Náhlá změna WIN

[Piskle1987]

Zdravím,

prosím o kontrolu logu.
Ve WIN se snad vše změnilo. Nastavení jazyka, plochy, zmizely záložky z Chromu,...
Jazyk nelze změnit ani po doinstalování z WIN update...

Děkuji





Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Evina (administrator) on EVINA-PC on 04-01-2015 13:39:15
Running from C:\Windows\SysWOW64\config\systemprofile\Desktop
Loaded Profile: Evina (Available profiles: Evina & Radeček)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\TeamViewer\TVFile2.bak_2015-01-04-12-50-27.tmp
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Windows\System32\config\systemprofile\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2012-01-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [372224 2012-01-30] (Alcor Micro Corp.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [adblock pro] => C:\Program Files\Adblock Pro\abpmain.exe [602112 2010-06-30] (Adblock Pro Team)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => D:\Program Files\Office 2007\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Actualizar la licencia de ESET.lnk
ShortcutTarget: Actualizar la licencia de ESET.lnk -> C:\Program Files (x86)\ESET\MiNODLogin\launcher.exe (GuillerSoft)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Program Files\Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Program Files\Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Program Files\Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Program Files\Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Program Files\Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1109040010-128623991-1811497741-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
HKU\S-1-5-21-1109040010-128623991-1811497741-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL (AuthenTec Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Adblock Pro -> {F385C231-605B-4d8f-ACA9-DBFF765BBE17} -> C:\Program Files\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL (AuthenTec Inc.)
Toolbar: HKLM-x32 - TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
Toolbar: HKU\S-1-5-21-1109040010-128623991-1811497741-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/s ... wflash.cab
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [ombkllfdikmoepjdpmdaiinfbjpnkboa] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2011-12-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [313672 2011-12-22] (AuthenTec, Inc)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 Microsoft Office Groove Audit Service; D:\Program Files\Office 2007\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 TeamViewer; c:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\teamviewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2012-02-06] (Lenovo Group Limited)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-01-05] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-30] (Lenovo Information Product(ShenZhen China) Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [957184 2011-11-24] (Vimicro Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 13:38 - 2015-01-04 13:39 - 00000000 ____D () C:\FRST
2015-01-04 13:01 - 2015-01-04 13:02 - 00625936 _____ () C:\Windows\system32\perfh005.dat
2015-01-04 13:01 - 2015-01-04 13:02 - 00120008 _____ () C:\Windows\system32\perfc005.dat
2015-01-04 13:01 - 2015-01-04 13:01 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-01-04 13:01 - 2015-01-04 13:01 - 00000000 ____D () C:\Windows\SysWOW64\cs
2015-01-04 13:01 - 2015-01-04 13:01 - 00000000 ____D () C:\Windows\system32\cs
2015-01-04 13:01 - 2015-01-04 13:00 - 00292004 _____ () C:\Windows\system32\perfi005.dat
2015-01-04 13:01 - 2015-01-04 13:00 - 00036232 _____ () C:\Windows\system32\perfd005.dat
2015-01-04 12:29 - 2015-01-04 12:45 - 00000056 _____ () C:\Windows\setupact.log
2015-01-04 12:29 - 2015-01-04 12:29 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-04 12:06 - 2015-01-04 13:19 - 00000026 _____ () C:\Windows\Zone.Identifier
2015-01-04 10:55 - 2015-01-04 11:17 - 00000000 ____D () C:\Windows\SysWOW64\cache
2015-01-04 10:44 - 2015-01-04 11:17 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\uTorrent
2015-01-04 10:42 - 2015-01-04 10:42 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Skype
2015-01-04 10:42 - 2015-01-04 10:42 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Plex Media Server
2015-01-04 10:41 - 2015-01-04 11:17 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-04 10:41 - 2015-01-04 11:17 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-04 10:41 - 2015-01-04 11:17 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Skype
2015-01-04 10:41 - 2015-01-04 10:41 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Synaptics
2015-01-04 10:41 - 2015-01-04 10:41 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Intel
2015-01-04 10:41 - 2015-01-04 10:41 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\ESET
2015-01-04 10:41 - 2015-01-04 10:41 - 00000000 ____D () C:\Users\TEMP\AppData\Local\ESET
2015-01-04 10:41 - 2015-01-04 10:41 - 00000000 _____ () C:\Users\TEMP\agent.log
2015-01-03 13:35 - 2015-01-03 20:04 - 732751872 _____ () C:\Users\Evina\Downloads\Nechápu, jak to dokáže.avi
2015-01-03 13:34 - 2015-01-03 23:15 - 1961240576 _____ () C:\Users\Evina\Downloads\Enigma - Enigma.avi
2014-12-29 09:51 - 2014-12-29 09:51 - 00000000 ____D () C:\Users\Evina\Downloads\Ztracené
2014-12-25 17:09 - 2014-12-25 17:09 - 00664768 _____ (Copyright© 2012-2013 Intel Corporation. All rights reserved.) C:\Users\Evina\Downloads\Intel(R) WiDi Update Tool.exe
2014-12-25 17:03 - 2014-12-25 17:05 - 00000375 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-25 16:17 - 2014-12-25 16:22 - 00000000 ____D () C:\Users\Evina\AppData\Local\Plex Media Server
2014-12-25 16:17 - 2014-12-25 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2014-12-25 16:16 - 2014-12-25 16:16 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-25 16:16 - 2014-12-25 16:16 - 00000000 ____D () C:\Program Files (x86)\Plex
2014-12-25 16:13 - 2014-12-25 16:13 - 86795776 _____ (Plex, Inc.) C:\Users\Evina\Downloads\Plex-Media-Server-0.9.1107.803-87d0708-en-US.exe
2014-12-20 18:59 - 2014-12-29 16:11 - 00000000 ____D () C:\Users\Evina\Downloads\Gumídci

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 13:32 - 2012-10-27 22:16 - 01268260 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 13:30 - 2012-10-28 09:06 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-04 13:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-04 13:01 - 2009-07-14 08:46 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-04 13:01 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-01-04 13:01 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-01-04 13:01 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-01-04 13:01 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-01-04 13:01 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\winrm
2015-01-04 13:01 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\slmgr
2015-01-04 13:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-01-04 13:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-04 13:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-04 13:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-01-04 13:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-04 13:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-04 13:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-04 13:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-01-04 13:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-04 13:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-01-04 13:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-04 13:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-04 13:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-01-04 13:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2015-01-04 13:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-04 13:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2015-01-04 13:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-04 13:00 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\WCN
2015-01-04 13:00 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-01-04 13:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-01-04 13:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-04 13:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\com
2015-01-04 12:47 - 2012-10-28 09:06 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-04 12:46 - 2013-06-03 18:06 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-01-04 12:46 - 2012-10-27 22:41 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-01-04 12:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 12:44 - 2009-07-14 05:45 - 00020784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 12:44 - 2009-07-14 05:45 - 00020784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 12:29 - 2012-10-29 08:52 - 00000000 ____D () C:\Program Files\ESET
2015-01-04 11:17 - 2012-10-28 11:22 - 00000000 ____D () C:\Users\Evina\AppData\Roaming\uTorrent
2015-01-04 11:17 - 2012-10-28 08:36 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-01-04 11:17 - 2009-07-14 08:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-04 11:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-04 11:00 - 2009-07-14 06:13 - 01454258 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 10:54 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-04 10:47 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-03 22:03 - 2012-11-05 18:37 - 00000000 ____D () C:\Users\Evina\AppData\Roaming\Skype
2015-01-03 19:49 - 2012-10-27 22:41 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-12-28 09:24 - 2012-11-05 18:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-28 09:23 - 2012-11-05 18:36 - 00000000 ____D () C:\ProgramData\Skype
2014-12-20 12:24 - 2013-09-08 20:19 - 00000191 _____ () C:\Windows\NetTVPlayerFree.INI

Some content of TEMP:
====================
C:\Users\Evina\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 19:46




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:69.25 GB) (Free:13.56 GB) NTFS
Drive d: (Disk) (Fixed) (Total:395.51 GB) (Free:155.56 GB) NTFS

Available physical RAM: 1603.77 MB
Total physical RAM: 3868.23 MB
Percentage of memory in use: 58%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 465.8 GB) (Disk ID: ECEA5967)
Partition 1: (Active) - (Size=1 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=69.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=395.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{7C90AA81-4122-413B-A8BC-A860E5CFCB13}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Windows\system32\config\systemprofile\Desktop" je 2 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****



==================== End Of Log ==============================

[vyosek]

Zdravim

Jen se zeptam, Windows jsou cracknute stejne jako ten ESET???

[Piskle1987]

Nejspíš ano, Esetu se zbavuji.

[vyosek]

Tak doporucuji se zbavit i tech nelegalni Windows, kup si beznou domaci verzi (Home Premium) a ne nejvysi verzi Ultimate za nekolik tisic a pak na to mrknem...

Nase forum se nezabyva nelegalnimi systemy, je to popsano v pravidlech fora a charte mezinarodni aliance ASAP, jejiz jsme cleny...

Bohuzel, nemohu dale pokracovat v pomoci...

[Piskle1987]

Ok

[vyosek]

Pekny zbytek nedele