Logfile of random's system information tool 1.10 (written by random/random)
Run by moje at 2015-12-22 13:11:22
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 394 GB (83%) free of 477 GB
Total RAM: 4095 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:11:34, on 22.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Games\World_of_Tanks\worldoftanks.exe
C:\Games\World_of_Tanks\worldoftanks.exe
C:\Games\World_of_Tanks\worldoftanks.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\moje.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yoursites123.com/?type=hp&ts ... XX6VE1Q21F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yoursites123.com/?type=hp&ts ... XX6VE1Q21F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursites123.com/web/?type=d ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursites123.com/web/?type=d ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 0634959350
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2656427353-3572486724-2793342792-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2656427353-3572486724-2793342792-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - Trusted IP range: http://192.168.10.51
O15 - Trusted IP range: http://192.168.10.52
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - (no file)
O20 - AppInit_DLLs: C:\ProgramData\Zitenop\White-Sing.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDF Architect 3 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\ws.exe
O23 - Service: PDF Architect 3 CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe
O23 - Service: PDF Architect 3 Creator - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zitenop - Unknown owner - C:\ProgramData\\Zitenop\\Zitenop.exe (file missing)
--
End of file - 9905 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\PDF Architect 3\creator-ws.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Games\World_of_Tanks\worldoftanks.exe" wot_wait_for_mutex
"C:\Games\World_of_Tanks\worldoftanks.exe" wot_wait_for_mutex
"C:\Games\World_of_Tanks\worldoftanks.exe" wot_wait_for_mutex
"C:\Program Files\Internet Explorer\iexplore.exe" http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=CZ&userid=aaa67438-1870-4fb5-ac36-cf852ff5bede&searchtype=sc&installDate=28.10.2015&barcodeid=50045888&channelid=888
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:996 CREDAT:267521 /prefetch:2
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe16_ Global\UsGthrCtrlFltPipeMssGthrPipe16 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\moje\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2DFF3579-5AA7-45B9-9328-1D38EA230861} - PDF Architect 3 Toolbar - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-14 496344]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30 1332296]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
Adobe Flash Player Updater.job
SA.DAT
SCHEDLGU.TXT
Adobe Flash Player Updater.job
SA.DAT
SCHEDLGU.TXT
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\Zitenop\Kantrax.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-12-22 13:11:23 ----D---- C:\Program Files\trend micro
2015-12-22 13:11:22 ----D---- C:\rsit
2015-12-21 20:12:17 ----D---- C:\ProgramData\ESET
2015-12-21 20:12:11 ----D---- C:\Program Files\ESET
2015-12-14 17:09:45 ----D---- C:\Users\moje\AppData\Roaming\WinZipper
2015-12-14 17:08:04 ----D---- C:\ProgramData\MWdMM
2015-12-14 17:08:00 ----D---- C:\Users\moje\AppData\Roaming\TSv
2015-12-14 17:07:11 ----D---- C:\ProgramData\5WdM5
2015-12-03 19:18:52 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-12-03 19:18:14 ----D---- C:\Program Files (x86)\Java
2015-11-28 16:11:49 ----D---- C:\ProgramData\9466af57-1f38-4973-ab1c-22f7e17e2d6a
======List of files/folders modified in the last 1 month======
2015-12-22 13:11:34 ----D---- C:\Windows\Prefetch
2015-12-22 13:11:32 ----D---- C:\Windows\Temp
2015-12-22 13:11:23 ----RD---- C:\Program Files
2015-12-22 12:57:50 ----AD---- C:\ProgramData\TEMP
2015-12-22 12:40:36 ----D---- C:\Windows\system32\catroot2
2015-12-22 12:35:55 ----SHD---- C:\System Volume Information
2015-12-22 11:25:17 ----D---- C:\Windows\tracing
2015-12-22 10:42:10 ----D---- C:\Windows\system32\config
2015-12-22 10:20:38 ----D---- C:\ProgramData\NVIDIA
2015-12-21 23:31:03 ----D---- C:\Windows\System32
2015-12-21 20:13:41 ----D---- C:\Windows\system32\DriverStore
2015-12-21 20:13:41 ----D---- C:\Windows\inf
2015-12-21 20:13:38 ----D---- C:\Windows\system32\drivers
2015-12-21 20:13:36 ----SHD---- C:\Windows\Installer
2015-12-21 20:12:17 ----HD---- C:\ProgramData
2015-12-21 13:34:12 ----D---- C:\Windows\debug
2015-12-20 21:31:05 ----RD---- C:\Users
2015-12-20 21:29:38 ----RD---- C:\Program Files (x86)
2015-12-20 14:32:16 ----D---- C:\Windows
2015-12-20 14:30:08 ----D---- C:\Windows\system32\Tasks
2015-12-20 13:54:19 ----D---- C:\Users\moje\AppData\Roaming\rmi
2015-12-20 13:54:14 ----D---- C:\ProgramData\Zitenop
2015-12-20 12:50:12 ----D---- C:\ProgramData\lWMiniProl
2015-12-20 12:28:26 ----SD---- C:\Windows\system32\Microsoft
2015-12-20 10:46:17 ----D---- C:\Program Files (x86)\Common Files
2015-12-20 10:39:48 ----D---- C:\Windows\SysWOW64
2015-12-20 10:00:52 ----D---- C:\Users\moje\AppData\Roaming\OpenCandy
2015-12-16 20:48:44 ----D---- C:\Windows\Tasks
2015-12-16 17:02:57 ----D---- C:\Users\moje\AppData\Roaming\.minecraft
2015-12-16 14:57:59 ----D---- C:\Windows\system32\wfp
2015-12-16 14:57:56 ----D---- C:\Windows\system32\wbem
2015-12-16 14:56:52 ----D---- C:\Windows\system32\CodeIntegrity
2015-12-16 14:56:46 ----D---- C:\Windows\registration
2015-12-15 02:15:31 ----D---- C:\Users\moje\AppData\Roaming\vlc
2015-12-14 18:02:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-14 05:34:06 ----D---- C:\ProgramData\JWMiniProJ
2015-12-10 18:57:28 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-12-10 18:54:45 ----D---- C:\Windows\SYSWOW64\Macromed
2015-12-10 18:54:45 ----D---- C:\Windows\system32\NDF
2015-12-10 18:54:45 ----D---- C:\Windows\system32\Macromed
2015-12-10 18:54:27 ----D---- C:\Program Files (x86)\Microsoft Office
2015-12-09 19:54:12 ----D---- C:\Users\moje\AppData\Roaming\Opera Software
2015-12-09 04:39:31 ----N---- C:\Windows\system32\MpSigStub.exe
2015-12-07 13:27:47 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-03 19:19:31 ----D---- C:\ProgramData\Oracle
2015-11-30 19:51:22 ----D---- C:\Users\moje\AppData\Roaming\TeamViewer
2015-11-30 19:51:20 ----D---- C:\Users\moje\AppData\Roaming\TS3Client
2015-11-30 19:51:13 ----D---- C:\Windows\Panther
2015-11-30 19:51:12 ----D---- C:\Windows\Minidump
2015-11-30 19:51:12 ----D---- C:\Windows\Logs
2015-11-25 17:24:16 ----D---- C:\Windows\system32\drivers\etc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-11-20 69840]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-11-15 274696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-11-20 263528]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-11-20 186784]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-11-20 206312]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-11-20 52872]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2015-11-20 142976]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 124560]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2015-11-20 2522616]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-01-30 23784]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-08-29 920864]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-09-05 1364256]
R2 PDF Architect 3 Creator;PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [2015-04-14 740568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-08-29 414496]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-01-30 366512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 Zitenop;Zitenop; C:\ProgramData\\Zitenop\\Zitenop.exe -f C:\ProgramData\\Zitenop\\Zitenop.dat -l -a []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-10 269504]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 114688]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [2015-04-14 901336]
S3 PDF Architect 3;PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2015-04-14 2243288]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.10 2015-12-22 13:11:39
======MBR======
0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A82D00B6500008020210007FEFFFF000800000048383A00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
Adobe Flash Player 20 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_ActiveX.exe -maintain activex
Aktualizace NVIDIA 1.14.17-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{1E76BF29-56BD-4063-88F5-62ADE9ACF0E7}\NVI2.DLL",UninstallPackage Display.Update
ESET Smart Security-->MsiExec.exe /I{E8EA6A18-4085-4E67-AC9C-F8E9AEB53F4F}
Java 8 Update 66-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218066F0}
Microsoft .NET Framework 4.5.2 (CSY)-->MsiExec.exe /X{C48AF3CF-C632-3C19-838E-7DAB7283D46A}
Microsoft .NET Framework 4.5.2 (čeština)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\CSY\\Setup.exe /repair /x86 /x64 /lcid 1029
Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{26784146-6E05-3FF9-9335-786C7C0FB5BE}
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2010-->MsiExec.exe /X{90140000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft PowerPoint Viewer-->MsiExec.exe /X{95140000-00AF-0405-0000-0000000FF1CE}
Microsoft Security Client-->MsiExec.exe /X{996D32B6-F629-4764-894B-CB24D9C19051}
Microsoft Security Essentials-->"C:\Program Files\Microsoft Security Client\Setup.exe" /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\install.exe
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)-->MsiExec.exe /X{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}
NVIDIA Ovladač 3D Vision 327.02-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{1E76BF29-56BD-4063-88F5-62ADE9ACF0E7}\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovladače grafiky 327.02-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{1E76BF29-56BD-4063-88F5-62ADE9ACF0E7}\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
PDF Architect 3 Create Module-->MsiExec.exe /I{749FCEEB-8F82-4964-ABD4-BE93D7D97551}
PDF Architect 3 Edit Module-->MsiExec.exe /X{AF26F006-186D-417C-9327-0591C1E7D363}
PDF Architect 3 View Module-->MsiExec.exe /I{7D4DCFBE-25F8-405B-A60D-C670441E5A61}
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WinRAR 5.21 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
World of Tanks-->"C:\Games\World_of_Tanks\unins000.exe"
Your Uninstaller! 7-->"C:\Program Files (x86)\Your Uninstaller! 7\unins000.exe"
======System event log======
Computer Name: moje-PC
Event Code: 7036
Message: Stav služby Klient zásad skupiny byl změněn na: Spuštěno
Record Number: 48278
Source Name: Service Control Manager
Time Written: 20150414151651.171600-000
Event Type: Informace
User:
Computer Name: moje-PC
Event Code: 7036
Message: Stav služby Zvuk systému Windows byl změněn na: Spuštěno
Record Number: 48277
Source Name: Service Control Manager
Time Written: 20150414151651.062400-000
Event Type: Informace
User:
Computer Name: moje-PC
Event Code: 7036
Message: Stav služby Služba Plánovač multimédií byl změněn na: Spuštěno
Record Number: 48276
Source Name: Service Control Manager
Time Written: 20150414151651.000000-000
Event Type: Informace
User:
Computer Name: moje-PC
Event Code: 7036
Message: Stav služby Mezipaměť písem Windows byl změněn na: Spuštěno
Record Number: 48275
Source Name: Service Control Manager
Time Written: 20150414151650.688000-000
Event Type: Informace
User:
Computer Name: moje-PC
Event Code: 7036
Message: Stav služby Koncové vytváření služby Windows Audio byl změněn na: Spuštěno
Record Number: 48274
Source Name: Service Control Manager
Time Written: 20150414151650.656800-000
Event Type: Informace
User:
=====Application event log=====
Computer Name: 37L4247F27-25
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20140906195012.000000-000
Event Type: Informace
User:
Computer Name: 37L4247F27-25
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20140906195007.000000-000
Event Type: Informace
User:
Computer Name: 37L4247F27-25
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 3
Source Name: Microsoft-Windows-EventSystem
Time Written: 20140906195003.000000-000
Event Type: Informace
User:
Computer Name: 37L4247F27-25
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.
Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20140906195002.924400-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
Computer Name: 37L4247F27-25
Event Code: 1532
Message: Služba Profil uživatele byla zastavena.
Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101121035831.124372-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: moje-PC
Event Code: 4634
Message: Účet byl odhlášen.
Předmět:
ID zabezpečení: S-1-5-21-2656427353-3572486724-2793342792-1000
Název účtu: moje
Doména účtu: moje-PC
ID přihlášení: 0x500e23
Typ přihlášení: 7
Tato událost je generována, pokud je zničena relace přihlášení. Může být spojena s událostí přihlášení pomocí hodnoty ID přihlášení. Hodnoty ID přihlášení jsou jednoznačné pouze v rámci jednotlivých restartů stejného počítače.
Record Number: 6489
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141113134316.120000-000
Event Type: Úspěšný audit
User:
Computer Name: moje-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.
Předmět:
ID zabezpečení: S-1-5-21-2656427353-3572486724-2793342792-1000
Název účtu: moje
Doména účtu: moje-PC
ID přihlášení: 0x500e15
Oprávnění: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 6488
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141113134316.120000-000
Event Type: Úspěšný audit
User:
Computer Name: moje-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MOJE-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
Typ přihlášení: 7
Nové přihlášení:
ID zabezpečení: S-1-5-21-2656427353-3572486724-2793342792-1000
Název účtu: moje
Doména účtu: moje-PC
ID přihlášení: 0x500e23
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x1d0
Název procesu: C:\Windows\System32\winlogon.exe
Informace o síti:
Název pracovní stanice: MOJE-PC
Adresa zdrojové sítě 127.0.0.1
Zdrojový port: 0
Podrobné informace o ověření:
Proces přihlášení: User32
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 6487
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141113134316.120000-000
Event Type: Úspěšný audit
User:
Computer Name: moje-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MOJE-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
Typ přihlášení: 7
Nové přihlášení:
ID zabezpečení: S-1-5-21-2656427353-3572486724-2793342792-1000
Název účtu: moje
Doména účtu: moje-PC
ID přihlášení: 0x500e15
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Informace o procesu:
ID procesu: 0x1d0
Název procesu: C:\Windows\System32\winlogon.exe
Informace o síti:
Název pracovní stanice: MOJE-PC
Adresa zdrojové sítě 127.0.0.1
Zdrojový port: 0
Podrobné informace o ověření:
Proces přihlášení: User32
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0
Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.
Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.
Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).
Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.
Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.
Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 6486
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141113134316.120000-000
Event Type: Úspěšný audit
User:
Computer Name: moje-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.
Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MOJE-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Účet, jehož pověření bylo použito:
Název účtu: moje
Doména účtu: moje-PC
GUID přihlášení: {00000000-0000-0000-0000-000000000000}
Cílový server:
Název cílového serveru: localhost
Další informace: localhost
Informace o procesu:
ID procesu: 0x1d0
Název procesu: C:\Windows\System32\winlogon.exe
Informace o síti:
Síťová adresa: 127.0.0.1
Port: 0
Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 6485
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141113134316.120000-000
Event Type: Úspěšný audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"ESET_OPTIONS"=
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
pomalý PC a neustálá instalace nechtěných aplikací
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: pomalý PC a neustálá instalace nechtěných aplikací
Krasny den Vam preju 
Bezi Vam v PC 2 antiviry - ESS a MSC - jeden odinstalujte (doporucuji ponechat ESET pokud je zakoupeny).
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
Bezi Vam v PC 2 antiviry - ESS a MSC - jeden odinstalujte (doporucuji ponechat ESET pokud je zakoupeny). V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Cleaning
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: pomalý PC a neustálá instalace nechtěných aplikací
Dobrý den, tak jsem to provedl,výsledek je zde : # AdwCleaner v5.027 - Logfile created 04/01/2016 at 19:09:49
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : moje - MOJE-PC
# Running from : C:\Users\moje\Downloads\adwcleaner_5.027.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : Zitenop
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\smdmf
[-] Folder Deleted : C:\ProgramData\B5TTmp
[-] Folder Deleted : C:\ProgramData\Zitenop
[-] Folder Deleted : C:\ProgramData\cWMiniProc
[-] Folder Deleted : C:\ProgramData\eWMiniProe
[-] Folder Deleted : C:\ProgramData\JWMiniProJ
[-] Folder Deleted : C:\ProgramData\lWMiniProl
[-] Folder Deleted : C:\Users\moje\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\moje\AppData\Local\Systweak
[-] Folder Deleted : C:\Users\moje\AppData\Local\B5T
[-] Folder Deleted : C:\Users\moje\AppData\Local\DE812686-1445977405-BE20-A200-90E6BA12C352
[-] Folder Deleted : C:\Users\moje\AppData\Local\DE812686-1446229831-BE20-A200-90E6BA12C352
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\Solvusoft
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\WinZipper
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\TSv
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\deskCutv2@gmail.com
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\defsearchp@gmail.com
[#] Folder Deleted : C:\Windows\SysNative\Tasks\ASP
[-] Folder Deleted : C:\Windows\SysWOW64\Browser
***** [ Files ] *****
[-] File Deleted : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] File Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\defsearchp@gmail.com.xpi
[-] File Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\extension@b5m.com.xpi
[-] File Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\searchplugins\findit.xml
[-] File Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\searchplugins\yahoo-lavasoft.xml
[-] File Deleted : C:\Windows\SysWOW64\findit.xml
[-] File Deleted : C:\Windows\SysWOW64\lavasofttcpservice.dll
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
***** [ Scheduled tasks ] *****
[-] Task Deleted : ASP
***** [ Registry ] *****
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FAA29E8-B9EF-4766-823A-2B3512C0AC25}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A69CDF2-B56C-48D3-BB9B-ED2925AEE772}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9D94A729-4EFA-4D30-B6C6-7B7BEFAF6985}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C02A85DD-AEE3-4D48-9CBC-632DA63CF07E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F46515E3-C82D-4243-BAF9-2CA377FF4622}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E7249F6-3124-4E09-BCA9-AE2B09F3D83E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{920D90DA-DF4C-4891-B1E4-6EBC87CB924D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{999721D2-F4D1-4397-8608-38928DDC0932}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBCCB5AC-7D1C-433E-96BF-9482258E068C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD22E081-D617-4B49-BF04-D4ED5F4E54F1}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FAA29E8-B9EF-4766-823A-2B3512C0AC25}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A69CDF2-B56C-48D3-BB9B-ED2925AEE772}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9D94A729-4EFA-4D30-B6C6-7B7BEFAF6985}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C02A85DD-AEE3-4D48-9CBC-632DA63CF07E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F46515E3-C82D-4243-BAF9-2CA377FF4622}
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\SmdmF
[-] Key Deleted : HKCU\Software\Linkey
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\Reg\Clean
[!] Key Not Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\SmdmF
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\FFPluginHp
[-] Key Deleted : HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKLM\SOFTWARE\WdsManPro
[-] Key Deleted : HKLM\SOFTWARE\Reg\Clean
[-] Key Deleted : HKLM\SOFTWARE\TSv
[-] Key Deleted : HKLM\SOFTWARE\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\yoursites123Software
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : [x64] HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\internetspeedtracker.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safefinder.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.safefinder.com
***** [ Web browsers ] *****
[-] [C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "findit");
[-] [C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossrider.bic", "150aac5e56c056637442fbb1006a391e");
[-] [C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10177 bytes] ##########
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : moje - MOJE-PC
# Running from : C:\Users\moje\Downloads\adwcleaner_5.027.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : Zitenop
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\smdmf
[-] Folder Deleted : C:\ProgramData\B5TTmp
[-] Folder Deleted : C:\ProgramData\Zitenop
[-] Folder Deleted : C:\ProgramData\cWMiniProc
[-] Folder Deleted : C:\ProgramData\eWMiniProe
[-] Folder Deleted : C:\ProgramData\JWMiniProJ
[-] Folder Deleted : C:\ProgramData\lWMiniProl
[-] Folder Deleted : C:\Users\moje\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\moje\AppData\Local\Systweak
[-] Folder Deleted : C:\Users\moje\AppData\Local\B5T
[-] Folder Deleted : C:\Users\moje\AppData\Local\DE812686-1445977405-BE20-A200-90E6BA12C352
[-] Folder Deleted : C:\Users\moje\AppData\Local\DE812686-1446229831-BE20-A200-90E6BA12C352
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\Solvusoft
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\WinZipper
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\TSv
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\deskCutv2@gmail.com
[-] Folder Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\defsearchp@gmail.com
[#] Folder Deleted : C:\Windows\SysNative\Tasks\ASP
[-] Folder Deleted : C:\Windows\SysWOW64\Browser
***** [ Files ] *****
[-] File Deleted : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] File Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\defsearchp@gmail.com.xpi
[-] File Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\extension@b5m.com.xpi
[-] File Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\searchplugins\findit.xml
[-] File Deleted : C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\searchplugins\yahoo-lavasoft.xml
[-] File Deleted : C:\Windows\SysWOW64\findit.xml
[-] File Deleted : C:\Windows\SysWOW64\lavasofttcpservice.dll
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
***** [ Scheduled tasks ] *****
[-] Task Deleted : ASP
***** [ Registry ] *****
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FAA29E8-B9EF-4766-823A-2B3512C0AC25}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A69CDF2-B56C-48D3-BB9B-ED2925AEE772}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9D94A729-4EFA-4D30-B6C6-7B7BEFAF6985}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C02A85DD-AEE3-4D48-9CBC-632DA63CF07E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F46515E3-C82D-4243-BAF9-2CA377FF4622}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E7249F6-3124-4E09-BCA9-AE2B09F3D83E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{920D90DA-DF4C-4891-B1E4-6EBC87CB924D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{999721D2-F4D1-4397-8608-38928DDC0932}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBCCB5AC-7D1C-433E-96BF-9482258E068C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD22E081-D617-4B49-BF04-D4ED5F4E54F1}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FAA29E8-B9EF-4766-823A-2B3512C0AC25}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A69CDF2-B56C-48D3-BB9B-ED2925AEE772}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9D94A729-4EFA-4D30-B6C6-7B7BEFAF6985}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C02A85DD-AEE3-4D48-9CBC-632DA63CF07E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F46515E3-C82D-4243-BAF9-2CA377FF4622}
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\SmdmF
[-] Key Deleted : HKCU\Software\Linkey
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\Reg\Clean
[!] Key Not Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\SmdmF
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\FFPluginHp
[-] Key Deleted : HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKLM\SOFTWARE\WdsManPro
[-] Key Deleted : HKLM\SOFTWARE\Reg\Clean
[-] Key Deleted : HKLM\SOFTWARE\TSv
[-] Key Deleted : HKLM\SOFTWARE\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\yoursites123Software
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : [x64] HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\internetspeedtracker.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safefinder.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.safefinder.com
***** [ Web browsers ] *****
[-] [C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "findit");
[-] [C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossrider.bic", "150aac5e56c056637442fbb1006a391e");
[-] [C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10177 bytes] ##########
Re: pomalý PC a neustálá instalace nechtěných aplikací
Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: pomalý PC a neustálá instalace nechtěných aplikací
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by moje (2016-01-05 11:51:10)
Running from C:\Users\moje\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-09-06 19:57:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2656427353-3572486724-2793342792-500 - Administrator - Disabled)
Guest (S-1-5-21-2656427353-3572486724-2793342792-501 - Limited - Disabled)
moje (S-1-5-21-2656427353-3572486724-2793342792-1000 - Administrator - Enabled) => C:\Users\moje
UpdatusUser (S-1-5-21-2656427353-3572486724-2793342792-1003 - Limited - Enabled) => C:\Users\TEMP
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 9.0.351.2 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.351.2 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Aktualizace NVIDIA 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
ESET Smart Security (HKLM\...\{E8EA6A18-4085-4E67-AC9C-F8E9AEB53F4F}) (Version: 9.0.351.2 - ESET, spol. s r.o.)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
Ovládací panel NVIDIA 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
PDF Architect 3 Create Module (x32 Version: 3.0.12.22873 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.12.22873 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.12.22873 - pdfforge GmbH) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {936451A9-EB4E-4484-AD36-1575FD70028C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-09-06 22:58 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\moje\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{76BAC7C5-C6E1-4419-B6F8-037C0ECBD502}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{00EF3441-D533-4CB3-8508-56658A976708}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{F5E1C3F1-5C48-47D0-AD38-BB5809CF4B07}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{BA99F4DB-A39F-4FCB-A4A3-C247428BC675}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{8F5DAFBE-98A9-427D-A636-F9DB1317C835}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{3337ECE3-9918-470B-8073-1F467C3E025A}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{D0DDD099-5423-431F-AE2F-7B7E6A0A0728}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{4AA79372-D09C-4BBA-9EDE-7946C949D97C}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{E069240A-63C8-45F1-9FF8-0B690BC3C46D}C:\program files (x86)\warthunder\aces.exe] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{1D822495-F0E2-4B77-AA5F-E0FAA16608A0}C:\program files (x86)\warthunder\aces.exe] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [TCP Query User{63F4905D-9A0D-4A50-AF35-36CC9010EEBD}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{37981E48-41B8-4C29-B46F-273354864D98}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{FF437C02-687B-4359-ABC0-941399EF863D}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{AA41DDF1-3D4B-49BF-9A56-C0FD2EAA8940}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
==================== Restore Points =========================
26-12-2015 12:10:32 Before uninstalling Unity Web Player
27-12-2015 01:56:47 Windows Update
29-12-2015 17:58:18 Before uninstalling WinRAR 5.21 (64-bit)
02-01-2016 12:17:38 Before uninstalling WinRAR 5.21 (64-bit)
04-01-2016 20:04:03 Before uninstalling WinRAR 5.21 (64-bit)
04-01-2016 23:34:59 Before uninstalling WinRAR 5.21 (64-bit)
==================== Faulty Device Manager Devices =============
Name: Koprocesor
Description: Koprocesor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/05/2016 11:21:26 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: moje-PC)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (01/05/2016 11:21:26 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: moje-PC)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (01/05/2016 11:20:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2016 11:35:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny ConvertStringSidToSid(S-1-5-21-2656427353-3572486724-2793342792-1003.bak) došlo k neočekávané chybě. hr= 0x80070539, Struktura ID zabezpečení není platná.
.
Operace:
Událost OnIdentify
Shromažďování dat modulu pro zápis
Kontext:
Kontext spuštění: Shadow Copy Optimization Writer
ID třídy modulu pro zápis: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Název modulu pro zápis: Shadow Copy Optimization Writer
ID instance modulu pro zápis: {9a3652fb-aaf3-47e9-93b7-63d0c08ec534}
Error: (01/04/2016 08:04:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny ConvertStringSidToSid(S-1-5-21-2656427353-3572486724-2793342792-1003.bak) došlo k neočekávané chybě. hr= 0x80070539, Struktura ID zabezpečení není platná.
.
Operace:
Událost OnIdentify
Shromažďování dat modulu pro zápis
Kontext:
Kontext spuštění: Shadow Copy Optimization Writer
ID třídy modulu pro zápis: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Název modulu pro zápis: Shadow Copy Optimization Writer
ID instance modulu pro zápis: {27342285-d36a-46aa-b891-3dca9e0fe6c4}
Error: (01/04/2016 07:13:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: moje-PC)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (01/04/2016 07:13:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: moje-PC)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (01/04/2016 07:12:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2016 06:57:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: moje-PC)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (01/04/2016 06:57:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: moje-PC)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
System errors:
=============
Error: (01/05/2016 11:45:32 AM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: Při pokusu přistoupit k privátnímu klíči pověření SSL Server došlo k závažné chybě. Kód chyby vrácený kryptografickým modulem je 0x8009030d. Stav interní chyby je 10001.
Error: (01/04/2016 07:10:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Windows Media Player Network Sharing neuspěla při spuštění v důsledku následující chyby:
%%1069
Error: (01/04/2016 07:10:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba WMPNetworkSvc se nemohla přihlásit jako NT AUTHORITY\NetworkService s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%50
Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).
Error: (01/04/2016 07:10:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
%%1069
Error: (01/04/2016 07:10:18 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba WSearch se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%50
Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).
Error: (01/04/2016 07:09:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (01/04/2016 07:09:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Update Service Daemon byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/04/2016 07:09:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/04/2016 07:09:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/04/2016 07:09:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PDF Architect 3 Creator byla neočekávaně ukončena. Tento stav nastal již 1krát.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 32%
Total physical RAM: 4095.27 MB
Available physical RAM: 2745.46 MB
Total Virtual: 8188.75 MB
Available Virtual: 6630.25 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.76 GB) (Free:376.52 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 650BD082)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by moje (administrator) on MOJE-PC (05-01-2016 11:50:44)
Running from C:\Users\moje\Downloads
Loaded Profiles: moje & UpdatusUser (Available Profiles: moje & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_270_ActiveX.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{029DB5D5-E6A3-4AD4-B428-DA18CEB45EBB}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130950858121553000&GUID=93670877-D68D-43C3-95DE-880634959350
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130950858121553000&GUID=93670877-D68D-43C3-95DE-880634959350
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&a ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_151113__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {CB7BF7D2-EE79-4D54-8862-B3AD29D7F69F} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_14875
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-14] (pdfforge GmbH)
FireFox:
========
FF ProfilePath: C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default
FF NewTab: C:\ProgramData\Zitenops\ff.NT
FF SelectedSearchEngine: Yahoo®
FF Homepage: C:\ProgramData\Zitenops\ff.HP
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-14] (pdfforge GmbH)
FF Extension: No Name - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\extension@b5m.com.xpi [not found]
FF Extension: Lucky Bright - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\{6e857e56-d440-4dd0-8233-2133b222bf2f}.xpi [2015-11-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-04-21] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwa6VY2Gy0OGFrgwpXBMZqhzshIgEow01vKleqsA6y8CdpT7JF6cFZATr2y7mJZO5_a-mxz77_MMmRH
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwWmg5kCx-yyPp8r27q-iY_M1y5OGzU-FOGWquc7aKCUWJe-WTI_LhL6k9Hes1HZDa7ysT_SrwrhI2g&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google Docs) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google Search) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Sheets) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-22]
CHR Extension: (Gmail) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2522616 2015-11-20] (ESET)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2243288 2015-04-14] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-14] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-14] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-20] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-20] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-11-20] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-11-20] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-11-20] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-11-20] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-12-26] (ESET)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-05 11:47 - 2016-01-05 11:48 - 00017804 _____ C:\Users\moje\Downloads\Addition.txt
2016-01-05 11:46 - 2016-01-05 11:50 - 00012582 _____ C:\Users\moje\Downloads\FRST.txt
2016-01-05 11:46 - 2016-01-05 11:50 - 00000000 ____D C:\FRST
2016-01-05 11:45 - 2016-01-05 11:46 - 02370560 _____ (Farbar) C:\Users\moje\Downloads\FRST64.exe
2016-01-05 11:21 - 2016-01-05 11:21 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Šablony
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Soubory cookie
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Poslední
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Okolní tiskárny
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Okolní síť
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Nabídka Start
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Dokumenty
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Documents\Obrázky
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Documents\Hudba
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Documents\Filmy
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Data aplikací
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Data aplikací
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 ____D C:\Users\TEMP
2016-01-05 11:21 - 2014-10-19 23:48 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2016-01-05 11:21 - 2010-11-21 10:38 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-01-04 19:05 - 2016-01-04 19:09 - 00000000 ____D C:\AdwCleaner
2016-01-02 22:53 - 2016-01-02 23:14 - 376307988 _____ C:\Users\moje\Downloads\Hitleruv-posledni-rok-1-z-2-2015-cz-dabing.avi
2016-01-02 21:46 - 2016-01-02 22:39 - 952130758 _____ C:\Users\moje\Downloads\Krycí-jméno-U.N.C.L.E.-2015-CZ-dabing.avi
2016-01-02 20:16 - 2016-01-02 21:05 - 886275414 _____ C:\Users\moje\Downloads\Slunce-seno-erotika-(1991).avi
2016-01-02 17:59 - 2016-01-02 19:53 - 1078411264 _____ C:\Users\moje\Downloads\Slunce-seno-a-pár-facek.avi
2016-01-02 17:57 - 2016-01-02 17:57 - 18506432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-30 20:12 - 2015-12-30 21:41 - 1576119676 _____ C:\Users\moje\Downloads\Sicario-Nájemný-vrah-(2015)CZ-titulky.avi
2015-12-28 23:47 - 2015-12-29 01:32 - 1874964480 _____ C:\Users\moje\Downloads\REVENANT-Zmrtvýchvstání---2015-CZ-Titulky.avi
2015-12-28 22:10 - 2015-12-28 23:31 - 1444419070 _____ C:\Users\moje\Downloads\Krokodýl-Dundee-2-(1988)-(CZ+CZ-tit.)-(Akční,-Dobrodružný,-Komedie).avi
2015-12-26 15:06 - 2015-12-26 15:06 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2015-12-23 20:00 - 2015-12-23 21:37 - 1734180864 _____ C:\Users\moje\Downloads\Brána-temnoty-[Pay-the-Ghost]-2015-(CZ-Dabing).avi
2015-12-22 22:01 - 2015-12-22 22:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-22 19:23 - 2015-12-22 19:23 - 00000000 ____D C:\Users\moje\.oracle_jre_usage
2015-12-22 13:11 - 2015-12-22 13:11 - 00000000 ____D C:\rsit
2015-12-22 13:11 - 2015-12-22 13:11 - 00000000 ____D C:\Program Files\trend micro
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\ProgramData\ESET
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\Program Files\ESET
2015-12-20 12:28 - 2016-01-05 11:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-20 12:28 - 2015-12-20 12:28 - 00000000 ____D C:\Users\moje\AppData\Local\ESET
2015-12-20 10:39 - 2015-12-20 10:39 - 00000001 _____ C:\Windows\SysWOW64\en.html
2015-12-17 15:33 - 2015-12-27 19:11 - 00000000 ____D C:\Users\moje\AppData\Local\Unity
2015-12-17 15:33 - 2015-12-25 12:09 - 00000000 ____D C:\Users\moje\AppData\LocalLow\Unity
2015-12-14 23:49 - 2015-12-15 01:10 - 1469487104 _____ C:\Users\moje\Downloads\The-Runner-,2015-CZ-Tit.v-obraze-Super-Drama,USA.avi
2015-12-14 17:52 - 2015-12-14 18:35 - 764968272 _____ C:\Users\moje\Downloads\Bojovnik-CZ-(2015).avi
2015-12-14 17:08 - 2015-12-20 13:54 - 00000000 ____D C:\ProgramData\MWdMM
2015-12-14 17:07 - 2015-12-20 13:54 - 00000000 ____D C:\ProgramData\5WdM5
2015-12-13 21:28 - 2015-12-13 22:37 - 1250918400 _____ C:\Users\moje\Downloads\MI-5-Vyšší-dobro_Spooks_The-Greater-Good-(2015)-BRRip-CZ-dab.avi
2015-12-09 19:57 - 2015-12-22 22:50 - 00000000 ____D C:\Users\moje\AppData\Local\Google
2015-12-08 20:24 - 2015-12-08 21:41 - 1384681472 _____ C:\Users\moje\Downloads\McFarland---Utěk-před-chudobou-(2015)-CZ-dabing.avi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-05 11:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-05 11:30 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-05 11:30 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-05 11:19 - 2014-09-06 22:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-05 11:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-05 00:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-01-04 23:58 - 2014-11-13 14:57 - 00000000 ____D C:\Users\moje\AppData\Roaming\vlc
2016-01-04 23:57 - 2014-09-09 20:15 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-04 23:41 - 2014-12-16 15:08 - 00000000 ____D C:\ProgramData\TEMP
2016-01-04 19:04 - 2015-11-11 12:27 - 00007626 _____ C:\Users\moje\AppData\Local\Resmon.ResmonCfg
2016-01-02 17:57 - 2014-09-09 20:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 17:57 - 2014-09-09 20:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 17:57 - 2014-09-09 20:15 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-31 15:34 - 2014-09-06 20:57 - 00000000 ____D C:\Users\moje
2015-12-31 15:28 - 2014-09-06 22:59 - 00000000 ____D C:\Users\UpdatusUser
2015-12-31 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-12-31 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-28 19:50 - 2014-09-06 21:11 - 00001912 _____ C:\Windows\epplauncher.mif
2015-12-25 12:09 - 2015-01-16 22:12 - 00000000 ____D C:\Users\moje\AppData\Local\Deployment
2015-12-22 22:48 - 2015-10-27 20:24 - 00000000 ____D C:\Users\moje\AppData\Roaming\Opera Software
2015-12-22 22:48 - 2015-10-27 20:24 - 00000000 ____D C:\Users\moje\AppData\Local\Opera Software
2015-12-22 22:48 - 2014-09-06 20:58 - 00001409 _____ C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-22 22:03 - 2015-03-24 14:45 - 00000000 ____D C:\ProgramData\Oracle
2015-12-20 13:54 - 2014-09-11 21:38 - 00000000 ____D C:\Users\moje\AppData\Roaming\rmi
2015-12-20 12:00 - 2009-07-14 06:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-16 17:02 - 2015-02-20 12:51 - 00000000 ____D C:\Users\moje\AppData\Roaming\.minecraft
2015-12-14 18:02 - 2010-11-21 10:27 - 00668610 _____ C:\Windows\system32\perfh005.dat
2015-12-14 18:02 - 2010-11-21 10:27 - 00141238 _____ C:\Windows\system32\perfc005.dat
2015-12-14 18:02 - 2009-07-14 06:13 - 01582486 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-10 18:54 - 2015-11-22 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-10 18:54 - 2014-10-19 17:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-10 18:54 - 2014-09-09 20:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-12-10 18:54 - 2014-09-09 20:15 - 00000000 ____D C:\Windows\system32\Macromed
2015-12-10 18:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-10-27 20:27 - 2015-10-27 20:27 - 0000187 _____ () C:\Users\moje\AppData\Local\Grooveing.exe.config
2015-11-11 12:27 - 2016-01-04 19:04 - 0007626 _____ () C:\Users\moje\AppData\Local\Resmon.ResmonCfg
2015-10-29 17:52 - 2015-10-29 17:52 - 0000000 _____ () C:\ProgramData\inf.dat
Files to move or delete:
====================
C:\ProgramData\inf.dat
Some files in TEMP:
====================
C:\Users\moje\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-02 09:50
==================== End of FRST.txt ============================
Ran by moje (2016-01-05 11:51:10)
Running from C:\Users\moje\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-09-06 19:57:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2656427353-3572486724-2793342792-500 - Administrator - Disabled)
Guest (S-1-5-21-2656427353-3572486724-2793342792-501 - Limited - Disabled)
moje (S-1-5-21-2656427353-3572486724-2793342792-1000 - Administrator - Enabled) => C:\Users\moje
UpdatusUser (S-1-5-21-2656427353-3572486724-2793342792-1003 - Limited - Enabled) => C:\Users\TEMP
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 9.0.351.2 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.351.2 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Aktualizace NVIDIA 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
ESET Smart Security (HKLM\...\{E8EA6A18-4085-4E67-AC9C-F8E9AEB53F4F}) (Version: 9.0.351.2 - ESET, spol. s r.o.)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
Ovládací panel NVIDIA 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
PDF Architect 3 Create Module (x32 Version: 3.0.12.22873 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.12.22873 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.12.22873 - pdfforge GmbH) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {936451A9-EB4E-4484-AD36-1575FD70028C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-09-06 22:58 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\moje\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{76BAC7C5-C6E1-4419-B6F8-037C0ECBD502}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{00EF3441-D533-4CB3-8508-56658A976708}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{F5E1C3F1-5C48-47D0-AD38-BB5809CF4B07}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{BA99F4DB-A39F-4FCB-A4A3-C247428BC675}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{8F5DAFBE-98A9-427D-A636-F9DB1317C835}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{3337ECE3-9918-470B-8073-1F467C3E025A}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{D0DDD099-5423-431F-AE2F-7B7E6A0A0728}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{4AA79372-D09C-4BBA-9EDE-7946C949D97C}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{E069240A-63C8-45F1-9FF8-0B690BC3C46D}C:\program files (x86)\warthunder\aces.exe] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{1D822495-F0E2-4B77-AA5F-E0FAA16608A0}C:\program files (x86)\warthunder\aces.exe] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [TCP Query User{63F4905D-9A0D-4A50-AF35-36CC9010EEBD}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{37981E48-41B8-4C29-B46F-273354864D98}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{FF437C02-687B-4359-ABC0-941399EF863D}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{AA41DDF1-3D4B-49BF-9A56-C0FD2EAA8940}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
==================== Restore Points =========================
26-12-2015 12:10:32 Before uninstalling Unity Web Player
27-12-2015 01:56:47 Windows Update
29-12-2015 17:58:18 Before uninstalling WinRAR 5.21 (64-bit)
02-01-2016 12:17:38 Before uninstalling WinRAR 5.21 (64-bit)
04-01-2016 20:04:03 Before uninstalling WinRAR 5.21 (64-bit)
04-01-2016 23:34:59 Before uninstalling WinRAR 5.21 (64-bit)
==================== Faulty Device Manager Devices =============
Name: Koprocesor
Description: Koprocesor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/05/2016 11:21:26 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: moje-PC)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (01/05/2016 11:21:26 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: moje-PC)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (01/05/2016 11:20:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2016 11:35:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny ConvertStringSidToSid(S-1-5-21-2656427353-3572486724-2793342792-1003.bak) došlo k neočekávané chybě. hr= 0x80070539, Struktura ID zabezpečení není platná.
.
Operace:
Událost OnIdentify
Shromažďování dat modulu pro zápis
Kontext:
Kontext spuštění: Shadow Copy Optimization Writer
ID třídy modulu pro zápis: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Název modulu pro zápis: Shadow Copy Optimization Writer
ID instance modulu pro zápis: {9a3652fb-aaf3-47e9-93b7-63d0c08ec534}
Error: (01/04/2016 08:04:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny ConvertStringSidToSid(S-1-5-21-2656427353-3572486724-2793342792-1003.bak) došlo k neočekávané chybě. hr= 0x80070539, Struktura ID zabezpečení není platná.
.
Operace:
Událost OnIdentify
Shromažďování dat modulu pro zápis
Kontext:
Kontext spuštění: Shadow Copy Optimization Writer
ID třídy modulu pro zápis: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Název modulu pro zápis: Shadow Copy Optimization Writer
ID instance modulu pro zápis: {27342285-d36a-46aa-b891-3dca9e0fe6c4}
Error: (01/04/2016 07:13:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: moje-PC)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (01/04/2016 07:13:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: moje-PC)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (01/04/2016 07:12:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2016 06:57:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: moje-PC)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (01/04/2016 06:57:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: moje-PC)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
System errors:
=============
Error: (01/05/2016 11:45:32 AM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: Při pokusu přistoupit k privátnímu klíči pověření SSL Server došlo k závažné chybě. Kód chyby vrácený kryptografickým modulem je 0x8009030d. Stav interní chyby je 10001.
Error: (01/04/2016 07:10:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Windows Media Player Network Sharing neuspěla při spuštění v důsledku následující chyby:
%%1069
Error: (01/04/2016 07:10:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba WMPNetworkSvc se nemohla přihlásit jako NT AUTHORITY\NetworkService s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%50
Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).
Error: (01/04/2016 07:10:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
%%1069
Error: (01/04/2016 07:10:18 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba WSearch se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%50
Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).
Error: (01/04/2016 07:09:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (01/04/2016 07:09:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Update Service Daemon byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/04/2016 07:09:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/04/2016 07:09:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (01/04/2016 07:09:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PDF Architect 3 Creator byla neočekávaně ukončena. Tento stav nastal již 1krát.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 32%
Total physical RAM: 4095.27 MB
Available physical RAM: 2745.46 MB
Total Virtual: 8188.75 MB
Available Virtual: 6630.25 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.76 GB) (Free:376.52 GB) NTFS ==>[drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 650BD082)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by moje (administrator) on MOJE-PC (05-01-2016 11:50:44)
Running from C:\Users\moje\Downloads
Loaded Profiles: moje & UpdatusUser (Available Profiles: moje & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_270_ActiveX.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{029DB5D5-E6A3-4AD4-B428-DA18CEB45EBB}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130950858121553000&GUID=93670877-D68D-43C3-95DE-880634959350
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130950858121553000&GUID=93670877-D68D-43C3-95DE-880634959350
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&a ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_151113__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {CB7BF7D2-EE79-4D54-8862-B3AD29D7F69F} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_14875
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-14] (pdfforge GmbH)
FireFox:
========
FF ProfilePath: C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default
FF NewTab: C:\ProgramData\Zitenops\ff.NT
FF SelectedSearchEngine: Yahoo®
FF Homepage: C:\ProgramData\Zitenops\ff.HP
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-14] (pdfforge GmbH)
FF Extension: No Name - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\extension@b5m.com.xpi [not found]
FF Extension: Lucky Bright - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\{6e857e56-d440-4dd0-8233-2133b222bf2f}.xpi [2015-11-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-04-21] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwa6VY2Gy0OGFrgwpXBMZqhzshIgEow01vKleqsA6y8CdpT7JF6cFZATr2y7mJZO5_a-mxz77_MMmRH
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwWmg5kCx-yyPp8r27q-iY_M1y5OGzU-FOGWquc7aKCUWJe-WTI_LhL6k9Hes1HZDa7ysT_SrwrhI2g&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google Docs) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google Search) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Sheets) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-22]
CHR Extension: (Gmail) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2522616 2015-11-20] (ESET)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2243288 2015-04-14] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-14] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-14] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-20] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-20] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-11-20] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-11-20] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-11-20] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-11-20] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-12-26] (ESET)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-05 11:47 - 2016-01-05 11:48 - 00017804 _____ C:\Users\moje\Downloads\Addition.txt
2016-01-05 11:46 - 2016-01-05 11:50 - 00012582 _____ C:\Users\moje\Downloads\FRST.txt
2016-01-05 11:46 - 2016-01-05 11:50 - 00000000 ____D C:\FRST
2016-01-05 11:45 - 2016-01-05 11:46 - 02370560 _____ (Farbar) C:\Users\moje\Downloads\FRST64.exe
2016-01-05 11:21 - 2016-01-05 11:21 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Šablony
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Soubory cookie
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Poslední
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Okolní tiskárny
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Okolní síť
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Nabídka Start
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Dokumenty
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Documents\Obrázky
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Documents\Hudba
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Documents\Filmy
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\Data aplikací
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Data aplikací
2016-01-05 11:21 - 2016-01-05 11:21 - 00000000 ____D C:\Users\TEMP
2016-01-05 11:21 - 2014-10-19 23:48 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2016-01-05 11:21 - 2010-11-21 10:38 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-01-04 19:05 - 2016-01-04 19:09 - 00000000 ____D C:\AdwCleaner
2016-01-02 22:53 - 2016-01-02 23:14 - 376307988 _____ C:\Users\moje\Downloads\Hitleruv-posledni-rok-1-z-2-2015-cz-dabing.avi
2016-01-02 21:46 - 2016-01-02 22:39 - 952130758 _____ C:\Users\moje\Downloads\Krycí-jméno-U.N.C.L.E.-2015-CZ-dabing.avi
2016-01-02 20:16 - 2016-01-02 21:05 - 886275414 _____ C:\Users\moje\Downloads\Slunce-seno-erotika-(1991).avi
2016-01-02 17:59 - 2016-01-02 19:53 - 1078411264 _____ C:\Users\moje\Downloads\Slunce-seno-a-pár-facek.avi
2016-01-02 17:57 - 2016-01-02 17:57 - 18506432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-30 20:12 - 2015-12-30 21:41 - 1576119676 _____ C:\Users\moje\Downloads\Sicario-Nájemný-vrah-(2015)CZ-titulky.avi
2015-12-28 23:47 - 2015-12-29 01:32 - 1874964480 _____ C:\Users\moje\Downloads\REVENANT-Zmrtvýchvstání---2015-CZ-Titulky.avi
2015-12-28 22:10 - 2015-12-28 23:31 - 1444419070 _____ C:\Users\moje\Downloads\Krokodýl-Dundee-2-(1988)-(CZ+CZ-tit.)-(Akční,-Dobrodružný,-Komedie).avi
2015-12-26 15:06 - 2015-12-26 15:06 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2015-12-23 20:00 - 2015-12-23 21:37 - 1734180864 _____ C:\Users\moje\Downloads\Brána-temnoty-[Pay-the-Ghost]-2015-(CZ-Dabing).avi
2015-12-22 22:01 - 2015-12-22 22:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-22 19:23 - 2015-12-22 19:23 - 00000000 ____D C:\Users\moje\.oracle_jre_usage
2015-12-22 13:11 - 2015-12-22 13:11 - 00000000 ____D C:\rsit
2015-12-22 13:11 - 2015-12-22 13:11 - 00000000 ____D C:\Program Files\trend micro
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\ProgramData\ESET
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\Program Files\ESET
2015-12-20 12:28 - 2016-01-05 11:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-20 12:28 - 2015-12-20 12:28 - 00000000 ____D C:\Users\moje\AppData\Local\ESET
2015-12-20 10:39 - 2015-12-20 10:39 - 00000001 _____ C:\Windows\SysWOW64\en.html
2015-12-17 15:33 - 2015-12-27 19:11 - 00000000 ____D C:\Users\moje\AppData\Local\Unity
2015-12-17 15:33 - 2015-12-25 12:09 - 00000000 ____D C:\Users\moje\AppData\LocalLow\Unity
2015-12-14 23:49 - 2015-12-15 01:10 - 1469487104 _____ C:\Users\moje\Downloads\The-Runner-,2015-CZ-Tit.v-obraze-Super-Drama,USA.avi
2015-12-14 17:52 - 2015-12-14 18:35 - 764968272 _____ C:\Users\moje\Downloads\Bojovnik-CZ-(2015).avi
2015-12-14 17:08 - 2015-12-20 13:54 - 00000000 ____D C:\ProgramData\MWdMM
2015-12-14 17:07 - 2015-12-20 13:54 - 00000000 ____D C:\ProgramData\5WdM5
2015-12-13 21:28 - 2015-12-13 22:37 - 1250918400 _____ C:\Users\moje\Downloads\MI-5-Vyšší-dobro_Spooks_The-Greater-Good-(2015)-BRRip-CZ-dab.avi
2015-12-09 19:57 - 2015-12-22 22:50 - 00000000 ____D C:\Users\moje\AppData\Local\Google
2015-12-08 20:24 - 2015-12-08 21:41 - 1384681472 _____ C:\Users\moje\Downloads\McFarland---Utěk-před-chudobou-(2015)-CZ-dabing.avi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-05 11:47 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-05 11:30 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-05 11:30 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-05 11:19 - 2014-09-06 22:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-05 11:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-05 00:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-01-04 23:58 - 2014-11-13 14:57 - 00000000 ____D C:\Users\moje\AppData\Roaming\vlc
2016-01-04 23:57 - 2014-09-09 20:15 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-04 23:41 - 2014-12-16 15:08 - 00000000 ____D C:\ProgramData\TEMP
2016-01-04 19:04 - 2015-11-11 12:27 - 00007626 _____ C:\Users\moje\AppData\Local\Resmon.ResmonCfg
2016-01-02 17:57 - 2014-09-09 20:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 17:57 - 2014-09-09 20:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 17:57 - 2014-09-09 20:15 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-31 15:34 - 2014-09-06 20:57 - 00000000 ____D C:\Users\moje
2015-12-31 15:28 - 2014-09-06 22:59 - 00000000 ____D C:\Users\UpdatusUser
2015-12-31 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-12-31 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-28 19:50 - 2014-09-06 21:11 - 00001912 _____ C:\Windows\epplauncher.mif
2015-12-25 12:09 - 2015-01-16 22:12 - 00000000 ____D C:\Users\moje\AppData\Local\Deployment
2015-12-22 22:48 - 2015-10-27 20:24 - 00000000 ____D C:\Users\moje\AppData\Roaming\Opera Software
2015-12-22 22:48 - 2015-10-27 20:24 - 00000000 ____D C:\Users\moje\AppData\Local\Opera Software
2015-12-22 22:48 - 2014-09-06 20:58 - 00001409 _____ C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-22 22:03 - 2015-03-24 14:45 - 00000000 ____D C:\ProgramData\Oracle
2015-12-20 13:54 - 2014-09-11 21:38 - 00000000 ____D C:\Users\moje\AppData\Roaming\rmi
2015-12-20 12:00 - 2009-07-14 06:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-16 17:02 - 2015-02-20 12:51 - 00000000 ____D C:\Users\moje\AppData\Roaming\.minecraft
2015-12-14 18:02 - 2010-11-21 10:27 - 00668610 _____ C:\Windows\system32\perfh005.dat
2015-12-14 18:02 - 2010-11-21 10:27 - 00141238 _____ C:\Windows\system32\perfc005.dat
2015-12-14 18:02 - 2009-07-14 06:13 - 01582486 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-10 18:54 - 2015-11-22 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-10 18:54 - 2014-10-19 17:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-10 18:54 - 2014-09-09 20:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-12-10 18:54 - 2014-09-09 20:15 - 00000000 ____D C:\Windows\system32\Macromed
2015-12-10 18:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-10-27 20:27 - 2015-10-27 20:27 - 0000187 _____ () C:\Users\moje\AppData\Local\Grooveing.exe.config
2015-11-11 12:27 - 2016-01-04 19:04 - 0007626 _____ () C:\Users\moje\AppData\Local\Resmon.ResmonCfg
2015-10-29 17:52 - 2015-10-29 17:52 - 0000000 _____ () C:\ProgramData\inf.dat
Files to move or delete:
====================
C:\ProgramData\inf.dat
Some files in TEMP:
====================
C:\Users\moje\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-02 09:50
==================== End of FRST.txt ============================
Re: pomalý PC a neustálá instalace nechtěných aplikací
- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Kód: Vybrat vše
Start CreateRestorePoint: CloseProcesses: AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... XbGMD_Z&q={searchTerms} HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/ HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... XbGMD_Z&q={searchTerms} HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... XbGMD_Z&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?si ... &src=ds&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = FF NewTab: C:\ProgramData\Zitenops\ff.NT FF SelectedSearchEngine: Yahoo® FF Homepage: C:\ProgramData\Zitenops\ff.HP C:\ProgramData\Zitenops FF Extension: No Name - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\deskCutv2@gmail.com [not found] FF Extension: No Name - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\extension@b5m.com.xpi [not found] FF Extension: Lucky Bright - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\{6e857e56-d440-4dd0-8233-2133b222bf2f}.xpi [2015-11-06] [not signed] CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... xz77_MMmRH CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... rwrhI2g&q={searchTerms} CHR DefaultSearchKeyword: Default -> feed.sonic-search.com CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?ou ... s&command={searchTerms} 2015-12-22 13:11 - 2015-12-22 13:11 - 00000000 ____D C:\rsit 2015-12-22 13:11 - 2015-12-22 13:11 - 00000000 ____D C:\Program Files\trend micro 2015-12-14 17:08 - 2015-12-20 13:54 - 00000000 ____D C:\ProgramData\MWdMM 2015-12-14 17:07 - 2015-12-20 13:54 - 00000000 ____D C:\ProgramData\5WdM5 2015-10-29 17:52 - 2015-10-29 17:52 - 0000000 _____ () C:\ProgramData\inf.dat CMD: ipconfig /flushdns Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: pomalý PC a neustálá instalace nechtěných aplikací
Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by moje (2016-01-06 12:14:21) Run:1
Running from C:\Users\moje\Downloads
Loaded Profiles: moje & UpdatusUser (Available Profiles: moje & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... XbGMD_Z&q={searchTerms}
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... XbGMD_Z&q={searchTerms}
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... XbGMD_Z&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?si ... &src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
FF NewTab: C:\ProgramData\Zitenops\ff.NT
FF SelectedSearchEngine: Yahoo®
FF Homepage: C:\ProgramData\Zitenops\ff.HP
C:\ProgramData\Zitenops
FF Extension: No Name - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\extension@b5m.com.xpi [not found]
FF Extension: Lucky Bright - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\{6e857e56-d440-4dd0-8233-2133b222bf2f}.xpi [2015-11-06] [not signed]
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... xz77_MMmRH
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... rwrhI2g&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?ou ... s&command={searchTerms}
2015-12-22 13:11 - 2015-12-22 13:11 - 00000000 ____D C:\rsit
2015-12-22 13:11 - 2015-12-22 13:11 - 00000000 ____D C:\Program Files\trend micro
2015-12-14 17:08 - 2015-12-20 13:54 - 00000000 ____D C:\ProgramData\MWdMM
2015-12-14 17:07 - 2015-12-20 13:54 - 00000000 ____D C:\ProgramData\5WdM5
2015-10-29 17:52 - 2015-10-29 17:52 - 0000000 _____ () C:\ProgramData\inf.dat
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value removed successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value removed successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
Firefox "newtab" removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
C:\ProgramData\Zitenops => moved successfully
C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\deskCutv2@gmail.com => path removed successfully
C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\extension@b5m.com.xpi => path removed successfully
C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\{6e857e56-d440-4dd0-8233-2133b222bf2f}.xpi => moved successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\ProgramData\MWdMM => moved successfully
C:\ProgramData\5WdM5 => moved successfully
C:\ProgramData\inf.dat => moved successfully
========= ipconfig /flushdns =========
Konfigurace protokolu IP syst�mu Windows
Mezipam p�ekl�d�n� DNS byla �sp��n� vypr�zdn�na.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 404.7 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 12:15:28 ====
Ran by moje (2016-01-06 12:14:21) Run:1
Running from C:\Users\moje\Downloads
Loaded Profiles: moje & UpdatusUser (Available Profiles: moje & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... XbGMD_Z&q={searchTerms}
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... XbGMD_Z&q={searchTerms}
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... XbGMD_Z&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?si ... &src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
FF NewTab: C:\ProgramData\Zitenops\ff.NT
FF SelectedSearchEngine: Yahoo®
FF Homepage: C:\ProgramData\Zitenops\ff.HP
C:\ProgramData\Zitenops
FF Extension: No Name - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\extension@b5m.com.xpi [not found]
FF Extension: Lucky Bright - C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\{6e857e56-d440-4dd0-8233-2133b222bf2f}.xpi [2015-11-06] [not signed]
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... xz77_MMmRH
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... rwrhI2g&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?ou ... s&command={searchTerms}
2015-12-22 13:11 - 2015-12-22 13:11 - 00000000 ____D C:\rsit
2015-12-22 13:11 - 2015-12-22 13:11 - 00000000 ____D C:\Program Files\trend micro
2015-12-14 17:08 - 2015-12-20 13:54 - 00000000 ____D C:\ProgramData\MWdMM
2015-12-14 17:07 - 2015-12-20 13:54 - 00000000 ____D C:\ProgramData\5WdM5
2015-10-29 17:52 - 2015-10-29 17:52 - 0000000 _____ () C:\ProgramData\inf.dat
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value removed successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value removed successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
Firefox "newtab" removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
C:\ProgramData\Zitenops => moved successfully
C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\deskCutv2@gmail.com => path removed successfully
C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\extensions\extension@b5m.com.xpi => path removed successfully
C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\Extensions\{6e857e56-d440-4dd0-8233-2133b222bf2f}.xpi => moved successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\ProgramData\MWdMM => moved successfully
C:\ProgramData\5WdM5 => moved successfully
C:\ProgramData\inf.dat => moved successfully
========= ipconfig /flushdns =========
Konfigurace protokolu IP syst�mu Windows
Mezipam p�ekl�d�n� DNS byla �sp��n� vypr�zdn�na.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 404.7 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 12:15:28 ====
Re: pomalý PC a neustálá instalace nechtěných aplikací
A ještě mi to pokaždé když zapnu prohlížeč i když mám nastavenou domácí stránku seznam.cz odkazuje na adresu : http://search.safefinder.com/?publisher ... er=APSFRec
kterou mi blokuje ESET
kterou mi blokuje ESET
Re: pomalý PC a neustálá instalace nechtěných aplikací
Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm
- spustte jako spravce
- do velkeho okna zkopirujte script uvedeny nize
- kliknete na Run script
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi
Kód: Vybrat vše
autoclean; emptyclsid; iedefaults; FFdefaults; CHRdefaults;
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: pomalý PC a neustálá instalace nechtěných aplikací
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by moje on st 06.01.2016 at 23:14:08,80.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\moje\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2016-01-06-220346.log 964 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\pdf_architect_3_conv@pdfarchitect.org deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js:
Added to C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default
user.js not found
---- Lines mystart removed from prefs.js ----
user_pref("browser.search.searchengine.alias", "mystartsearch");
user_pref("browser.search.searchengine.iconURL", "http://www.mystartsearch.com/favicon.ico");
user_pref("browser.search.searchengine.name", "mystartsearch");
user_pref("browser.search.searchengine.url", "http://www.mystartsearch.com/web/?type= ... 9t1o1m&fro
---- Lines searchengine removed from prefs.js ----
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "cmi");
user_pref("browser.search.searchengine.uid", "ST9500325AS_6VE1Q21FXXXX6VE1Q21F");
---- Lines pdf_architect_3_conv@pdfarchitect.org removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"defsearchp@gmail.com\":{\"d\":\"C:\\\\Users\\\\moje\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\
---- FireFox user.js and prefs.js backups ----
prefs_06.01.2016_2334_.backup
==== Batch Command(s) Run By Tool======================
Katalog Winsock byl ŁspŘçnŘ resetov n.
K dokonźenˇ resetov nˇ je nutn‚ restartovat poźˇtaź.
==== Deleting Files \ Folders ======================
C:\Users\moje\AppData\Local\Web Bubble deleted
C:\PROGRA~2\Your Uninstaller! 7 deleted
C:\Users\moje\AppData\Roaming\WB_CFG deleted
C:\Users\moje\AppData\Roaming\kingsoft deleted
C:\PROGRA~3\kingsoft deleted
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\moje\AppData\Local\Grooveing.exe.config deleted
C:\Users\moje\AppData\Local\MyBrowser deleted
C:\Users\moje\AppData\Local\Mindspark deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\Users\moje\AppData\LocalLow\Unity deleted
C:\Users\moje\AppData\LocalLow\DataMngr deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\jetpack deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Look ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://seznam.cz/"
"Default_Page_URL"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://seznam.cz/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02
HKCU\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2} - http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
HKCU\SearchScopes\{CB7BF7D2-EE79-4D54-8862-B3AD29D7F69F} - http://tv.seznam.cz/hledej?w={searchTer ... arch_14875
==== Reset Google Chrome ======================
C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\moje\Desktop\Your Unin-staller.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\World of Tanks.lnk - C:\Games\World_of_Tanks\WoTLauncher.exe
==== shortcuts in Users Start Menu ======================
C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=CZ&userid=aaa67438-1870-4fb5-ac36-cf852ff5bede&searchtype=sc&installDate=28.10.2015&barcodeid=50045888&channelid=888
C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Ochrana bankovnictví a online plateb.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Smart Security.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\egui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET SysInspector.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\SysInspector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET SysRescue.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\SysRescue.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\Licenční ujednání.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\Odinstalovat.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\callmsi.exe /i {E8EA6A18-4085-4E67-AC9C-F8E9AEB53F4F}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 7\Help document.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 7\Uninstall.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller.lnk -
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=CZ&userid=aaa67438-1870-4fb5-ac36-cf852ff5bede&searchtype=sc&installDate=28.10.2015&barcodeid=50045888&channelid=888
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=CZ&userid=aaa67438-1870-4fb5-ac36-cf852ff5bede&searchtype=sc&installDate=28.10.2015&barcodeid=50045888&channelid=888
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\225FGX0J will be deleted at reboot
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5P2A4SAZ will be deleted at reboot
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\61C53FT7 will be deleted at reboot
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUZSB39C will be deleted at reboot
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WNKG12BZ will be deleted at reboot
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YVV2DR3C will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=201 folders=150 156739442 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\moje\AppData\Local\Temp will be emptied at reboot
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\moje\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\225FGX0J" not found
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5P2A4SAZ" not found
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\61C53FT7" not found
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUZSB39C" not found
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WNKG12BZ" not found
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YVV2DR3C" not found
==== EOF on st 06.01.2016 at 23:41:37,51 ======================
Tool run by moje on st 06.01.2016 at 23:14:08,80.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\moje\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2016-01-06-220346.log 964 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\pdf_architect_3_conv@pdfarchitect.org deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js:
Added to C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default
user.js not found
---- Lines mystart removed from prefs.js ----
user_pref("browser.search.searchengine.alias", "mystartsearch");
user_pref("browser.search.searchengine.iconURL", "http://www.mystartsearch.com/favicon.ico");
user_pref("browser.search.searchengine.name", "mystartsearch");
user_pref("browser.search.searchengine.url", "http://www.mystartsearch.com/web/?type= ... 9t1o1m&fro
---- Lines searchengine removed from prefs.js ----
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "cmi");
user_pref("browser.search.searchengine.uid", "ST9500325AS_6VE1Q21FXXXX6VE1Q21F");
---- Lines pdf_architect_3_conv@pdfarchitect.org removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"defsearchp@gmail.com\":{\"d\":\"C:\\\\Users\\\\moje\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\
---- FireFox user.js and prefs.js backups ----
prefs_06.01.2016_2334_.backup
==== Batch Command(s) Run By Tool======================
Katalog Winsock byl ŁspŘçnŘ resetov n.
K dokonźenˇ resetov nˇ je nutn‚ restartovat poźˇtaź.
==== Deleting Files \ Folders ======================
C:\Users\moje\AppData\Local\Web Bubble deleted
C:\PROGRA~2\Your Uninstaller! 7 deleted
C:\Users\moje\AppData\Roaming\WB_CFG deleted
C:\Users\moje\AppData\Roaming\kingsoft deleted
C:\PROGRA~3\kingsoft deleted
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\moje\AppData\Local\Grooveing.exe.config deleted
C:\Users\moje\AppData\Local\MyBrowser deleted
C:\Users\moje\AppData\Local\Mindspark deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\Users\moje\AppData\LocalLow\Unity deleted
C:\Users\moje\AppData\LocalLow\DataMngr deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default\jetpack deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Look ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://seznam.cz/"
"Default_Page_URL"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABgIn_FHePyvp6MGsh9Qs8PQaeE3YMk5xI2sQwJyJFksdS88DXEIgnfrRibWV5OHAVJwBqXfpnQOxG4Ny9YHriF8nxiZuyi8L_MQSd5JHI2m6fIMERsSiXWegRklptTFKQiBYPrAD3XbGMD_Z&q={searchTerms}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://seznam.cz/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02
HKCU\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2} - http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
HKCU\SearchScopes\{CB7BF7D2-EE79-4D54-8862-B3AD29D7F69F} - http://tv.seznam.cz/hledej?w={searchTer ... arch_14875
==== Reset Google Chrome ======================
C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\moje\Desktop\Your Unin-staller.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\World of Tanks.lnk - C:\Games\World_of_Tanks\WoTLauncher.exe
==== shortcuts in Users Start Menu ======================
C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=CZ&userid=aaa67438-1870-4fb5-ac36-cf852ff5bede&searchtype=sc&installDate=28.10.2015&barcodeid=50045888&channelid=888
C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Ochrana bankovnictví a online plateb.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Smart Security.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\egui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET SysInspector.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\SysInspector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET SysRescue.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\SysRescue.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\Licenční ujednání.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\Odinstalovat.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\callmsi.exe /i {E8EA6A18-4085-4E67-AC9C-F8E9AEB53F4F}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 7\Help document.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 7\Uninstall.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller.lnk -
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=CZ&userid=aaa67438-1870-4fb5-ac36-cf852ff5bede&searchtype=sc&installDate=28.10.2015&barcodeid=50045888&channelid=888
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=CZ&userid=aaa67438-1870-4fb5-ac36-cf852ff5bede&searchtype=sc&installDate=28.10.2015&barcodeid=50045888&channelid=888
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\moje\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\225FGX0J will be deleted at reboot
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5P2A4SAZ will be deleted at reboot
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\61C53FT7 will be deleted at reboot
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUZSB39C will be deleted at reboot
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WNKG12BZ will be deleted at reboot
C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YVV2DR3C will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=201 folders=150 156739442 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\moje\AppData\Local\Temp will be emptied at reboot
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\moje\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\225FGX0J" not found
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5P2A4SAZ" not found
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\61C53FT7" not found
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUZSB39C" not found
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WNKG12BZ" not found
"C:\Users\moje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YVV2DR3C" not found
==== EOF on st 06.01.2016 at 23:41:37,51 ======================
Re: pomalý PC a neustálá instalace nechtěných aplikací
Jak se chova PC? Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: pomalý PC a neustálá instalace nechtěných aplikací
Zdravím,
je to lepší díky moc, kdyby se to znovu objevilo tak se ještě ozvu.
Přeju hezký den.
je to lepší díky moc, kdyby se to znovu objevilo tak se ještě ozvu.
Přeju hezký den.
Re: pomalý PC a neustálá instalace nechtěných aplikací
Dobra tedy. Spustte jeste uklizeci utilitu, at Vam v systemu nevisi nastroje, ktere jsme pouzili.
Nemate zac, kdyztak se ozvete.
- Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
- Oznacte jen moznost "Remove disinfection tools"
- kliknete na Run
Nemate zac, kdyztak se ozvete.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: pomalý PC a neustálá instalace nechtěných aplikací
Dobrý den,
tak jsem myslel, že už je to dobré a pořád to ještě není ono. Po zhruba 15min. zaplého PC vyjede výkon na 100% a zase se vše kouše a zasekává i připojení Wi-Fi.
tak jsem myslel, že už je to dobré a pořád to ještě není ono. Po zhruba 15min. zaplého PC vyjede výkon na 100% a zase se vše kouše a zasekává i připojení Wi-Fi.
Re: pomalý PC a neustálá instalace nechtěných aplikací
Prohlížeč už jede dobře, jen když pustím víc úkonů najednou tak to PC nestíhá a dříve to jelo uplně bez problémů.Zřejmě to ještě není ono.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by moje (administrator) on MOJE-PC (10-01-2016 13:27:52)
Running from C:\Users\moje\Downloads
Loaded Profiles: moje & UpdatusUser (Available Profiles: moje & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{029DB5D5-E6A3-4AD4-B428-DA18CEB45EBB}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130950858121553000&GUID=93670877-D68D-43C3-95DE-880634959350
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130950858121553000&GUID=93670877-D68D-43C3-95DE-880634959350
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {CB7BF7D2-EE79-4D54-8862-B3AD29D7F69F} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_14875
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-14] (pdfforge GmbH)
FireFox:
========
FF ProfilePath: C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-14] (pdfforge GmbH)
Chrome:
=======
CHR Profile: C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google Docs) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google Search) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Sheets) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-22]
CHR Extension: (Gmail) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2522616 2015-11-20] (ESET)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2243288 2015-04-14] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-14] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-14] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-20] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-20] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-11-20] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-11-20] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-11-20] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-11-20] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-12-26] (ESET)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-10 13:27 - 2016-01-10 13:28 - 00009377 _____ C:\Users\moje\Downloads\FRST.txt
2016-01-10 13:27 - 2016-01-10 13:27 - 02370560 _____ (Farbar) C:\Users\moje\Downloads\FRST64.exe
2016-01-10 13:27 - 2016-01-10 13:27 - 00000000 ____D C:\FRST
2016-01-09 20:31 - 2016-01-09 21:02 - 00002038 _____ C:\Users\moje\Desktop\Rkill.txt
2016-01-09 20:25 - 2016-01-09 20:25 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\moje\Downloads\rkill.exe
2016-01-09 20:00 - 2016-01-09 20:00 - 00001271 _____ C:\DelFix.txt
2016-01-09 19:27 - 2016-01-09 19:37 - 00000000 ____D C:\Windows\erdnt
2016-01-09 17:15 - 2016-01-09 17:15 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Šablony
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Soubory cookie
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Poslední
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Okolní tiskárny
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Okolní síť
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Nabídka Start
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Dokumenty
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Documents\Obrázky
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Documents\Hudba
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Documents\Filmy
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Data aplikací
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Data aplikací
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 ____D C:\Users\TEMP
2016-01-09 17:15 - 2014-10-19 23:48 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2016-01-09 17:15 - 2010-11-21 10:38 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-01-06 23:39 - 2016-01-06 23:14 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-01-02 22:53 - 2016-01-02 23:14 - 376307988 _____ C:\Users\moje\Downloads\Hitleruv-posledni-rok-1-z-2-2015-cz-dabing.avi
2016-01-02 21:46 - 2016-01-02 22:39 - 952130758 _____ C:\Users\moje\Downloads\Krycí-jméno-U.N.C.L.E.-2015-CZ-dabing.avi
2016-01-02 20:16 - 2016-01-02 21:05 - 886275414 _____ C:\Users\moje\Downloads\Slunce-seno-erotika-(1991).avi
2016-01-02 17:59 - 2016-01-02 19:53 - 1078411264 _____ C:\Users\moje\Downloads\Slunce-seno-a-pár-facek.avi
2016-01-02 17:57 - 2016-01-02 17:57 - 18506432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-30 20:12 - 2015-12-30 21:41 - 1576119676 _____ C:\Users\moje\Downloads\Sicario-Nájemný-vrah-(2015)CZ-titulky.avi
2015-12-28 23:47 - 2015-12-29 01:32 - 1874964480 _____ C:\Users\moje\Downloads\REVENANT-Zmrtvýchvstání---2015-CZ-Titulky.avi
2015-12-28 22:10 - 2015-12-28 23:31 - 1444419070 _____ C:\Users\moje\Downloads\Krokodýl-Dundee-2-(1988)-(CZ+CZ-tit.)-(Akční,-Dobrodružný,-Komedie).avi
2015-12-26 15:06 - 2015-12-26 15:06 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2015-12-23 20:00 - 2015-12-23 21:37 - 1734180864 _____ C:\Users\moje\Downloads\Brána-temnoty-[Pay-the-Ghost]-2015-(CZ-Dabing).avi
2015-12-22 22:01 - 2015-12-22 22:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\ProgramData\ESET
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\Program Files\ESET
2015-12-20 12:28 - 2016-01-09 17:13 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-20 12:28 - 2015-12-20 12:28 - 00000000 ____D C:\Users\moje\AppData\Local\ESET
2015-12-20 10:39 - 2015-12-20 10:39 - 00000001 _____ C:\Windows\SysWOW64\en.html
2015-12-14 23:49 - 2015-12-15 01:10 - 1469487104 _____ C:\Users\moje\Downloads\The-Runner-,2015-CZ-Tit.v-obraze-Super-Drama,USA.avi
2015-12-14 17:52 - 2015-12-14 18:35 - 764968272 _____ C:\Users\moje\Downloads\Bojovnik-CZ-(2015).avi
2015-12-13 21:28 - 2015-12-13 22:37 - 1250918400 _____ C:\Users\moje\Downloads\MI-5-Vyšší-dobro_Spooks_The-Greater-Good-(2015)-BRRip-CZ-dab.avi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-10 13:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-10 13:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-01-10 13:07 - 2015-11-11 12:27 - 00007626 _____ C:\Users\moje\AppData\Local\Resmon.ResmonCfg
2016-01-10 12:57 - 2014-09-09 20:15 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-09 19:37 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-01-09 17:22 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-09 17:22 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-09 17:13 - 2014-09-06 22:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-09 17:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-06 23:41 - 2014-09-09 20:06 - 00000008 __RSH C:\Users\moje\ntuser.pol
2016-01-06 23:41 - 2014-09-06 20:57 - 00000000 ____D C:\Users\moje
2016-01-06 23:37 - 2014-09-06 20:58 - 00001687 _____ C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-06 23:34 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-04 23:58 - 2014-11-13 14:57 - 00000000 ____D C:\Users\moje\AppData\Roaming\vlc
2016-01-04 23:41 - 2014-12-16 15:08 - 00000000 ____D C:\ProgramData\TEMP
2016-01-02 17:57 - 2014-09-09 20:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 17:57 - 2014-09-09 20:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 17:57 - 2014-09-09 20:15 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-31 15:28 - 2014-09-06 22:59 - 00000000 ____D C:\Users\UpdatusUser
2015-12-31 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-12-31 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-28 19:50 - 2014-09-06 21:11 - 00001912 _____ C:\Windows\epplauncher.mif
2015-12-25 12:09 - 2015-01-16 22:12 - 00000000 ____D C:\Users\moje\AppData\Local\Deployment
2015-12-22 22:50 - 2015-12-09 19:57 - 00000000 ____D C:\Users\moje\AppData\Local\Google
2015-12-22 22:03 - 2015-03-24 14:45 - 00000000 ____D C:\ProgramData\Oracle
2015-12-20 13:54 - 2014-09-11 21:38 - 00000000 ____D C:\Users\moje\AppData\Roaming\rmi
2015-12-20 12:00 - 2009-07-14 06:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-16 17:02 - 2015-02-20 12:51 - 00000000 ____D C:\Users\moje\AppData\Roaming\.minecraft
2015-12-14 18:02 - 2010-11-21 10:27 - 00668610 _____ C:\Windows\system32\perfh005.dat
2015-12-14 18:02 - 2010-11-21 10:27 - 00141238 _____ C:\Windows\system32\perfc005.dat
2015-12-14 18:02 - 2009-07-14 06:13 - 01582486 _____ C:\Windows\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2015-11-11 12:27 - 2016-01-10 13:07 - 0007626 _____ () C:\Users\moje\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-09 21:39
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by moje (administrator) on MOJE-PC (10-01-2016 13:27:52)
Running from C:\Users\moje\Downloads
Loaded Profiles: moje & UpdatusUser (Available Profiles: moje & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{029DB5D5-E6A3-4AD4-B428-DA18CEB45EBB}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130950858121553000&GUID=93670877-D68D-43C3-95DE-880634959350
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130950858121553000&GUID=93670877-D68D-43C3-95DE-880634959350
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2656427353-3572486724-2793342792-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2656427353-3572486724-2793342792-1000 -> {CB7BF7D2-EE79-4D54-8862-B3AD29D7F69F} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_14875
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-14] (pdfforge GmbH)
FireFox:
========
FF ProfilePath: C:\Users\moje\AppData\Roaming\Mozilla\Firefox\Profiles\euv1cizj.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-14] (pdfforge GmbH)
Chrome:
=======
CHR Profile: C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google Docs) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google Search) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Sheets) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-22]
CHR Extension: (Gmail) - C:\Users\moje\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2522616 2015-11-20] (ESET)
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2243288 2015-04-14] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-14] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-14] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-20] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-11-20] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-11-20] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-11-20] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-11-20] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-11-20] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-12-26] (ESET)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-10 13:27 - 2016-01-10 13:28 - 00009377 _____ C:\Users\moje\Downloads\FRST.txt
2016-01-10 13:27 - 2016-01-10 13:27 - 02370560 _____ (Farbar) C:\Users\moje\Downloads\FRST64.exe
2016-01-10 13:27 - 2016-01-10 13:27 - 00000000 ____D C:\FRST
2016-01-09 20:31 - 2016-01-09 21:02 - 00002038 _____ C:\Users\moje\Desktop\Rkill.txt
2016-01-09 20:25 - 2016-01-09 20:25 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\moje\Downloads\rkill.exe
2016-01-09 20:00 - 2016-01-09 20:00 - 00001271 _____ C:\DelFix.txt
2016-01-09 19:27 - 2016-01-09 19:37 - 00000000 ____D C:\Windows\erdnt
2016-01-09 17:15 - 2016-01-09 17:15 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Šablony
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Soubory cookie
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Poslední
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Okolní tiskárny
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Okolní síť
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Nabídka Start
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Dokumenty
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Documents\Obrázky
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Documents\Hudba
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Documents\Filmy
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\Data aplikací
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Data aplikací
2016-01-09 17:15 - 2016-01-09 17:15 - 00000000 ____D C:\Users\TEMP
2016-01-09 17:15 - 2014-10-19 23:48 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2016-01-09 17:15 - 2010-11-21 10:38 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-01-06 23:39 - 2016-01-06 23:14 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-01-02 22:53 - 2016-01-02 23:14 - 376307988 _____ C:\Users\moje\Downloads\Hitleruv-posledni-rok-1-z-2-2015-cz-dabing.avi
2016-01-02 21:46 - 2016-01-02 22:39 - 952130758 _____ C:\Users\moje\Downloads\Krycí-jméno-U.N.C.L.E.-2015-CZ-dabing.avi
2016-01-02 20:16 - 2016-01-02 21:05 - 886275414 _____ C:\Users\moje\Downloads\Slunce-seno-erotika-(1991).avi
2016-01-02 17:59 - 2016-01-02 19:53 - 1078411264 _____ C:\Users\moje\Downloads\Slunce-seno-a-pár-facek.avi
2016-01-02 17:57 - 2016-01-02 17:57 - 18506432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-30 20:12 - 2015-12-30 21:41 - 1576119676 _____ C:\Users\moje\Downloads\Sicario-Nájemný-vrah-(2015)CZ-titulky.avi
2015-12-28 23:47 - 2015-12-29 01:32 - 1874964480 _____ C:\Users\moje\Downloads\REVENANT-Zmrtvýchvstání---2015-CZ-Titulky.avi
2015-12-28 22:10 - 2015-12-28 23:31 - 1444419070 _____ C:\Users\moje\Downloads\Krokodýl-Dundee-2-(1988)-(CZ+CZ-tit.)-(Akční,-Dobrodružný,-Komedie).avi
2015-12-26 15:06 - 2015-12-26 15:06 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2015-12-23 20:00 - 2015-12-23 21:37 - 1734180864 _____ C:\Users\moje\Downloads\Brána-temnoty-[Pay-the-Ghost]-2015-(CZ-Dabing).avi
2015-12-22 22:01 - 2015-12-22 22:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\ProgramData\ESET
2015-12-21 20:12 - 2015-12-21 20:12 - 00000000 ____D C:\Program Files\ESET
2015-12-20 12:28 - 2016-01-09 17:13 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-12-20 12:28 - 2015-12-20 12:28 - 00000000 ____D C:\Users\moje\AppData\Local\ESET
2015-12-20 10:39 - 2015-12-20 10:39 - 00000001 _____ C:\Windows\SysWOW64\en.html
2015-12-14 23:49 - 2015-12-15 01:10 - 1469487104 _____ C:\Users\moje\Downloads\The-Runner-,2015-CZ-Tit.v-obraze-Super-Drama,USA.avi
2015-12-14 17:52 - 2015-12-14 18:35 - 764968272 _____ C:\Users\moje\Downloads\Bojovnik-CZ-(2015).avi
2015-12-13 21:28 - 2015-12-13 22:37 - 1250918400 _____ C:\Users\moje\Downloads\MI-5-Vyšší-dobro_Spooks_The-Greater-Good-(2015)-BRRip-CZ-dab.avi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-10 13:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-10 13:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-01-10 13:07 - 2015-11-11 12:27 - 00007626 _____ C:\Users\moje\AppData\Local\Resmon.ResmonCfg
2016-01-10 12:57 - 2014-09-09 20:15 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-09 19:37 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-01-09 17:22 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-09 17:22 - 2009-07-14 05:45 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-09 17:13 - 2014-09-06 22:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-09 17:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-06 23:41 - 2014-09-09 20:06 - 00000008 __RSH C:\Users\moje\ntuser.pol
2016-01-06 23:41 - 2014-09-06 20:57 - 00000000 ____D C:\Users\moje
2016-01-06 23:37 - 2014-09-06 20:58 - 00001687 _____ C:\Users\moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-06 23:34 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-04 23:58 - 2014-11-13 14:57 - 00000000 ____D C:\Users\moje\AppData\Roaming\vlc
2016-01-04 23:41 - 2014-12-16 15:08 - 00000000 ____D C:\ProgramData\TEMP
2016-01-02 17:57 - 2014-09-09 20:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 17:57 - 2014-09-09 20:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 17:57 - 2014-09-09 20:15 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-31 15:28 - 2014-09-06 22:59 - 00000000 ____D C:\Users\UpdatusUser
2015-12-31 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-12-31 15:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-28 19:50 - 2014-09-06 21:11 - 00001912 _____ C:\Windows\epplauncher.mif
2015-12-25 12:09 - 2015-01-16 22:12 - 00000000 ____D C:\Users\moje\AppData\Local\Deployment
2015-12-22 22:50 - 2015-12-09 19:57 - 00000000 ____D C:\Users\moje\AppData\Local\Google
2015-12-22 22:03 - 2015-03-24 14:45 - 00000000 ____D C:\ProgramData\Oracle
2015-12-20 13:54 - 2014-09-11 21:38 - 00000000 ____D C:\Users\moje\AppData\Roaming\rmi
2015-12-20 12:00 - 2009-07-14 06:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-16 17:02 - 2015-02-20 12:51 - 00000000 ____D C:\Users\moje\AppData\Roaming\.minecraft
2015-12-14 18:02 - 2010-11-21 10:27 - 00668610 _____ C:\Windows\system32\perfh005.dat
2015-12-14 18:02 - 2010-11-21 10:27 - 00141238 _____ C:\Windows\system32\perfc005.dat
2015-12-14 18:02 - 2009-07-14 06:13 - 01582486 _____ C:\Windows\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2015-11-11 12:27 - 2016-01-10 13:07 - 0007626 _____ () C:\Users\moje\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-09 21:39
==================== End of FRST.txt ============================
Přispějete na provoz fóra?