___RD () C:\Documents and Settings\Zita\Dokumenty
2014-08-25 19:19 - 2014-08-13 16:03 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Data aplikací\Garmin
2014-08-25 19:19 - 2008-05-13 17:17 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini
2014-08-25 19:15 - 2008-05-13 18:02 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Plocha
2014-08-25 19:07 - 2014-08-25 18:19 - 00000000 ____D () C:\TOPO_Czech_2
2014-08-25 18:11 - 2014-08-13 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Garmin
2014-08-25 18:11 - 2014-08-13 22:39 - 00000000 ____D () C:\Garmin
2014-08-25 16:55 - 2008-05-13 18:02 - 00000000 __RHD () C:\Documents and Settings\Jirka Martínek\Data aplikací
2014-08-25 16:24 - 2008-05-13 18:02 - 00000000 ___RD () C:\Documents and Settings\Jirka Martínek\Nabídka Start\Programy\Po spuštění
2014-08-25 16:24 - 2008-05-13 18:02 - 00000000 ___RD () C:\Documents and Settings\Jirka Martínek\Nabídka Start\Programy
2014-08-20 19:38 - 2013-06-01 21:40 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Drive
2014-08-15 19:39 - 2014-08-15 19:39 - 00001610 _____ () C:\Documents and Settings\All Users\Plocha\QuickTime Player.lnk
2014-08-15 19:39 - 2014-08-15 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\QuickTime
2014-08-15 19:39 - 2014-08-15 19:39 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2014-08-15 19:39 - 2013-08-12 17:45 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-15 19:39 - 2008-05-13 00:09 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-08-15 19:39 - 2008-05-13 00:09 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-08-15 19:39 - 2008-05-13 00:08 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-08-15 19:38 - 2014-08-15 19:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-15 19:38 - 2014-08-15 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Mozilla
2014-08-14 18:14 - 2008-05-12 22:42 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2014-08-13 22:40 - 2014-08-13 22:39 - 00000000 ____D () C:\Program Files\Garmin
2014-08-13 22:39 - 2014-08-13 22:39 - 00000000 ____D () C:\Program Files\DIFX
2014-08-13 16:04 - 2014-08-13 16:04 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin
2014-08-13 15:49 - 2014-08-13 15:49 - 151800029 _____ (Igor Pavlov) C:\TOPO_Czech_2.exe
Some content of TEMP:
====================
C:\Documents and Settings\Alenka\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Zita\Local Settings\Temp\contentDATs.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zmizelý profil uživatele + chybějící modul + zčernalá obrazo
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119545
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zmizelý profil uživatele + chybějící modul + zčernalá ob
Zdravím!
Spusťte nejprve tuto utilitu:
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zmizelý profil uživatele + chybějící modul + zčernalá ob
Dobrý večer! Děkuji za reakci, mezitím jsem již provedla částečný úklid skrze ccleaner a vitsoft, tak log by snad měl být o něco lepší. Budu ještě odinstalovávat hromadu zbytečností. Ale domnívám se, že tam někde je něco schovaného. Moc díky za Váš čas, pak zase přispěji 
log je zde:
# AdwCleaner v3.310 - Report created 13/09/2014 at 23:42:09
# Updated 12/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jirka Martínek - OSITMACHINE
# Running from : C:\Documents and Settings\Jirka Martínek\Dokumenty\Stažené soubory\adwcleaner_3.310.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\icqtoolbar
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Documents and Settings\Jirka Martínek\Data aplikací\Solvusoft
Folder Deleted : C:\Documents and Settings\Zita\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Program Files\Software
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\Jirka Martínek\Data aplikací\Mozilla\Firefox\Profiles\d6hhcrrp.default\searchplugins\MyStart Search.xml
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v32.0.1 (x86 cs)
[ File : C:\Documents and Settings\Alenka\Data aplikací\Mozilla\Firefox\Profiles\9q6hoqiz.default\prefs.js ]
[ File : C:\Documents and Settings\Jirka Martínek\Data aplikací\Mozilla\Firefox\Profiles\d6hhcrrp.default\prefs.js ]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Deleted : user_pref("keyword.URL", "hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1eyogCQb0kx&search=");
[ File : C:\Documents and Settings\Zita\Data aplikací\Mozilla\Firefox\Profiles\m39erajc.default\prefs.js ]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
-\\ Google Chrome v37.0.2062.120
[ File : C:\Documents and Settings\Alenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=STT&o=102866&locale=en_US&apn_uid=3B72FB67-4D26-432B-9242-3A2C48E2389C&apn_ptnrs=5N&apn_sauid=471FA6DD-81F9-47E8-ACB6-A3C7A3EA750F&apn_dtid=YYYYYYYYCZ&q={searchTerms}
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={2E0E73A1-9196-4A56-9DF7-68049F688B80}&mid=11b2ec750c1947d0a456b914059c4e7a-4184c4d6f682dd4aba130e84e3dab2774d222bc4&lang=cs&ds=AVG&pr=fr&d=2012-10-19 20:57:29&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.nkp.cz/search?SearchableText={searchTerms}
Deleted [Startup_urls] : hxxp://start.icq.com/
Deleted [Homepage] : hxxp://www.ask.com/?l=dis&o=102866cr&gct=hp
[ File : C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Documents and Settings\Zita\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
*************************
AdwCleaner[R0].txt - [6804 octets] - [13/09/2014 23:40:19]
AdwCleaner[S0].txt - [6835 octets] - [13/09/2014 23:42:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6895 octets] ##########
log je zde:
# AdwCleaner v3.310 - Report created 13/09/2014 at 23:42:09
# Updated 12/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jirka Martínek - OSITMACHINE
# Running from : C:\Documents and Settings\Jirka Martínek\Dokumenty\Stažené soubory\adwcleaner_3.310.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\icqtoolbar
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Documents and Settings\Jirka Martínek\Data aplikací\Solvusoft
Folder Deleted : C:\Documents and Settings\Zita\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Program Files\Software
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\Jirka Martínek\Data aplikací\Mozilla\Firefox\Profiles\d6hhcrrp.default\searchplugins\MyStart Search.xml
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v32.0.1 (x86 cs)
[ File : C:\Documents and Settings\Alenka\Data aplikací\Mozilla\Firefox\Profiles\9q6hoqiz.default\prefs.js ]
[ File : C:\Documents and Settings\Jirka Martínek\Data aplikací\Mozilla\Firefox\Profiles\d6hhcrrp.default\prefs.js ]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Deleted : user_pref("keyword.URL", "hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1eyogCQb0kx&search=");
[ File : C:\Documents and Settings\Zita\Data aplikací\Mozilla\Firefox\Profiles\m39erajc.default\prefs.js ]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
-\\ Google Chrome v37.0.2062.120
[ File : C:\Documents and Settings\Alenka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=STT&o=102866&locale=en_US&apn_uid=3B72FB67-4D26-432B-9242-3A2C48E2389C&apn_ptnrs=5N&apn_sauid=471FA6DD-81F9-47E8-ACB6-A3C7A3EA750F&apn_dtid=YYYYYYYYCZ&q={searchTerms}
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={2E0E73A1-9196-4A56-9DF7-68049F688B80}&mid=11b2ec750c1947d0a456b914059c4e7a-4184c4d6f682dd4aba130e84e3dab2774d222bc4&lang=cs&ds=AVG&pr=fr&d=2012-10-19 20:57:29&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.nkp.cz/search?SearchableText={searchTerms}
Deleted [Startup_urls] : hxxp://start.icq.com/
Deleted [Homepage] : hxxp://www.ask.com/?l=dis&o=102866cr&gct=hp
[ File : C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Documents and Settings\Zita\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
*************************
AdwCleaner[R0].txt - [6804 octets] - [13/09/2014 23:40:19]
AdwCleaner[S0].txt - [6835 octets] - [13/09/2014 23:42:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6895 octets] ##########
-
Rudy
- Site Admin
- Příspěvky: 119545
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zmizelý profil uživatele + chybějící modul + zčernalá ob
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zmizelý profil uživatele + chybějící modul + zčernalá ob
Dobré odpoledne, aktuální je:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Jirka Martínek (administrator) on OSITMACHINE on 14-09-2014 12:35:50
Running from C:\Documents and Settings\Jirka Martínek\Dokumenty\Stažené soubory
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files\Portrait Displays\Pivot Pro Plugin\Floater.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [PivotSoftware] => C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-13] ()
HKLM\...\Run: [DT ACR] => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-06-30] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1632360 2011-05-05] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [826896 2011-05-26] (GlavSoft LLC.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-10] (AVAST Software)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\Run: [EPSON Stylus DX4400 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [180736 2007-03-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\Policies\Explorer: []
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\MountPoints2: {b95a6abd-2036-11dd-8a2d-001e8cce015d} - F:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "Mount"
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers: Správa překryvné ikony digitálních podpisů AutoCADu -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jirka Martínek\Data aplikací\Mozilla\Firefox\Profiles\d6hhcrrp.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-07-30]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> https://www.seznam.cz/?clid=22668
CHR StartupUrls: Default -> "https://www.seznam.cz/?clid=22668"
CHR DefaultSearchKeyword: Default -> search.seznam.cz
CHR DefaultSearchProvider: Default -> Seznam
CHR DefaultSearchURL: Default -> http://search.seznam.cz/?sourceid=quick ... earchTerms}
CHR DefaultSuggestURL: Default -> http://suggest.fulltext.seznam.cz/fullt ... earchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Unity Player) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U3) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-26]
CHR Extension: (LoU Tweak) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\iglgjgbiphjfbkbdgaffpdplhhbmpmkb [2011-07-30]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2008-05-13] (Autodesk) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-10] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-07] (Flexera Software, Inc.)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-25] (NVIDIA Corporation)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2010-04-16] (Portrait Displays, Inc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [826896 2011-05-26] (GlavSoft LLC.)
S2 DTSRVC; C:\Program Files\Portrait Displays, Inc.\Acer eDisplay Management\dtsrvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ADIHdAudAddService; C:\WINDOWS\System32\drivers\ADIHdAud.sys [293888 2007-01-16] (Analog Devices, Inc.) [File not signed]
R3 AEAudio; C:\WINDOWS\System32\drivers\AEAudio.sys [93952 2006-08-07] (Andrea Electronics Corporation) [File not signed]
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [19915 2011-07-30] (Meetinghouse Data Communications) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12664 2006-10-18] ()
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-08-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-08-10] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [252872 2014-08-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [265728 2003-07-17] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [20400 1999-10-21] (EnTech Taiwan) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17136 2010-04-16] (Portrait Displays, Inc.)
S1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2010-05-13] (Portrait Displays, Inc.) [File not signed]
S3 pivotmou; C:\WINDOWS\System32\drivers\pivotmou.sys [11323 2010-05-13] (Portrait Displays, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2004-12-20] (Sonic Solutions) [File not signed]
R3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [176128 2006-06-16] (Realtek Semiconductor Corporation )
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura) [File not signed]
S3 SjyPkt; C:\WINDOWS\System32\Drivers\SjyPkt.sys [13532 2006-03-31] (Windows (R) 2000 DDK provider) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [265856 2007-08-15] (Marvell)
S3 C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS [X]
S4 IntelIde; No ImagePath
U2 MSSQLSERVER; No ImagePath
S3 RTCore; \??\G:\Nastroje-SERVIS\_TESTY\_PAMĚŤ\RightMark memory analyzer\RTCore.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U2 W3SVC; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-14 12:29 - 2014-09-14 12:29 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Data aplikací\TightVNC
2014-09-13 23:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-09-13 23:40 - 2014-09-13 23:43 - 00000000 ____D () C:\AdwCleaner
2014-09-13 09:54 - 2014-09-13 09:55 - 00000884 _____ () C:\Documents and Settings\Jirka Martínek\Plocha\Vit Registry Fix.lnk
2014-09-12 23:04 - 2014-09-12 23:04 - 00000688 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-09-12 23:04 - 2014-09-12 23:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-12 22:44 - 2014-09-14 12:35 - 00000000 ____D () C:\FRST
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ___SD () C:\Documents and Settings\TEMP.OSITMACHINE
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ___HD () C:\Documents and Settings\TEMP.OSITMACHINE\Data aplikací(2)
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Šablony(2)
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Oblíbené položky(2)
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Local Settings(2)
2014-09-12 19:46 - 2011-07-30 14:47 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\IETldCache(2)
2014-09-12 19:46 - 2008-05-12 22:40 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Cookies(2)
2014-09-06 21:12 - 2014-09-06 21:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-25 18:19 - 2014-08-25 19:07 - 00000000 ____D () C:\TOPO_Czech_2
2014-08-15 19:38 - 2014-08-15 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Mozilla
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-14 12:36 - 2008-05-13 18:02 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Local Settings\Temp
2014-09-14 12:35 - 2014-09-12 22:44 - 00000000 ____D () C:\FRST
2014-09-14 12:35 - 2011-11-28 11:51 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Dokumenty\Stažené soubory
2014-09-14 12:31 - 2008-05-13 18:02 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek
2014-09-14 12:31 - 2008-05-12 22:38 - 01762626 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-14 12:29 - 2014-09-14 12:29 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Data aplikací\TightVNC
2014-09-14 12:29 - 2014-03-24 21:21 - 00000240 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-14 12:29 - 2012-09-22 22:32 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-14 12:29 - 2012-07-06 20:58 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-14 12:29 - 2011-07-30 12:05 - 00000000 __RHD () C:\Documents and Settings\UpdatusUser\Data aplikací
2014-09-14 12:29 - 2008-05-13 00:12 - 00000157 ____C () C:\WINDOWS\wiadebug.log
2014-09-14 12:29 - 2008-05-13 00:12 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2014-09-14 12:29 - 2007-10-29 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-14 12:28 - 2008-05-12 22:46 - 00032422 ____N () C:\WINDOWS\SchedLgU.Txt
2014-09-14 12:28 - 2008-05-12 22:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-14 12:27 - 2008-05-13 18:02 - 00000178 ___SH () C:\Documents and Settings\Jirka Martínek\ntuser.ini
2014-09-14 12:21 - 2008-05-13 19:10 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-09-14 12:21 - 2008-05-13 19:09 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-09-14 12:21 - 2008-05-13 00:09 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-09-14 12:20 - 2008-05-13 00:09 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-14 12:19 - 2008-05-12 22:37 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-14 12:16 - 2008-05-13 00:08 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-09-14 12:13 - 2008-05-13 00:09 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-09-14 12:09 - 2008-05-13 18:02 - 00000000 __RHD () C:\Documents and Settings\Jirka Martínek\Data aplikací
2014-09-14 12:03 - 2008-05-13 00:09 - 01715434 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-14 12:03 - 2008-05-13 00:01 - 00000000 ____D () C:\WINDOWS\Help
2014-09-14 12:03 - 2008-05-12 22:37 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Hry
2014-09-14 11:59 - 2008-05-13 18:02 - 00000000 ___RD () C:\Documents and Settings\Jirka Martínek\Nabídka Start\Programy
2014-09-14 11:57 - 2014-08-13 22:39 - 00000000 ____D () C:\Garmin
2014-09-14 11:54 - 2008-05-13 00:01 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-09-14 11:51 - 2008-12-08 00:59 - 00000000 ____D () C:\Program Files\Winamp
2014-09-14 11:48 - 2012-09-14 17:04 - 00000000 ____D () C:\Program Files\Logitech
2014-09-14 11:48 - 2011-07-30 11:47 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google
2014-09-14 11:40 - 2012-06-09 11:02 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-14 11:32 - 2008-05-12 17:19 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt
2014-09-14 11:28 - 2012-09-22 22:32 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 09:46 - 2011-07-30 12:15 - 00000484 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{E89B1460-8DD0-4028-9911-65D15D089B24}.job
2014-09-14 09:42 - 2008-05-12 22:42 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-09-14 00:21 - 2012-12-07 23:19 - 00531962 ____C () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-57989841-1500820517-725345543-1003-0.dat
2014-09-14 00:21 - 2012-12-07 15:29 - 00224322 ____C () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2014-09-14 00:14 - 2008-05-13 18:02 - 00000000 ___HD () C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací
2014-09-14 00:13 - 2008-05-12 22:55 - 00000000 ____D () C:\Program Files\AquaMark3
2014-09-14 00:11 - 2008-05-13 18:02 - 00000000 ___RD () C:\Documents and Settings\Jirka Martínek\Nabídka Start\Programy\Po spuštění
2014-09-14 00:10 - 2013-08-12 17:45 - 00000000 ____D () C:\Program Files\QuickTime
2014-09-13 23:43 - 2014-09-13 23:40 - 00000000 ____D () C:\AdwCleaner
2014-09-13 23:42 - 2011-08-25 13:40 - 00000000 ___HD () C:\Documents and Settings\Zita\Local Settings\Data aplikací
2014-09-13 23:42 - 2011-07-30 12:05 - 00000178 __SHC () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-09-13 22:28 - 2011-08-25 13:40 - 00000178 ___SH () C:\Documents and Settings\Zita\ntuser.ini
2014-09-13 22:28 - 2011-08-25 13:40 - 00000000 ____D () C:\Documents and Settings\Zita
2014-09-13 22:05 - 2011-08-25 13:40 - 00000000 ____D () C:\Documents and Settings\Zita\Local Settings\Temp
2014-09-13 10:01 - 2009-04-20 17:09 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Intel(R) Matrix Storage Manager
2014-09-13 09:55 - 2014-09-13 09:54 - 00000884 _____ () C:\Documents and Settings\Jirka Martínek\Plocha\Vit Registry Fix.lnk
2014-09-13 09:54 - 2012-09-14 20:32 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Nabídka Start\Programy\VITSOFT
2014-09-13 09:54 - 2008-05-13 18:02 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Plocha
2014-09-12 23:08 - 2011-08-26 12:33 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Data aplikací\Skype
2014-09-12 23:08 - 2008-09-06 21:44 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-12 23:04 - 2014-09-12 23:04 - 00000688 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-09-12 23:04 - 2014-09-12 23:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-12 22:04 - 2012-02-26 11:45 - 00000178 __SHC () C:\Documents and Settings\Alenka\ntuser.ini
2014-09-12 22:04 - 2012-02-26 11:45 - 00000000 ____D () C:\Documents and Settings\Alenka
2014-09-12 22:03 - 2012-02-26 11:45 - 00000000 ____D () C:\Documents and Settings\Alenka\Local Settings\Temp
2014-09-12 20:31 - 2011-07-30 11:50 - 00001819 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-09-12 19:53 - 2008-09-10 16:33 - 00000000 ____D () C:\Documents and Settings\Barbora
2014-09-12 19:53 - 2008-05-12 22:47 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-09-12 19:53 - 2008-05-12 22:46 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-09-12 19:53 - 2008-05-12 22:42 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ___SD () C:\Documents and Settings\TEMP.OSITMACHINE
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ___HD () C:\Documents and Settings\TEMP.OSITMACHINE\Data aplikací(2)
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Šablony(2)
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Oblíbené položky(2)
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Local Settings(2)
2014-09-12 17:40 - 2012-06-09 11:02 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-12 17:40 - 2011-11-28 11:52 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-12 15:26 - 2013-08-15 22:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-12 15:18 - 2008-05-12 18:14 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 20:59 - 2012-03-14 16:07 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-11 20:59 - 2011-07-30 16:03 - 00000000 ____D () C:\Program Files\TightVNC
2014-09-11 20:59 - 2011-07-30 11:58 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-09-11 20:57 - 2014-08-10 13:21 - 00001745 _____ () C:\Documents and Settings\All Users\Plocha\avast! Internet Security.lnk
2014-09-11 20:57 - 2014-08-10 12:52 - 00001805 _____ () C:\Documents and Settings\All Users\Plocha\avast! SafeZone.lnk
2014-09-08 16:16 - 2014-03-24 21:21 - 00000234 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-07 00:01 - 2011-08-26 12:51 - 00000000 ____D () C:\Documents and Settings\Zita\Data aplikací\Skype
2014-09-06 21:12 - 2014-09-06 21:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-06 21:12 - 2011-08-26 12:32 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-08-31 17:44 - 2014-03-03 23:21 - 00002515 _____ () C:\Documents and Settings\Zita\Plocha\Microsoft Office Word 2007.lnk
2014-08-28 09:01 - 2012-09-22 22:11 - 00000000 ____D () C:\Documents and Settings\Zita\Dokumenty\Úřadování
2014-08-26 20:00 - 2008-05-13 18:02 - 00000000 ___RD () C:\Documents and Settings\Jirka Martínek\Oblíbené položky
2014-08-26 19:40 - 2011-08-25 13:40 - 00000000 ___RD () C:\Documents and Settings\Zita\Dokumenty
2014-08-25 19:19 - 2014-08-13 16:03 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Data aplikací\Garmin
2014-08-25 19:19 - 2008-05-13 17:17 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini
2014-08-25 19:07 - 2014-08-25 18:19 - 00000000 ____D () C:\TOPO_Czech_2
2014-08-25 18:11 - 2014-08-13 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Garmin
2014-08-15 19:38 - 2014-08-15 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Mozilla
Some content of TEMP:
====================
C:\Documents and Settings\Alenka\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Jirka Martínek\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Zita\Local Settings\Temp\contentDATs.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Jirka Martínek (administrator) on OSITMACHINE on 14-09-2014 12:35:50
Running from C:\Documents and Settings\Jirka Martínek\Dokumenty\Stažené soubory
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files\Portrait Displays\Pivot Pro Plugin\Floater.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [PivotSoftware] => C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-13] ()
HKLM\...\Run: [DT ACR] => C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-06-30] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1632360 2011-05-05] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [826896 2011-05-26] (GlavSoft LLC.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-10] (AVAST Software)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\Run: [EPSON Stylus DX4400 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [180736 2007-03-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\Policies\Explorer: []
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\MountPoints2: {b95a6abd-2036-11dd-8a2d-001e8cce015d} - F:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "Mount"
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers: Správa překryvné ikony digitálních podpisů AutoCADu -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jirka Martínek\Data aplikací\Mozilla\Firefox\Profiles\d6hhcrrp.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-07-30]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> https://www.seznam.cz/?clid=22668
CHR StartupUrls: Default -> "https://www.seznam.cz/?clid=22668"
CHR DefaultSearchKeyword: Default -> search.seznam.cz
CHR DefaultSearchProvider: Default -> Seznam
CHR DefaultSearchURL: Default -> http://search.seznam.cz/?sourceid=quick ... earchTerms}
CHR DefaultSuggestURL: Default -> http://suggest.fulltext.seznam.cz/fullt ... earchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.4.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Unity Player) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U3) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-26]
CHR Extension: (LoU Tweak) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\iglgjgbiphjfbkbdgaffpdplhhbmpmkb [2011-07-30]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2008-05-13] (Autodesk) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-10] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-07] (Flexera Software, Inc.)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-25] (NVIDIA Corporation)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2010-04-16] (Portrait Displays, Inc.)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [826896 2011-05-26] (GlavSoft LLC.)
S2 DTSRVC; C:\Program Files\Portrait Displays, Inc.\Acer eDisplay Management\dtsrvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ADIHdAudAddService; C:\WINDOWS\System32\drivers\ADIHdAud.sys [293888 2007-01-16] (Analog Devices, Inc.) [File not signed]
R3 AEAudio; C:\WINDOWS\System32\drivers\AEAudio.sys [93952 2006-08-07] (Andrea Electronics Corporation) [File not signed]
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [19915 2011-07-30] (Meetinghouse Data Communications) [File not signed]
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12664 2006-10-18] ()
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-08-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-08-10] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [252872 2014-08-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [265728 2003-07-17] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [20400 1999-10-21] (EnTech Taiwan) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 PdiPorts; C:\WINDOWS\System32\Drivers\PdiPorts.sys [17136 2010-04-16] (Portrait Displays, Inc.)
S1 Pivot; C:\WINDOWS\System32\drivers\pivot.sys [17465 2010-05-13] (Portrait Displays, Inc.) [File not signed]
S3 pivotmou; C:\WINDOWS\System32\drivers\pivotmou.sys [11323 2010-05-13] (Portrait Displays, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [20016 2004-12-20] (Sonic Solutions) [File not signed]
R3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [176128 2006-06-16] (Realtek Semiconductor Corporation )
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura) [File not signed]
S3 SjyPkt; C:\WINDOWS\System32\Drivers\SjyPkt.sys [13532 2006-03-31] (Windows (R) 2000 DDK provider) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [265856 2007-08-15] (Marvell)
S3 C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS [X]
S4 IntelIde; No ImagePath
U2 MSSQLSERVER; No ImagePath
S3 RTCore; \??\G:\Nastroje-SERVIS\_TESTY\_PAMĚŤ\RightMark memory analyzer\RTCore.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U2 W3SVC; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-14 12:29 - 2014-09-14 12:29 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Data aplikací\TightVNC
2014-09-13 23:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-09-13 23:40 - 2014-09-13 23:43 - 00000000 ____D () C:\AdwCleaner
2014-09-13 09:54 - 2014-09-13 09:55 - 00000884 _____ () C:\Documents and Settings\Jirka Martínek\Plocha\Vit Registry Fix.lnk
2014-09-12 23:04 - 2014-09-12 23:04 - 00000688 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-09-12 23:04 - 2014-09-12 23:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-12 22:44 - 2014-09-14 12:35 - 00000000 ____D () C:\FRST
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ___SD () C:\Documents and Settings\TEMP.OSITMACHINE
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ___HD () C:\Documents and Settings\TEMP.OSITMACHINE\Data aplikací(2)
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Šablony(2)
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Oblíbené položky(2)
2014-09-12 19:46 - 2014-09-12 19:52 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Local Settings(2)
2014-09-12 19:46 - 2011-07-30 14:47 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\IETldCache(2)
2014-09-12 19:46 - 2008-05-12 22:40 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Cookies(2)
2014-09-06 21:12 - 2014-09-06 21:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-25 18:19 - 2014-08-25 19:07 - 00000000 ____D () C:\TOPO_Czech_2
2014-08-15 19:38 - 2014-08-15 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Mozilla
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-14 12:36 - 2008-05-13 18:02 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Local Settings\Temp
2014-09-14 12:35 - 2014-09-12 22:44 - 00000000 ____D () C:\FRST
2014-09-14 12:35 - 2011-11-28 11:51 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Dokumenty\Stažené soubory
2014-09-14 12:31 - 2008-05-13 18:02 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek
2014-09-14 12:31 - 2008-05-12 22:38 - 01762626 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-14 12:29 - 2014-09-14 12:29 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Data aplikací\TightVNC
2014-09-14 12:29 - 2014-03-24 21:21 - 00000240 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-14 12:29 - 2012-09-22 22:32 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-14 12:29 - 2012-07-06 20:58 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-14 12:29 - 2011-07-30 12:05 - 00000000 __RHD () C:\Documents and Settings\UpdatusUser\Data aplikací
2014-09-14 12:29 - 2008-05-13 00:12 - 00000157 ____C () C:\WINDOWS\wiadebug.log
2014-09-14 12:29 - 2008-05-13 00:12 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2014-09-14 12:29 - 2007-10-29 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-14 12:28 - 2008-05-12 22:46 - 00032422 ____N () C:\WINDOWS\SchedLgU.Txt
2014-09-14 12:28 - 2008-05-12 22:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-14 12:27 - 2008-05-13 18:02 - 00000178 ___SH () C:\Documents and Settings\Jirka Martínek\ntuser.ini
2014-09-14 12:21 - 2008-05-13 19:10 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-09-14 12:21 - 2008-05-13 19:09 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-09-14 12:21 - 2008-05-13 00:09 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-09-14 12:20 - 2008-05-13 00:09 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-14 12:19 - 2008-05-12 22:37 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-14 12:16 - 2008-05-13 00:08 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-09-14 12:13 - 2008-05-13 00:09 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-09-14 12:09 - 2008-05-13 18:02 - 00000000 __RHD () C:\Documents and Settings\Jirka Martínek\Data aplikací
2014-09-14 12:03 - 2008-05-13 00:09 - 01715434 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-14 12:03 - 2008-05-13 00:01 - 00000000 ____D () C:\WINDOWS\Help
2014-09-14 12:03 - 2008-05-12 22:37 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Hry
2014-09-14 11:59 - 2008-05-13 18:02 - 00000000 ___RD () C:\Documents and Settings\Jirka Martínek\Nabídka Start\Programy
2014-09-14 11:57 - 2014-08-13 22:39 - 00000000 ____D () C:\Garmin
2014-09-14 11:54 - 2008-05-13 00:01 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-09-14 11:51 - 2008-12-08 00:59 - 00000000 ____D () C:\Program Files\Winamp
2014-09-14 11:48 - 2012-09-14 17:04 - 00000000 ____D () C:\Program Files\Logitech
2014-09-14 11:48 - 2011-07-30 11:47 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací\Google
2014-09-14 11:40 - 2012-06-09 11:02 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-14 11:32 - 2008-05-12 17:19 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt
2014-09-14 11:28 - 2012-09-22 22:32 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 09:46 - 2011-07-30 12:15 - 00000484 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{E89B1460-8DD0-4028-9911-65D15D089B24}.job
2014-09-14 09:42 - 2008-05-12 22:42 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-09-14 00:21 - 2012-12-07 23:19 - 00531962 ____C () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-57989841-1500820517-725345543-1003-0.dat
2014-09-14 00:21 - 2012-12-07 15:29 - 00224322 ____C () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2014-09-14 00:14 - 2008-05-13 18:02 - 00000000 ___HD () C:\Documents and Settings\Jirka Martínek\Local Settings\Data aplikací
2014-09-14 00:13 - 2008-05-12 22:55 - 00000000 ____D () C:\Program Files\AquaMark3
2014-09-14 00:11 - 2008-05-13 18:02 - 00000000 ___RD () C:\Documents and Settings\Jirka Martínek\Nabídka Start\Programy\Po spuštění
2014-09-14 00:10 - 2013-08-12 17:45 - 00000000 ____D () C:\Program Files\QuickTime
2014-09-13 23:43 - 2014-09-13 23:40 - 00000000 ____D () C:\AdwCleaner
2014-09-13 23:42 - 2011-08-25 13:40 - 00000000 ___HD () C:\Documents and Settings\Zita\Local Settings\Data aplikací
2014-09-13 23:42 - 2011-07-30 12:05 - 00000178 __SHC () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-09-13 22:28 - 2011-08-25 13:40 - 00000178 ___SH () C:\Documents and Settings\Zita\ntuser.ini
2014-09-13 22:28 - 2011-08-25 13:40 - 00000000 ____D () C:\Documents and Settings\Zita
2014-09-13 22:05 - 2011-08-25 13:40 - 00000000 ____D () C:\Documents and Settings\Zita\Local Settings\Temp
2014-09-13 10:01 - 2009-04-20 17:09 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Intel(R) Matrix Storage Manager
2014-09-13 09:55 - 2014-09-13 09:54 - 00000884 _____ () C:\Documents and Settings\Jirka Martínek\Plocha\Vit Registry Fix.lnk
2014-09-13 09:54 - 2012-09-14 20:32 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Nabídka Start\Programy\VITSOFT
2014-09-13 09:54 - 2008-05-13 18:02 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Plocha
2014-09-12 23:08 - 2011-08-26 12:33 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Data aplikací\Skype
2014-09-12 23:08 - 2008-09-06 21:44 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-12 23:04 - 2014-09-12 23:04 - 00000688 _____ () C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2014-09-12 23:04 - 2014-09-12 23:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-12 22:04 - 2012-02-26 11:45 - 00000178 __SHC () C:\Documents and Settings\Alenka\ntuser.ini
2014-09-12 22:04 - 2012-02-26 11:45 - 00000000 ____D () C:\Documents and Settings\Alenka
2014-09-12 22:03 - 2012-02-26 11:45 - 00000000 ____D () C:\Documents and Settings\Alenka\Local Settings\Temp
2014-09-12 20:31 - 2011-07-30 11:50 - 00001819 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-09-12 19:53 - 2008-09-10 16:33 - 00000000 ____D () C:\Documents and Settings\Barbora
2014-09-12 19:53 - 2008-05-12 22:47 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-09-12 19:53 - 2008-05-12 22:46 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-09-12 19:53 - 2008-05-12 22:42 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ___SD () C:\Documents and Settings\TEMP.OSITMACHINE
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ___HD () C:\Documents and Settings\TEMP.OSITMACHINE\Data aplikací(2)
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Šablony(2)
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Oblíbené položky(2)
2014-09-12 19:52 - 2014-09-12 19:46 - 00000000 ____D () C:\Documents and Settings\TEMP.OSITMACHINE\Local Settings(2)
2014-09-12 17:40 - 2012-06-09 11:02 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-12 17:40 - 2011-11-28 11:52 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-12 15:26 - 2013-08-15 22:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-12 15:18 - 2008-05-12 18:14 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 20:59 - 2012-03-14 16:07 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-11 20:59 - 2011-07-30 16:03 - 00000000 ____D () C:\Program Files\TightVNC
2014-09-11 20:59 - 2011-07-30 11:58 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-09-11 20:57 - 2014-08-10 13:21 - 00001745 _____ () C:\Documents and Settings\All Users\Plocha\avast! Internet Security.lnk
2014-09-11 20:57 - 2014-08-10 12:52 - 00001805 _____ () C:\Documents and Settings\All Users\Plocha\avast! SafeZone.lnk
2014-09-08 16:16 - 2014-03-24 21:21 - 00000234 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-07 00:01 - 2011-08-26 12:51 - 00000000 ____D () C:\Documents and Settings\Zita\Data aplikací\Skype
2014-09-06 21:12 - 2014-09-06 21:12 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-06 21:12 - 2011-08-26 12:32 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-08-31 17:44 - 2014-03-03 23:21 - 00002515 _____ () C:\Documents and Settings\Zita\Plocha\Microsoft Office Word 2007.lnk
2014-08-28 09:01 - 2012-09-22 22:11 - 00000000 ____D () C:\Documents and Settings\Zita\Dokumenty\Úřadování
2014-08-26 20:00 - 2008-05-13 18:02 - 00000000 ___RD () C:\Documents and Settings\Jirka Martínek\Oblíbené položky
2014-08-26 19:40 - 2011-08-25 13:40 - 00000000 ___RD () C:\Documents and Settings\Zita\Dokumenty
2014-08-25 19:19 - 2014-08-13 16:03 - 00000000 ____D () C:\Documents and Settings\Jirka Martínek\Data aplikací\Garmin
2014-08-25 19:19 - 2008-05-13 17:17 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini
2014-08-25 19:07 - 2014-08-25 18:19 - 00000000 ____D () C:\TOPO_Czech_2
2014-08-25 18:11 - 2014-08-13 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Garmin
2014-08-15 19:38 - 2014-08-15 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Mozilla
Some content of TEMP:
====================
C:\Documents and Settings\Alenka\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Jirka Martínek\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Zita\Local Settings\Temp\contentDATs.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
-
Rudy
- Site Admin
- Příspěvky: 119545
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zmizelý profil uživatele + chybějící modul + zčernalá ob
Otevřte poznámkový blok a zkopírujte do něj:
Uložte do C:\Documents and Settings\Jirka Martínek\Dokumenty\Stažené soubory jako fixlist.txt. Pak znovu spusťte FRST a klikněte na >Fix<. Zkopírujte sem pak log, který se na závěr vytvoří.Start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\Policies\Explorer: []
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\MountPoints2: {b95a6abd-2036-11dd-8a2d-001e8cce015d} - F:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "Mount"
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
S4 IntelIde; No ImagePath
U2 MSSQLSERVER; No ImagePath
U2 W3SVC; No ImagePath
U1 WS2IFSL; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\Alenka\Local Settings\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zmizelý profil uživatele + chybějící modul + zčernalá ob
Tady je aktuální log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Jirka Martínek at 2014-09-14 14:09:10 Run:1
Running from C:\Documents and Settings\Jirka Martínek\Dokumenty\Stažené soubory
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\Policies\Explorer: []
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\MountPoints2: {b95a6abd-2036-11dd-8a2d-001e8cce015d} - F:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "Mount"
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
S4 IntelIde; No ImagePath
U2 MSSQLSERVER; No ImagePath
U2 W3SVC; No ImagePath
U1 WS2IFSL; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\Alenka\Local Settings\Temp
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-57989841-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
"HKU\S-1-5-21-57989841-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b95a6abd-2036-11dd-8a2d-001e8cce015d}" => Key deleted successfully.
"HKCR\CLSID\{b95a6abd-2036-11dd-8a2d-001e8cce015d}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
"HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" => Key not found.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0" => Key Deleted successfully.
IntelIde => Service deleted successfully.
MSSQLSERVER => Service deleted successfully.
W3SVC => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Documents and Settings\Alenka\Local Settings\Temp => Moved successfully.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Jirka Martínek at 2014-09-14 14:09:10 Run:1
Running from C:\Documents and Settings\Jirka Martínek\Dokumenty\Stažené soubory
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\Policies\Explorer: []
HKU\S-1-5-21-57989841-1500820517-725345543-1003\...\MountPoints2: {b95a6abd-2036-11dd-8a2d-001e8cce015d} - F:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "Mount"
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
S4 IntelIde; No ImagePath
U2 MSSQLSERVER; No ImagePath
U2 W3SVC; No ImagePath
U1 WS2IFSL; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\Alenka\Local Settings\Temp
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-57989841-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
"HKU\S-1-5-21-57989841-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b95a6abd-2036-11dd-8a2d-001e8cce015d}" => Key deleted successfully.
"HKCR\CLSID\{b95a6abd-2036-11dd-8a2d-001e8cce015d}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
"HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" => Key not found.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0" => Key Deleted successfully.
IntelIde => Service deleted successfully.
MSSQLSERVER => Service deleted successfully.
W3SVC => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Documents and Settings\Alenka\Local Settings\Temp => Moved successfully.
==== End of Fixlog ====
-
Rudy
- Site Admin
- Příspěvky: 119545
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zmizelý profil uživatele + chybějící modul + zčernalá ob
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zmizelý profil uživatele + chybějící modul + zčernalá ob
nevím si rady s tou hláškou nview.dll nebyl nalezen, která se objevuje pro lognutí se do správcovského účtu. U uživatelského účtu, který zmizel a byl obnoven díky bodu obnovy, jen dost hapruje Google Chrome, nelze v něm nic nastavit. Jinak je to OK, bez objevování se černé obrazovky a vše fachá.
-
Rudy
- Site Admin
- Příspěvky: 119545
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zmizelý profil uživatele + chybějící modul + zčernalá ob
1. Zkuste přeinstalovat ovladač gr. karty. nview.dll k němu patří.
2. Chrome zazálohujte pomocí Chrome backup: http://www.stahuj.centrum.cz/internet_a ... me-backup/ . Pak jej odinstalujte, vč. jeho profilu. Znovu nainstalujte a zpět ze zálohy nakopírujte pouze záložky, příp. hesla.
2. Chrome zazálohujte pomocí Chrome backup: http://www.stahuj.centrum.cz/internet_a ... me-backup/ . Pak jej odinstalujte, vč. jeho profilu. Znovu nainstalujte a zpět ze zálohy nakopírujte pouze záložky, příp. hesla.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zmizelý profil uživatele + chybějící modul + zčernalá ob
MOC, MOC, MOC DÍKY
Pošlu příspěvek na chod fóra, jako obvykle.
Moc děkuji za čas a trpělivost!
Pošlu příspěvek na chod fóra, jako obvykle.
Moc děkuji za čas a trpělivost!
-
Rudy
- Site Admin
- Příspěvky: 119545
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zmizelý profil uživatele + chybějící modul + zčernalá ob
Nemáte zač a za příspěvek děkujeme!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?