Dobrý večer,
po dlouhé době jsem při instalaci někde naletěl...požádám o pomoc při odstranění istart-webssearches.com jako domovské stránky.
Vygooglil jsem si postup pro odstranění, ale tento nezabral. istart-webssearches-com pouze zmizel jak z nabídky ve firefoxu, tak ze seznamu programů (pro odinstal).
Podobný případ zde na stránkách nebyl vyřešen, protože dotyčný měl neorig. W.
Děkuji
t.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
istart-webssearches.com jako domovská stránka
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: istart-webssearches.com jako domovská stránka
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: istart-webssearches.com jako domovská stránka
Požadovaný log.
Omlouvám se, za neznalost. Jsem zde po delším bezproblémovém chodu PC a neznalý nových postupů. Ve vašem odkazu je tochu matoucí popis FRST. Chcete ještě log z toho druhého (FRSTLauncher) nebo je toto vše?
t.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by User (ATTENTION: The logged in user is not administrator) on USER-PC on 28-01-2015 20:48:57
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & throp)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass\KeePass.exe [1670656 2011-01-02] (Dominik Reichl)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... earchTerms}
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... 4_FC6E7514
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... 4_FC6E7514
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-122564442-1786042143-667153628-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKU\S-1-5-21-122564442-1786042143-667153628-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-122564442-1786042143-667153628-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94bb1ohy.default-1422139523130
FF Homepage: https://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VLC\npvlc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-07]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-14] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-01-21] (Paragon Software Group)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [53840 2011-01-21] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [528464 2011-01-21] (Paragon)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 20:48 - 2015-01-28 20:49 - 00010951 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-28 20:48 - 2015-01-28 20:49 - 00000000 ____D () C:\FRST
2015-01-28 20:43 - 2015-01-28 20:43 - 02130432 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-01-27 22:01 - 2015-01-27 22:01 - 306981893 _____ () C:\Windows\MEMORY.DMP
2015-01-27 09:32 - 2015-01-27 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 10:33 - 2015-01-28 08:16 - 00000224 _____ () C:\Windows\setupact.log
2015-01-26 10:33 - 2015-01-26 10:33 - 00000598 _____ () C:\Windows\PFRO.log
2015-01-26 10:33 - 2015-01-26 10:33 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-25 09:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-25 09:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-25 09:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-25 09:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-25 09:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-25 09:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-25 09:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-25 09:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-25 09:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-25 09:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-25 09:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-25 09:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-25 09:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-24 23:45 - 2015-01-24 23:45 - 00000000 ____D () C:\Users\User\Desktop\Původní data aplikace Firefox
2015-01-24 10:27 - 2015-01-24 10:27 - 00001552 _____ () C:\Users\User\Desktop\_recepty_vse.lnk
2014-12-31 11:10 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-31 11:10 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 20:30 - 2012-08-20 17:14 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 20:02 - 2010-04-17 22:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\KeePass
2015-01-28 13:26 - 2011-08-23 18:39 - 01349814 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 08:23 - 2009-07-14 05:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 08:23 - 2009-07-14 05:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 08:22 - 2009-07-14 16:18 - 00668882 _____ () C:\Windows\system32\perfh005.dat
2015-01-28 08:22 - 2009-07-14 16:18 - 00141542 _____ () C:\Windows\system32\perfc005.dat
2015-01-28 08:22 - 2009-07-14 06:13 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 08:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 22:01 - 2012-06-02 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 22:01 - 2010-04-18 16:54 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 15:30 - 2012-06-02 11:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 15:30 - 2011-06-15 15:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 15:09 - 2013-04-27 09:56 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2015-01-25 10:20 - 2011-04-01 20:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-25 09:50 - 2010-04-01 11:46 - 01559340 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-21 18:14 - 2010-05-18 18:56 - 00056320 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-10 12:08 - 2013-03-23 14:06 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-10 12:08 - 2010-04-01 11:08 - 00001591 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-10 08:08 - 2009-07-14 06:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-01 14:54 - 2010-05-28 22:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\AIMP
==================== Files in the root of some directories =======
2011-08-09 18:29 - 2013-08-18 08:45 - 0000117 _____ () C:\Users\User\AppData\Roaming\Camdata.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0004416 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg
2010-05-18 18:56 - 2015-01-21 18:14 - 0056320 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\User\AppData\Local\Temp\KMP_3.9.1.131.exe
C:\Users\User\AppData\Local\Temp\KMP_3.9.1.132.exe
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by User at 2015-01-28 20:50:04
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1644.41512 - ABBYY Software House)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
AIMP2 (HKLM-x32\...\AIMP2) (Version: - AIMP DevTeam)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.00.25 - )
Eraser 6.0.7.1893 (HKLM\...\{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE}) (Version: 6.7.1893 - The Eraser Project)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
KeePass Password Safe 2.14 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.132 - PandoraTV)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6344718C-AE30-4C86-B5CD-459077A83623}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{BE29EE5A-C6B7-454B-BE14-2F4AD8E91BB1}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 cs)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: - Pandora.TV) <==== ATTENTION
Paragon Backup & Recovery™ 2011 (Advanced) Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDFZilla V1.2.9 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Secunia PSI (2.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: - )
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.55a - Ghisler Software GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Winamp Detector Plug-in (HKU\S-1-5-21-122564442-1786042143-667153628-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
==================== Loaded Modules (whitelisted) =============
2010-04-13 09:21 - 2009-06-04 14:10 - 05777408 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
========================= Accounts: ==========================
Administrator (S-1-5-21-122564442-1786042143-667153628-500 - Administrator - Disabled)
Guest (S-1-5-21-122564442-1786042143-667153628-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-122564442-1786042143-667153628-1005 - Limited - Enabled)
throp (S-1-5-21-122564442-1786042143-667153628-1007 - Administrator - Enabled) => C:\Users\throp.User-PC
User (S-1-5-21-122564442-1786042143-667153628-1000 - Limited - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/27/2015 06:29:36 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Správce oken plochy zjistil závažnou chybu (0x80070008).
Error: (01/22/2015 10:53:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PanProcess.exe, verze: 1.0.1.2, časové razítko: 0x506004cc
Název chybujícího modulu: PanStreamer.dll, verze: 2.0.5.36, časové razítko: 0x507fb217
Kód výjimky: 0xc0000005
Posun chyby: 0x0001dbd4
ID chybujícího procesu: 0x118
Čas spuštění chybující aplikace: 0xPanProcess.exe0
Cesta k chybující aplikaci: PanProcess.exe1
Cesta k chybujícímu modulu: PanProcess.exe2
ID zprávy: PanProcess.exe3
Error: (01/11/2015 00:34:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PanProcess.exe, verze: 1.0.1.2, časové razítko: 0x506004cc
Název chybujícího modulu: PanStreamer.dll, verze: 2.0.5.36, časové razítko: 0x507fb217
Kód výjimky: 0xc0000005
Posun chyby: 0x0001dbd4
ID chybujícího procesu: 0x518
Čas spuštění chybující aplikace: 0xPanProcess.exe0
Cesta k chybující aplikaci: PanProcess.exe1
Cesta k chybujícímu modulu: PanProcess.exe2
ID zprávy: PanProcess.exe3
Error: (01/10/2015 00:08:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 34.0.0.5442, časové razítko: 0x54754d35
Název chybujícího modulu: mozalloc.dll, verze: 34.0.0.5442, časové razítko: 0x54754649
Kód výjimky: 0x80000003
Posun chyby: 0x00001425
ID chybujícího procesu: 0x160
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3
Error: (01/03/2015 10:09:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PanProcess.exe, verze: 1.0.1.2, časové razítko: 0x506004cc
Název chybujícího modulu: PanStreamer.dll, verze: 2.0.5.36, časové razítko: 0x507fb217
Kód výjimky: 0xc0000005
Posun chyby: 0x0001dbd4
ID chybujícího procesu: 0x67c
Čas spuštění chybující aplikace: 0xPanProcess.exe0
Cesta k chybující aplikaci: PanProcess.exe1
Cesta k chybujícímu modulu: PanProcess.exe2
ID zprávy: PanProcess.exe3
Error: (12/15/2014 07:34:37 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Správce oken plochy zjistil závažnou chybu (0x80070008).
Error: (12/02/2014 10:51:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PanProcess.exe, verze: 1.0.1.2, časové razítko: 0x506004cc
Název chybujícího modulu: PanStreamer.dll, verze: 2.0.5.36, časové razítko: 0x507fb217
Kód výjimky: 0xc0000005
Posun chyby: 0x0001dbd4
ID chybujícího procesu: 0x170
Čas spuštění chybující aplikace: 0xPanProcess.exe0
Cesta k chybující aplikaci: PanProcess.exe1
Cesta k chybujícímu modulu: PanProcess.exe2
ID zprávy: PanProcess.exe3
Error: (11/27/2014 09:52:25 PM) (Source: MsiInstaller) (EventID: 11719) (User: )
Description: Product: Java 7 Update 67 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
Error: (11/23/2014 11:22:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PanProcess.exe, verze: 1.0.1.2, časové razítko: 0x506004cc
Název chybujícího modulu: PanStreamer.dll, verze: 2.0.5.36, časové razítko: 0x507fb217
Kód výjimky: 0xc0000005
Posun chyby: 0x0001dbd4
ID chybujícího procesu: 0x538
Čas spuštění chybující aplikace: 0xPanProcess.exe0
Cesta k chybující aplikaci: PanProcess.exe1
Cesta k chybujícímu modulu: PanProcess.exe2
ID zprávy: PanProcess.exe3
Error: (10/22/2014 04:04:30 PM) (Source: PandoraService.exe) (EventID: 0) (User: )
Description: Socket Error # 11001
Host not found.
System errors:
=============
Error: (01/28/2015 08:16:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
SABKUTIL
Error: (01/27/2015 10:01:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
SABKUTIL
Error: (01/27/2015 10:01:29 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff9600035c7b7, 0xfffff880079cdfa0, 0x0000000000000000)C:\Windows\MEMORY.DMP012715-16614-01
Error: (01/27/2015 10:01:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (18:30:43, 27.1.2015) bylo neočekávané.
Error: (01/27/2015 07:43:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Sentinel HASP License Manager byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/27/2015 07:42:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
SABKUTIL
Error: (01/27/2015 07:42:13 AM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel HASP License Manager Service crashed!
Module: C:\Windows\system32\hasplms.exe, handle:00400000, version:12.50.1.16926
Fault at: C:\Windows\system32\hasplms.exe, handle:00400000, version:12.50.1.16926
ExceptionCode: c0000005
ExceptionFlags: 00000000
ExceptionAddress: 007baeeb
NumberParameters: 2
ExceptionInformation[0]: 00000000
ExceptionInformation[1]: 1300c400
ContextFlags: 0001003f
EAX: 00000007:
EBX: 00000000:
ECX: 1300c400:
EDX: 00000076:
ESI: 15b58801:
EDI: eda0a9c9:
EBP: 00000007:
ESP: 01b7fe84
EIP: 007baeeb
CS: 00000023
DS: 0000002b
SS: 0000002b
ES: 0000002b
FS: 00000053
GS: 0000002b
Flags: 00010287
PreCode: 444aad958bc75be9452d00000fbe140f
Code: 0fbe190fbe92008599000fbe9b008599
TopOfStack
01b7fe84: 00000007:
01b7fe88: 00000019:
01b7fe8c: 011639a2: 410074006800650072006f0073002000 A.t.h.e.r.o.s. .
01b7fe90: 00a16dc9: 7669727475616c0076706e00496e7661 virtual.vpn.Inva
01b7fe94: 00000000:
01b7fe98: 0050ca42: e9f0ccffff0f8c0f5a02000f8d6bc101 ........Z....k..
01b7fe9c: 1300c400:
01b7fea0: 00a16dc9: 7669727475616c0076706e00496e7661 virtual.vpn.Inva
01b7fea4: 00000007:
01b7fea8: 01151618: 0000000008000000302b150100000000 ........0+......
01b7feac: 00000000:
01b7feb0: 01b7ff48: 88ffb70186d061005de5600000000000 ......a.].`.....
01b7feb4: 01720d78: 78070000d000000011000000b7000000 x...............
01b7feb8: 004d1bbb: e94026ffffe91c36feff8b4c246c5651 .@&....6...L$lVQ
01b7febc: 011639a2: 410074006800650072006f0073002000 A.t.h.e.r.o.s. .
01b7fec0: 00000065:
01b7fec4: 00a16dc9: 7669727475616c0076706e00496e7661 virtual.vpn.Inva
01b7fec8: 00000007:
01b7fecc: 01b7ff10: 000000000e1a7f007be56000b41d4000 .......{.`...@.
01b7fed0: 01b7ff0c: 00000000000000000e1a7f007be56000 ...........{.`.
01b7fed4: 011579cc: 6e0000004639160150871501b8031418 n...F9..P.......
01b7fed8: 011579c0: 4039160172000000720000006e000000 @9..r...r...n...
01b7fedc: 004b9ab6: 83ec0c74018d4424045650c744240c00 ...t..D$.VP.D$..
01b7fee0: 007f34b5: e99452000083c4047401e973e3fdff8b ..R.....t..s....
01b7fee4: 01151618: 0000000008000000302b150100000000 ........0+......
01b7fee8: 01151618: 0000000008000000302b150100000000 ........0+......
01b7feec: 01151618: 0000000008000000302b150100000000 ........0+......
01b7fef0: 01151618: 0000000008000000302b150100000000 ........0+......
01b7fef4: 007e778d: e9a1f7ffff83c41074018b45088b4838 ........t..E..H8
01b7fef8: 01b7fefc: 00000000c4967e0000000000780d7201 ......~.....x.r.
01b7fefc: 00000000:
01b7ff00: 007e96c4: e92738ffff3b5c24108bcb0f86e637ff .'8..;\$......7.
StackTrace
01b7fe94: ebp:00000000, ret:0050ca42, arg:00c40013c96da1000700000018161501, base:00400000, call:007be71f
00a16dc9: 7669727475616c0076706e00496e7661 virtual.vpn.Inva
01151618: 0000000008000000302b150100000000 ........0+......
01b7feb4: ebp:01720d78, ret:004d1bbb, arg:a239160165000000c96da10007000000, base:00400000, call:0051782f
011639a2: 410074006800650072006f0073002000 A.t.h.e.r.o.s. .
00a16dc9: 7669727475616c0076706e00496e7661 virtual.vpn.Inva
01b7fedc: ebp:004b9ab6, ret:007f34b5, arg:18161501181615011816150118161501, base:00400000, call:004b9ab6
01151618: 0000000008000000302b150100000000 ........0+......
01151618: 0000000008000000302b150100000000 ........0+......
01151618: 0000000008000000302b150100000000 ........0+......
01151618: 0000000008000000302b150100000000 ........0+......
01b7fef0: ebp:01151618, ret:007e778d, arg:fcfeb70100000000c4967e0000000000, base:00400000, call:007d8c19
01b7fefc: 00000000c4967e0000000000780d7201 ......~.....x.r.
007e96c4: e92738ffff3b5c24108bcb0f86e637ff .'8..;\$......7.
01b7fefc: ebp:00000000, ret:007e96c4, arg:00000000780d72010000000000000000, base:00400000, call:007ef7e0
01720d78: 78070000d000000011000000b7000000 x...............
01b7ff10: ebp:00000000, ret:007f1a0e, arg:7be56000b41d40000000000000000000, base:00400000, call:007e0b0b
0060e57b: e84032dfffe8c7380500e861ccf0ffe8 .@2....8...a....
00401db4: 83c404c745fcffffffff8b4df064890d ....E......M.d..
01b7ff14: ebp:007f1a0e, ret:0060e57b, arg:b41d40000000000000000000780d7201, base:00400000, call:007f2359
00401db4: 83c404c745fcffffffff8b4df064890d ....E......M.d..
01720d78: 78070000d000000011000000b7000000 x...............
01b7ff18: ebp:0060e57b, ret:00401db4, arg:0000000000000000780d7201780d7201, base:00400000, op:ff5508
01720d78: 78070000d000000011000000b7000000 x...............
01720d78: 78070000d000000011000000b7000000 x...............
01b7ff48: ebp:01b7ff88, ret:0061d086, arg:5de56000000000008ffa900000000000, base:00400000, call:00401d80
0060e55d: e8492d0c00e896c92100e8d4120500e8 .I-.....!.......
0090fa8f: 59e850ffffff8b45ec8b088b09894de4 Y.P....E......M.
01b7ff54: ebp:00000000, ret:0090fa8f, arg:000000000000000000000000780d7201, base:00400000, op:ff564c
01720d78: 78070000d000000011000000b7000000 x...............
01b7ff88: ebp:01b7ff94, ret:74f2338a, arg:780d7201d4ffb701729f2d77780d7201, base:74f10000 [kernel32.dll], op:ffd2
01b7ff94: ebp:01b7ffd4, ret:772d9f72, arg:780d72018c8d8d760000000000000000, base:772a0000 [ntdll.dll], op:ffd0
01b7ffd4: ebp:01b7ffec, ret:772d9f45, arg:23fa9000780d72010000000000000000, base:772a0000 [ntdll.dll], call:772d9f4b
Stop at unreadable 01b80000
ReportSize: 5160
Error: (01/26/2015 10:34:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
SABKUTIL
Error: (01/25/2015 09:50:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/25/2015 03:02:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
SABKUTIL
Microsoft Office Sessions:
=========================
Error: (05/15/2010 11:29:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40370 seconds with 15780 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2012-11-04 18:59:20.286
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 17:46:54.200
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 17:08:23.329
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 16:52:19.924
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 11:11:18.675
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 10:57:06.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 10:10:32.904
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-03 09:26:10.264
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-01 18:38:14.446
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-01 16:34:06.344
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 68%
Total physical RAM: 2013.12 MB
Available physical RAM: 626.41 MB
Total Pagefile: 4026.23 MB
Available Pagefile: 1870.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.19 GB) (Free:61.33 GB) NTFS
Drive d: (HDD) (Fixed) (Total:348.47 GB) (Free:54.43 GB) NTFS
Drive f: (bob a bobek VI) (CDROM) (Total:4.06 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Omlouvám se, za neznalost. Jsem zde po delším bezproblémovém chodu PC a neznalý nových postupů. Ve vašem odkazu je tochu matoucí popis FRST. Chcete ještě log z toho druhého (FRSTLauncher) nebo je toto vše?
t.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by User (ATTENTION: The logged in user is not administrator) on USER-PC on 28-01-2015 20:48:57
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & throp)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass\KeePass.exe [1670656 2011-01-02] (Dominik Reichl)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... earchTerms}
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... 4_FC6E7514
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... 4_FC6E7514
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-122564442-1786042143-667153628-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKU\S-1-5-21-122564442-1786042143-667153628-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-122564442-1786042143-667153628-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94bb1ohy.default-1422139523130
FF Homepage: https://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VLC\npvlc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-07]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-14] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-01-21] (Paragon Software Group)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [53840 2011-01-21] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [528464 2011-01-21] (Paragon)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 20:48 - 2015-01-28 20:49 - 00010951 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-28 20:48 - 2015-01-28 20:49 - 00000000 ____D () C:\FRST
2015-01-28 20:43 - 2015-01-28 20:43 - 02130432 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-01-27 22:01 - 2015-01-27 22:01 - 306981893 _____ () C:\Windows\MEMORY.DMP
2015-01-27 09:32 - 2015-01-27 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 10:33 - 2015-01-28 08:16 - 00000224 _____ () C:\Windows\setupact.log
2015-01-26 10:33 - 2015-01-26 10:33 - 00000598 _____ () C:\Windows\PFRO.log
2015-01-26 10:33 - 2015-01-26 10:33 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-25 09:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-25 09:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-25 09:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-25 09:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-25 09:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-25 09:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-25 09:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-25 09:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-25 09:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-25 09:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-25 09:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-25 09:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-25 09:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-24 23:45 - 2015-01-24 23:45 - 00000000 ____D () C:\Users\User\Desktop\Původní data aplikace Firefox
2015-01-24 10:27 - 2015-01-24 10:27 - 00001552 _____ () C:\Users\User\Desktop\_recepty_vse.lnk
2014-12-31 11:10 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-31 11:10 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 20:30 - 2012-08-20 17:14 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 20:02 - 2010-04-17 22:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\KeePass
2015-01-28 13:26 - 2011-08-23 18:39 - 01349814 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 08:23 - 2009-07-14 05:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 08:23 - 2009-07-14 05:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 08:22 - 2009-07-14 16:18 - 00668882 _____ () C:\Windows\system32\perfh005.dat
2015-01-28 08:22 - 2009-07-14 16:18 - 00141542 _____ () C:\Windows\system32\perfc005.dat
2015-01-28 08:22 - 2009-07-14 06:13 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 08:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 22:01 - 2012-06-02 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 22:01 - 2010-04-18 16:54 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 15:30 - 2012-06-02 11:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 15:30 - 2011-06-15 15:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 15:09 - 2013-04-27 09:56 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2015-01-25 10:20 - 2011-04-01 20:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-25 09:50 - 2010-04-01 11:46 - 01559340 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-21 18:14 - 2010-05-18 18:56 - 00056320 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-10 12:08 - 2013-03-23 14:06 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-10 12:08 - 2010-04-01 11:08 - 00001591 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-10 08:08 - 2009-07-14 06:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-01 14:54 - 2010-05-28 22:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\AIMP
==================== Files in the root of some directories =======
2011-08-09 18:29 - 2013-08-18 08:45 - 0000117 _____ () C:\Users\User\AppData\Roaming\Camdata.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0004416 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg
2010-05-18 18:56 - 2015-01-21 18:14 - 0056320 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\User\AppData\Local\Temp\KMP_3.9.1.131.exe
C:\Users\User\AppData\Local\Temp\KMP_3.9.1.132.exe
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by User at 2015-01-28 20:50:04
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1644.41512 - ABBYY Software House)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
AIMP2 (HKLM-x32\...\AIMP2) (Version: - AIMP DevTeam)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.00.25 - )
Eraser 6.0.7.1893 (HKLM\...\{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE}) (Version: 6.7.1893 - The Eraser Project)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
KeePass Password Safe 2.14 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.132 - PandoraTV)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6344718C-AE30-4C86-B5CD-459077A83623}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{BE29EE5A-C6B7-454B-BE14-2F4AD8E91BB1}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 cs)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: - Pandora.TV) <==== ATTENTION
Paragon Backup & Recovery™ 2011 (Advanced) Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDFZilla V1.2.9 (HKLM-x32\...\PDFZilla_is1) (Version: - PDFZilla, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Secunia PSI (2.0.0.3001) (HKLM-x32\...\Secunia PSI) (Version: - )
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.55a - Ghisler Software GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Winamp Detector Plug-in (HKU\S-1-5-21-122564442-1786042143-667153628-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
==================== Loaded Modules (whitelisted) =============
2010-04-13 09:21 - 2009-06-04 14:10 - 05777408 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
========================= Accounts: ==========================
Administrator (S-1-5-21-122564442-1786042143-667153628-500 - Administrator - Disabled)
Guest (S-1-5-21-122564442-1786042143-667153628-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-122564442-1786042143-667153628-1005 - Limited - Enabled)
throp (S-1-5-21-122564442-1786042143-667153628-1007 - Administrator - Enabled) => C:\Users\throp.User-PC
User (S-1-5-21-122564442-1786042143-667153628-1000 - Limited - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/27/2015 06:29:36 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Správce oken plochy zjistil závažnou chybu (0x80070008).
Error: (01/22/2015 10:53:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PanProcess.exe, verze: 1.0.1.2, časové razítko: 0x506004cc
Název chybujícího modulu: PanStreamer.dll, verze: 2.0.5.36, časové razítko: 0x507fb217
Kód výjimky: 0xc0000005
Posun chyby: 0x0001dbd4
ID chybujícího procesu: 0x118
Čas spuštění chybující aplikace: 0xPanProcess.exe0
Cesta k chybující aplikaci: PanProcess.exe1
Cesta k chybujícímu modulu: PanProcess.exe2
ID zprávy: PanProcess.exe3
Error: (01/11/2015 00:34:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PanProcess.exe, verze: 1.0.1.2, časové razítko: 0x506004cc
Název chybujícího modulu: PanStreamer.dll, verze: 2.0.5.36, časové razítko: 0x507fb217
Kód výjimky: 0xc0000005
Posun chyby: 0x0001dbd4
ID chybujícího procesu: 0x518
Čas spuštění chybující aplikace: 0xPanProcess.exe0
Cesta k chybující aplikaci: PanProcess.exe1
Cesta k chybujícímu modulu: PanProcess.exe2
ID zprávy: PanProcess.exe3
Error: (01/10/2015 00:08:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 34.0.0.5442, časové razítko: 0x54754d35
Název chybujícího modulu: mozalloc.dll, verze: 34.0.0.5442, časové razítko: 0x54754649
Kód výjimky: 0x80000003
Posun chyby: 0x00001425
ID chybujícího procesu: 0x160
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3
Error: (01/03/2015 10:09:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PanProcess.exe, verze: 1.0.1.2, časové razítko: 0x506004cc
Název chybujícího modulu: PanStreamer.dll, verze: 2.0.5.36, časové razítko: 0x507fb217
Kód výjimky: 0xc0000005
Posun chyby: 0x0001dbd4
ID chybujícího procesu: 0x67c
Čas spuštění chybující aplikace: 0xPanProcess.exe0
Cesta k chybující aplikaci: PanProcess.exe1
Cesta k chybujícímu modulu: PanProcess.exe2
ID zprávy: PanProcess.exe3
Error: (12/15/2014 07:34:37 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Správce oken plochy zjistil závažnou chybu (0x80070008).
Error: (12/02/2014 10:51:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PanProcess.exe, verze: 1.0.1.2, časové razítko: 0x506004cc
Název chybujícího modulu: PanStreamer.dll, verze: 2.0.5.36, časové razítko: 0x507fb217
Kód výjimky: 0xc0000005
Posun chyby: 0x0001dbd4
ID chybujícího procesu: 0x170
Čas spuštění chybující aplikace: 0xPanProcess.exe0
Cesta k chybující aplikaci: PanProcess.exe1
Cesta k chybujícímu modulu: PanProcess.exe2
ID zprávy: PanProcess.exe3
Error: (11/27/2014 09:52:25 PM) (Source: MsiInstaller) (EventID: 11719) (User: )
Description: Product: Java 7 Update 67 -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
Error: (11/23/2014 11:22:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PanProcess.exe, verze: 1.0.1.2, časové razítko: 0x506004cc
Název chybujícího modulu: PanStreamer.dll, verze: 2.0.5.36, časové razítko: 0x507fb217
Kód výjimky: 0xc0000005
Posun chyby: 0x0001dbd4
ID chybujícího procesu: 0x538
Čas spuštění chybující aplikace: 0xPanProcess.exe0
Cesta k chybující aplikaci: PanProcess.exe1
Cesta k chybujícímu modulu: PanProcess.exe2
ID zprávy: PanProcess.exe3
Error: (10/22/2014 04:04:30 PM) (Source: PandoraService.exe) (EventID: 0) (User: )
Description: Socket Error # 11001
Host not found.
System errors:
=============
Error: (01/28/2015 08:16:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
SABKUTIL
Error: (01/27/2015 10:01:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
SABKUTIL
Error: (01/27/2015 10:01:29 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff9600035c7b7, 0xfffff880079cdfa0, 0x0000000000000000)C:\Windows\MEMORY.DMP012715-16614-01
Error: (01/27/2015 10:01:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (18:30:43, 27.1.2015) bylo neočekávané.
Error: (01/27/2015 07:43:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Sentinel HASP License Manager byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/27/2015 07:42:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
SABKUTIL
Error: (01/27/2015 07:42:13 AM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel HASP License Manager Service crashed!
Module: C:\Windows\system32\hasplms.exe, handle:00400000, version:12.50.1.16926
Fault at: C:\Windows\system32\hasplms.exe, handle:00400000, version:12.50.1.16926
ExceptionCode: c0000005
ExceptionFlags: 00000000
ExceptionAddress: 007baeeb
NumberParameters: 2
ExceptionInformation[0]: 00000000
ExceptionInformation[1]: 1300c400
ContextFlags: 0001003f
EAX: 00000007:
EBX: 00000000:
ECX: 1300c400:
EDX: 00000076:
ESI: 15b58801:
EDI: eda0a9c9:
EBP: 00000007:
ESP: 01b7fe84
EIP: 007baeeb
CS: 00000023
DS: 0000002b
SS: 0000002b
ES: 0000002b
FS: 00000053
GS: 0000002b
Flags: 00010287
PreCode: 444aad958bc75be9452d00000fbe140f
Code: 0fbe190fbe92008599000fbe9b008599
TopOfStack
01b7fe84: 00000007:
01b7fe88: 00000019:
01b7fe8c: 011639a2: 410074006800650072006f0073002000 A.t.h.e.r.o.s. .
01b7fe90: 00a16dc9: 7669727475616c0076706e00496e7661 virtual.vpn.Inva
01b7fe94: 00000000:
01b7fe98: 0050ca42: e9f0ccffff0f8c0f5a02000f8d6bc101 ........Z....k..
01b7fe9c: 1300c400:
01b7fea0: 00a16dc9: 7669727475616c0076706e00496e7661 virtual.vpn.Inva
01b7fea4: 00000007:
01b7fea8: 01151618: 0000000008000000302b150100000000 ........0+......
01b7feac: 00000000:
01b7feb0: 01b7ff48: 88ffb70186d061005de5600000000000 ......a.].`.....
01b7feb4: 01720d78: 78070000d000000011000000b7000000 x...............
01b7feb8: 004d1bbb: e94026ffffe91c36feff8b4c246c5651 .@&....6...L$lVQ
01b7febc: 011639a2: 410074006800650072006f0073002000 A.t.h.e.r.o.s. .
01b7fec0: 00000065:
01b7fec4: 00a16dc9: 7669727475616c0076706e00496e7661 virtual.vpn.Inva
01b7fec8: 00000007:
01b7fecc: 01b7ff10: 000000000e1a7f007be56000b41d4000 .......{.`...@.
01b7fed0: 01b7ff0c: 00000000000000000e1a7f007be56000 ...........{.`.
01b7fed4: 011579cc: 6e0000004639160150871501b8031418 n...F9..P.......
01b7fed8: 011579c0: 4039160172000000720000006e000000 @9..r...r...n...
01b7fedc: 004b9ab6: 83ec0c74018d4424045650c744240c00 ...t..D$.VP.D$..
01b7fee0: 007f34b5: e99452000083c4047401e973e3fdff8b ..R.....t..s....
01b7fee4: 01151618: 0000000008000000302b150100000000 ........0+......
01b7fee8: 01151618: 0000000008000000302b150100000000 ........0+......
01b7feec: 01151618: 0000000008000000302b150100000000 ........0+......
01b7fef0: 01151618: 0000000008000000302b150100000000 ........0+......
01b7fef4: 007e778d: e9a1f7ffff83c41074018b45088b4838 ........t..E..H8
01b7fef8: 01b7fefc: 00000000c4967e0000000000780d7201 ......~.....x.r.
01b7fefc: 00000000:
01b7ff00: 007e96c4: e92738ffff3b5c24108bcb0f86e637ff .'8..;\$......7.
StackTrace
01b7fe94: ebp:00000000, ret:0050ca42, arg:00c40013c96da1000700000018161501, base:00400000, call:007be71f
00a16dc9: 7669727475616c0076706e00496e7661 virtual.vpn.Inva
01151618: 0000000008000000302b150100000000 ........0+......
01b7feb4: ebp:01720d78, ret:004d1bbb, arg:a239160165000000c96da10007000000, base:00400000, call:0051782f
011639a2: 410074006800650072006f0073002000 A.t.h.e.r.o.s. .
00a16dc9: 7669727475616c0076706e00496e7661 virtual.vpn.Inva
01b7fedc: ebp:004b9ab6, ret:007f34b5, arg:18161501181615011816150118161501, base:00400000, call:004b9ab6
01151618: 0000000008000000302b150100000000 ........0+......
01151618: 0000000008000000302b150100000000 ........0+......
01151618: 0000000008000000302b150100000000 ........0+......
01151618: 0000000008000000302b150100000000 ........0+......
01b7fef0: ebp:01151618, ret:007e778d, arg:fcfeb70100000000c4967e0000000000, base:00400000, call:007d8c19
01b7fefc: 00000000c4967e0000000000780d7201 ......~.....x.r.
007e96c4: e92738ffff3b5c24108bcb0f86e637ff .'8..;\$......7.
01b7fefc: ebp:00000000, ret:007e96c4, arg:00000000780d72010000000000000000, base:00400000, call:007ef7e0
01720d78: 78070000d000000011000000b7000000 x...............
01b7ff10: ebp:00000000, ret:007f1a0e, arg:7be56000b41d40000000000000000000, base:00400000, call:007e0b0b
0060e57b: e84032dfffe8c7380500e861ccf0ffe8 .@2....8...a....
00401db4: 83c404c745fcffffffff8b4df064890d ....E......M.d..
01b7ff14: ebp:007f1a0e, ret:0060e57b, arg:b41d40000000000000000000780d7201, base:00400000, call:007f2359
00401db4: 83c404c745fcffffffff8b4df064890d ....E......M.d..
01720d78: 78070000d000000011000000b7000000 x...............
01b7ff18: ebp:0060e57b, ret:00401db4, arg:0000000000000000780d7201780d7201, base:00400000, op:ff5508
01720d78: 78070000d000000011000000b7000000 x...............
01720d78: 78070000d000000011000000b7000000 x...............
01b7ff48: ebp:01b7ff88, ret:0061d086, arg:5de56000000000008ffa900000000000, base:00400000, call:00401d80
0060e55d: e8492d0c00e896c92100e8d4120500e8 .I-.....!.......
0090fa8f: 59e850ffffff8b45ec8b088b09894de4 Y.P....E......M.
01b7ff54: ebp:00000000, ret:0090fa8f, arg:000000000000000000000000780d7201, base:00400000, op:ff564c
01720d78: 78070000d000000011000000b7000000 x...............
01b7ff88: ebp:01b7ff94, ret:74f2338a, arg:780d7201d4ffb701729f2d77780d7201, base:74f10000 [kernel32.dll], op:ffd2
01b7ff94: ebp:01b7ffd4, ret:772d9f72, arg:780d72018c8d8d760000000000000000, base:772a0000 [ntdll.dll], op:ffd0
01b7ffd4: ebp:01b7ffec, ret:772d9f45, arg:23fa9000780d72010000000000000000, base:772a0000 [ntdll.dll], call:772d9f4b
Stop at unreadable 01b80000
ReportSize: 5160
Error: (01/26/2015 10:34:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
SABKUTIL
Error: (01/25/2015 09:50:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/25/2015 03:02:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
SABKUTIL
Microsoft Office Sessions:
=========================
Error: (05/15/2010 11:29:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40370 seconds with 15780 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2012-11-04 18:59:20.286
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 17:46:54.200
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 17:08:23.329
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 16:52:19.924
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 11:11:18.675
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 10:57:06.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-04 10:10:32.904
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-03 09:26:10.264
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-01 18:38:14.446
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-11-01 16:34:06.344
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 68%
Total physical RAM: 2013.12 MB
Available physical RAM: 626.41 MB
Total Pagefile: 4026.23 MB
Available Pagefile: 1870.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.19 GB) (Free:61.33 GB) NTFS
Drive d: (HDD) (Fixed) (Total:348.47 GB) (Free:54.43 GB) NTFS
Drive f: (bob a bobek VI) (CDROM) (Total:4.06 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
==================== End Of Log ============================
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: istart-webssearches.com jako domovská stránka
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: istart-webssearches.com jako domovská stránka
tady je log:
# AdwCleaner v4.109 - Report created 28/01/2015 at 21:28:05
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner_4.109.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\Program Files (x86)\PANDORA.TV
Folder Deleted : C:\Users\User\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\User\AppData\Roaming\webssearches
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registry ] *****
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
-\\ Mozilla Firefox v35.0.1 (x86 cs)
*************************
AdwCleaner[R].txt - [2676 octets] - [28/01/2015 21:21:04]
AdwCleaner[S].txt - [2166 octets] - [28/01/2015 21:28:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S].txt - [2225 octets] ##########
# AdwCleaner v4.109 - Report created 28/01/2015 at 21:28:05
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner_4.109.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\Program Files (x86)\PANDORA.TV
Folder Deleted : C:\Users\User\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\User\AppData\Roaming\webssearches
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registry ] *****
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
-\\ Mozilla Firefox v35.0.1 (x86 cs)
*************************
AdwCleaner[R].txt - [2676 octets] - [28/01/2015 21:21:04]
AdwCleaner[S].txt - [2166 octets] - [28/01/2015 21:28:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S].txt - [2225 octets] ##########
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: istart-webssearches.com jako domovská stránka
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: istart-webssearches.com jako domovská stránka
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by User (ATTENTION: The logged in user is not administrator) on USER-PC on 28-01-2015 22:19:40
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & throp)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass\KeePass.exe [1670656 2011-01-02] (Dominik Reichl)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-122564442-1786042143-667153628-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94bb1ohy.default-1422139523130
FF Homepage: https://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VLC\npvlc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-07]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-14] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-01-21] (Paragon Software Group)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [53840 2011-01-21] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [528464 2011-01-21] (Paragon)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 21:21 - 2015-01-28 21:28 - 00000000 ____D () C:\AdwCleaner
2015-01-28 21:17 - 2015-01-28 21:17 - 02194432 _____ () C:\Users\User\Desktop\adwcleaner_4.109.exe
2015-01-28 20:50 - 2015-01-28 20:50 - 00025063 _____ () C:\Users\User\Desktop\Addition.txt
2015-01-28 20:48 - 2015-01-28 22:19 - 00009433 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-28 20:48 - 2015-01-28 22:19 - 00000000 ____D () C:\FRST
2015-01-28 20:43 - 2015-01-28 20:43 - 02130432 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-01-27 22:01 - 2015-01-27 22:01 - 306981893 _____ () C:\Windows\MEMORY.DMP
2015-01-27 09:32 - 2015-01-27 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 10:33 - 2015-01-28 21:29 - 00000280 _____ () C:\Windows\setupact.log
2015-01-26 10:33 - 2015-01-26 10:33 - 00000598 _____ () C:\Windows\PFRO.log
2015-01-26 10:33 - 2015-01-26 10:33 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-25 09:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-25 09:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-25 09:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-25 09:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-25 09:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-25 09:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-25 09:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-25 09:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-25 09:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-25 09:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-25 09:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-25 09:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-25 09:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-24 23:45 - 2015-01-24 23:45 - 00000000 ____D () C:\Users\User\Desktop\Původní data aplikace Firefox
2015-01-24 10:27 - 2015-01-24 10:27 - 00001552 _____ () C:\Users\User\Desktop\_recepty_vse.lnk
2014-12-31 11:10 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-31 11:10 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 21:42 - 2009-07-14 16:18 - 00668882 _____ () C:\Windows\system32\perfh005.dat
2015-01-28 21:42 - 2009-07-14 16:18 - 00141542 _____ () C:\Windows\system32\perfc005.dat
2015-01-28 21:42 - 2009-07-14 06:13 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 21:37 - 2009-07-14 05:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 21:37 - 2009-07-14 05:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 21:33 - 2011-08-23 18:39 - 01354184 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 21:30 - 2012-08-20 17:14 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 21:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 21:28 - 2010-04-17 18:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\CheckPoint
2015-01-28 21:28 - 2010-04-01 11:08 - 00000927 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-28 20:02 - 2010-04-17 22:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\KeePass
2015-01-27 22:01 - 2012-06-02 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 22:01 - 2010-04-18 16:54 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 15:30 - 2012-06-02 11:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 15:30 - 2011-06-15 15:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 15:09 - 2013-04-27 09:56 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2015-01-25 10:20 - 2011-04-01 20:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-25 09:50 - 2010-04-01 11:46 - 01559340 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-21 18:14 - 2010-05-18 18:56 - 00056320 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-10 12:08 - 2013-03-23 14:06 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-10 08:08 - 2009-07-14 06:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-01 14:54 - 2010-05-28 22:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\AIMP
==================== Files in the root of some directories =======
2011-08-09 18:29 - 2013-08-18 08:45 - 0000117 _____ () C:\Users\User\AppData\Roaming\Camdata.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0004416 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg
2010-05-18 18:56 - 2015-01-21 18:14 - 0056320 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\User\AppData\Local\Temp\KMP_3.9.1.131.exe
C:\Users\User\AppData\Local\Temp\KMP_3.9.1.132.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Ran by User (ATTENTION: The logged in user is not administrator) on USER-PC on 28-01-2015 22:19:40
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & throp)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass\KeePass.exe [1670656 2011-01-02] (Dominik Reichl)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-122564442-1786042143-667153628-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\94bb1ohy.default-1422139523130
FF Homepage: https://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VLC\npvlc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-07]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-14] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-01-21] (Paragon Software Group)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [53840 2011-01-21] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [528464 2011-01-21] (Paragon)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 SABKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 21:21 - 2015-01-28 21:28 - 00000000 ____D () C:\AdwCleaner
2015-01-28 21:17 - 2015-01-28 21:17 - 02194432 _____ () C:\Users\User\Desktop\adwcleaner_4.109.exe
2015-01-28 20:50 - 2015-01-28 20:50 - 00025063 _____ () C:\Users\User\Desktop\Addition.txt
2015-01-28 20:48 - 2015-01-28 22:19 - 00009433 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-28 20:48 - 2015-01-28 22:19 - 00000000 ____D () C:\FRST
2015-01-28 20:43 - 2015-01-28 20:43 - 02130432 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-01-27 22:01 - 2015-01-27 22:01 - 306981893 _____ () C:\Windows\MEMORY.DMP
2015-01-27 09:32 - 2015-01-27 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 10:33 - 2015-01-28 21:29 - 00000280 _____ () C:\Windows\setupact.log
2015-01-26 10:33 - 2015-01-26 10:33 - 00000598 _____ () C:\Windows\PFRO.log
2015-01-26 10:33 - 2015-01-26 10:33 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-25 09:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-25 09:43 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-25 09:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-25 09:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-25 09:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-25 09:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-25 09:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-25 09:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-25 09:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-25 09:43 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-25 09:43 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-25 09:43 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-25 09:43 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-24 23:45 - 2015-01-24 23:45 - 00000000 ____D () C:\Users\User\Desktop\Původní data aplikace Firefox
2015-01-24 10:27 - 2015-01-24 10:27 - 00001552 _____ () C:\Users\User\Desktop\_recepty_vse.lnk
2014-12-31 11:10 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-31 11:10 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 21:42 - 2009-07-14 16:18 - 00668882 _____ () C:\Windows\system32\perfh005.dat
2015-01-28 21:42 - 2009-07-14 16:18 - 00141542 _____ () C:\Windows\system32\perfc005.dat
2015-01-28 21:42 - 2009-07-14 06:13 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 21:37 - 2009-07-14 05:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 21:37 - 2009-07-14 05:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 21:33 - 2011-08-23 18:39 - 01354184 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 21:30 - 2012-08-20 17:14 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 21:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 21:28 - 2010-04-17 18:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\CheckPoint
2015-01-28 21:28 - 2010-04-01 11:08 - 00000927 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-28 20:02 - 2010-04-17 22:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\KeePass
2015-01-27 22:01 - 2012-06-02 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 22:01 - 2010-04-18 16:54 - 00000000 ____D () C:\Windows\Minidump
2015-01-25 15:30 - 2012-06-02 11:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 15:30 - 2011-06-15 15:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 15:09 - 2013-04-27 09:56 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2015-01-25 10:20 - 2011-04-01 20:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-25 09:50 - 2010-04-01 11:46 - 01559340 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-21 18:14 - 2010-05-18 18:56 - 00056320 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-10 12:08 - 2013-03-23 14:06 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-10 08:08 - 2009-07-14 06:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-01 14:54 - 2010-05-28 22:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\AIMP
==================== Files in the root of some directories =======
2011-08-09 18:29 - 2013-08-18 08:45 - 0000117 _____ () C:\Users\User\AppData\Roaming\Camdata.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini
2011-08-09 18:29 - 2013-08-18 08:45 - 0004416 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg
2010-05-18 18:56 - 2015-01-21 18:14 - 0056320 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\User\AppData\Local\Temp\KMP_3.9.1.131.exe
C:\Users\User\AppData\Local\Temp\KMP_3.9.1.132.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: istart-webssearches.com jako domovská stránka
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-122564442-1786042143-667153628-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VLC\npvlc.dll No File
C:\Users\User\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: istart-webssearches.com jako domovská stránka
pro info: PC se restartovalo
zde je log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by User at 2015-01-28 22:31:00 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & throp)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-122564442-1786042143-667153628-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VLC\npvlc.dll No File
C:\Users\User\AppData\Local\Temp
End
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value could not be deleted.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value could not be deleted.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value could not be deleted.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => Key could not be deleted. Access denied.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => Key could not be deleted. Access denied.
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11 => Key could not be deleted. Access denied.
"C:\Users\User\AppData\Local\Temp" directory move:
Could not move "C:\Users\User\AppData\Local\Temp" directory. => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-28 22:36:45)<=
==> ATTENTION: System is not rebooted.
"C:\Users\User\AppData\Local\Temp" => Directory could not move.
==== End of Fixlog 22:36:46 ====
zde je log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by User at 2015-01-28 22:31:00 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & throp)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-122564442-1786042143-667153628-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VLC\npvlc.dll No File
C:\Users\User\AppData\Local\Temp
End
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value could not be deleted.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value could not be deleted.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value could not be deleted.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKU\S-1-5-21-122564442-1786042143-667153628-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => Key could not be deleted. Access denied.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => Key could not be deleted. Access denied.
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11 => Key could not be deleted. Access denied.
"C:\Users\User\AppData\Local\Temp" directory move:
Could not move "C:\Users\User\AppData\Local\Temp" directory. => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-28 22:36:45)<=
==> ATTENTION: System is not rebooted.
"C:\Users\User\AppData\Local\Temp" => Directory could not move.
==== End of Fixlog 22:36:46 ====
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: istart-webssearches.com jako domovská stránka
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: istart-webssearches.com jako domovská stránka
Ano, ani při jednom restartu PC a FF se už istart-webssearches neobjevil jako defaultní nastavený vyhledávač a domovská stránka. Tzn. považuji za úpěšně odstraněn.
S dovolením mám dvě otázky:
1. mám Avast IS (doporučován zde na fóru), tento při testech nic nenašel....mám si jej nechat nebo vybrat jiný?
2. bylo "tam" ještě něco jiného?
děkuji za odp.
t.
S dovolením mám dvě otázky:
1. mám Avast IS (doporučován zde na fóru), tento při testech nic nenašel....mám si jej nechat nebo vybrat jiný?
2. bylo "tam" ještě něco jiného?
děkuji za odp.
t.
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: istart-webssearches.com jako domovská stránka
1. Avast IS je OK, ponechte.
2. Bylo tam pár toolbarů, víceméně zbytečnosti
2. Bylo tam pár toolbarů, víceméně zbytečnosti
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: istart-webssearches.com jako domovská stránka
Dobrý den,
od tohoto zásahu vykazuje PC nestandardní chování, např. firefox nestáhne přílohy, obdobně email klient (centrum), prg picture manager nebo malování neuloží upravené fotky. Může být souvislost a jak obnovím předchozí stav?
Děkuji
t.
od tohoto zásahu vykazuje PC nestandardní chování, např. firefox nestáhne přílohy, obdobně email klient (centrum), prg picture manager nebo malování neuloží upravené fotky. Může být souvislost a jak obnovím předchozí stav?
Děkuji
t.
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: istart-webssearches.com jako domovská stránka
Souvislost by to být nemělo. Zkuste aplikace přeinstalovat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: istart-webssearches.com jako domovská stránka
Dobrý den,
další nest. chování je automatické (ne)ukládání ve wordu, kdy napíše hlášku: "Aplikace nemůže dokončit ukládání z důvodu chybných oprávnění k souboru." Časově se výskyt kryje s potíží se zásahem proti websearcher.
Uložení přes soubor/uložit funguje jak má. Mám dva účty (správce a uživatel), ale takto to bylo vždy, soubor byl vytvořen pod uživatelem a problém nebyl. Opravdu si myslíte, že zde není souvislost? Máte představu, kde by mohl být "zakopaný pes"?
Děkuji
t.
další nest. chování je automatické (ne)ukládání ve wordu, kdy napíše hlášku: "Aplikace nemůže dokončit ukládání z důvodu chybných oprávnění k souboru." Časově se výskyt kryje s potíží se zásahem proti websearcher.
Uložení přes soubor/uložit funguje jak má. Mám dva účty (správce a uživatel), ale takto to bylo vždy, soubor byl vytvořen pod uživatelem a problém nebyl. Opravdu si myslíte, že zde není souvislost? Máte představu, kde by mohl být "zakopaný pes"?
Děkuji
t.
Přispějete na provoz fóra?