Prosím o kontrolu logu
Napsal: 21 kvě 2016 22:02
Po stažení dokumentu došlo k samovolné instalaci adwaru Mail.ru. HDD jsem již částečně pročistil pomocí MBAM a AdwCleanerem. Přetrvává však změna v nastavení prohlížečů Chrome a IE, kde se mi stále jako výchozí stránka zobrazuje web mail.ru. Níže přikládám kopie logů FRST A RK, které bych prosil překontrolovat.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-05-2016
Ran by Jiří (administrator) on PC (21-05-2016 22:34:25)
Running from C:\Users\Jiří\Desktop
Loaded Profiles: Jiří (Available Profiles: Jiří)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
-----------------------------------------------------------------------------------------------------------------------
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CompSoft) C:\Program Files (x86)\RimhillEx\RimhillEx.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Jiří\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RimhillEx.lnk [2015-11-03]
ShortcutTarget: RimhillEx.lnk -> C:\Program Files (x86)\RimhillEx\RimhillEx.exe (CompSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{C067CDFC-878A-40FA-94F2-DB38F79D4FF1}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2789862122-2855940618-1815203127-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
FireFox:
========
FF ProfilePath: C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Extension: Zoom Page - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\zoompage@DW-dev.xpi [2015-03-13] [not signed]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\{68300a12-1396-d8b5-cd5b-5fd92d860185} [not found]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\veggy@veggyAddon.com [not found]
FF Extension: Adblock Plus - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-01] [not signed]
Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=802811"
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7BA238B4D9-A676-4B6C-A505-A14F9BB39C25%7D&gp=802821
CHR DefaultSearchKeyword: Default -> go.mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
CHR Profile: C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-24]
CHR Extension: (Dokumenty Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-24]
CHR Extension: (Disk Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Mail.Ru) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgcifljfapbhgiehkjlckfjmgeojijcb [2016-05-21]
CHR Extension: (YouTube) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (uBlock) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2015-06-25]
CHR Extension: (Tabulky Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbjjfiihgfegniolckphpnfaokdkbmdm [2016-05-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2016-05-21]
CHR Extension: (Gmail) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR StartupUrls: "hxxp://www.google.cz/"
OPR Extension: (uBlock Origin) - C:\Users\Jiří\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-05-21]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S4 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2013-06-17] (ABBYY InfoPoisk LLC)
R2 Ghostery Storage Server; C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe [346624 2016-05-21] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-05-27] (Nitro PDF Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-25] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-21 22:34 - 2016-05-21 22:34 - 00011532 _____ C:\Users\Jiří\Desktop\FRST.txt
2016-05-21 22:29 - 2016-05-21 22:34 - 00000000 ____D C:\FRST
2016-05-21 22:28 - 2016-05-21 22:28 - 00004448 _____ C:\Users\Jiří\Desktop\RK.txt
2016-05-21 22:25 - 2016-05-21 22:29 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-21 22:24 - 2016-05-21 22:24 - 24085576 _____ C:\Users\Jiří\Desktop\RogueKillerX64.exe
2016-05-21 22:08 - 2016-05-21 22:08 - 02382336 _____ (Farbar) C:\Users\Jiří\Desktop\FRST64.exe
2016-05-21 21:25 - 2016-05-21 22:25 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-21 20:54 - 2016-05-21 20:52 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-05-21 20:52 - 2016-05-21 20:52 - 00000000 ____D C:\zoek_backup
2016-05-21 19:37 - 2016-05-21 21:31 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Amigo
2016-05-21 18:55 - 2016-05-21 18:55 - 00000000 ____D C:\Program Files (x86)\Ghostery Storage Server
2016-05-21 18:53 - 2016-05-21 19:38 - 00000000 ____D C:\Users\Jiří\AppData\LocalLow\Unity
2016-05-21 18:53 - 2016-05-21 19:38 - 00000000 ____D C:\Users\Jiří\AppData\Local\Unity
2016-05-17 19:21 - 2016-05-17 19:21 - 03728153 _____ C:\Users\Jiří\Desktop\jbl_m2_soundandrecording_1214.pdf
2016-05-14 14:12 - 2016-05-14 14:12 - 00286030 _____ C:\Users\Jiří\Desktop\casopis_music_store_-_teoreticke_minimum_o_signalech_pro_systemove_inzenyry_-_1._cast_-_2014-01-27.pdf
2016-05-12 21:46 - 2016-05-12 21:46 - 00633393 _____ C:\Users\Jiří\Desktop\AKUSTICKÁ MĚŘENÍ V REÁLNÉM PROSTŘEDÍ.pdf
2016-05-12 14:47 - 2016-05-12 14:47 - 00666326 _____ C:\Users\Jiří\Desktop\zaklady_akustiky_matucha.pdf
2016-05-09 01:04 - 2016-05-09 01:04 - 00000000 ____D C:\Users\Jiří\AppData\Local\Video Enhancer
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-21 22:32 - 2009-07-14 06:45 - 00041168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 22:32 - 2009-07-14 06:45 - 00041168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 22:28 - 2014-12-28 03:49 - 00668768 _____ C:\Windows\system32\perfh005.dat
2016-05-21 22:28 - 2014-12-28 03:49 - 00141428 _____ C:\Windows\system32\perfc005.dat
2016-05-21 22:28 - 2009-07-14 07:13 - 01584138 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-21 22:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-21 22:24 - 2015-03-24 02:16 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-21 22:24 - 2014-12-27 19:35 - 00000000 __SHD C:\Users\Jiří\IntelGraphicsProfiles
2016-05-21 22:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-21 22:02 - 2015-03-24 02:16 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 21:05 - 2014-12-28 00:05 - 00000000 ____D C:\Users\Jiří\Desktop\Torrents
2016-05-21 20:34 - 2015-04-07 15:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-21 20:34 - 2015-01-26 20:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-21 18:53 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-21 18:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-05-21 17:15 - 2015-02-27 20:18 - 00000000 ____D C:\Users\Jiří\Desktop\HiFi
2016-05-21 00:08 - 2014-12-27 23:37 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\foobar2000
2016-05-13 02:03 - 2015-03-24 02:17 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 02:03 - 2015-03-24 02:17 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-11 19:55 - 2015-04-18 17:19 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429370367
2016-05-11 19:55 - 2015-04-18 17:19 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-11 00:57 - 2015-03-24 02:16 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 00:57 - 2015-03-24 02:16 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-08 23:06 - 2015-02-28 01:20 - 00000000 ____D C:\Users\Jiří\AppData\LocalLow\Adblock Plus for IE
2016-04-24 02:14 - 2016-03-20 23:34 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\CUE Tools
2016-04-21 15:05 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 _____ () C:\Users\Jiří\AppData\Roaming\BYAIAMUF
2015-03-15 04:25 - 2015-04-25 16:21 - 0007644 _____ () C:\Users\Jiří\AppData\Local\resmon.resmoncfg
2015-04-18 14:50 - 2015-04-18 14:51 - 0000000 _____ () C:\Users\Jiří\AppData\Local\{4141B537-A8C7-492A-9C25-8EE723551956}
2015-09-24 14:21 - 2015-09-24 14:21 - 0000000 _____ () C:\Users\Jiří\AppData\Local\{4852063D-1C32-4B24-9BE1-3E56E68EB444}
2015-04-19 00:37 - 2015-04-19 01:03 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-12-27 19:10 - 2014-12-27 19:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Jiří\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jiří\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jiří\AppData\Local\Temp\proxy_vole7997592111591506299.dll
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-18 15:13
==================== End of FRST.txt ============================
-----------------------------------------------------------------------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-05-2016
Ran by Jiří (2016-05-21 22:34:35)
Running from C:\Users\Jiří\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-12-27 16:53:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2789862122-2855940618-1815203127-500 - Administrator - Disabled)
Guest (S-1-5-21-2789862122-2855940618-1815203127-501 - Limited - Disabled)
Jiří (S-1-5-21-2789862122-2855940618-1815203127-1000 - Administrator - Enabled) => C:\Users\Jiří
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.194 - ABBYY Production LLC)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{26D488C3-89E9-455C-B96A-1ADF65A26C54}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
ASUS Xonar Essence ST Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
calibre 64bit (HKLM\...\{277F0069-2F86-48DA-976A-2C86D2B6345A}) (Version: 2.42.0 - Kovid Goyal)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
eMule (HKLM-x32\...\eMule) (Version: - )
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MKVToolNix 7.8.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 7.8.0 - Moritz Bunkus)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{173C15BC-8C06-4A7A-9E6E-6FDFD5E59C77}) (Version: 8.5.4.11 - Nitro)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 37.0.2178.43 (HKLM-x32\...\Opera 37.0.2178.43) (Version: 37.0.2178.43 - Opera Software)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Kakao Corp.)
qBittorrent 3.1.11 (HKLM-x32\...\qBittorrent) (Version: 3.1.11 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
RimhillEx 1.04 (HKU\S-1-5-21-2789862122-2855940618-1815203127-1000\...\RimhillEx_is1) (Version: - CompSoft)
Sonic Radar (HKLM\...\{0E2BE1E8-F087-45D6-8D29-5CB305643B78}) (Version: 1.0.001 - ASUSTeKcomputer.Inc)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Ulož.to File Manager verze 1.7 (HKLM-x32\...\{8190420D-F4BA-4744-8940-A466F81AF89C}_is1) (Version: 1.7 - Nodus Technologies s.r.o.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.68 - NCH Software)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XMedia Recode version 3.2.6.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.6.0 - XMedia Recode)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2789862122-2855940618-1815203127-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {37598D6D-F3D2-4DBA-BEE5-83E3CB24EE37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
Task: {37EB5717-65E7-4C2E-8095-A1D7AD752CCE} - System32\Tasks\{12426F1D-3927-4F33-BF54-DFD93CFED1AE} => pcalua.exe -a C:\Users\Jiří\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: {4565D649-3069-44D1-904C-BC2E9DC5BD8B} - System32\Tasks\Opera scheduled Autoupdate 1429370367 => C:\Program Files (x86)\Opera\launcher.exe [2016-05-09] (Opera Software)
Task: {73392F08-0DFD-4AB5-8CF0-9019FA742DC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
Task: {852DCB09-D1D4-4684-A322-79965D244A91} - System32\Tasks\{844E29D7-7A9B-4308-8563-3ACF0F4A37FE} => C:\Windows\system\HsMgr64.exe [2008-07-11] ()
Task: {A2B6C0E6-464D-439F-B539-1B6ABBA70552} - System32\Tasks\{169D3321-319B-4FAC-84C2-15C95D8D6B95} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lig ... tError=404
Task: {C3A8E176-37E7-4137-8057-2C926C074F56} - System32\Tasks\{941CC844-4B2D-4C63-B1EA-3066D8B292F3} => C:\Windows\system\HsMgr64.exe [2008-07-11] ()
Task: {C7791E79-6767-4467-89F2-F34C7E9B351D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CC2D7DA8-BFA1-41BE-B26E-C5AAD61E48DD} - System32\Tasks\{4C4D49D8-4F3D-43CE-95AE-286B15631B91} => C:\Windows\system\HsMgr64.exe [2008-07-11] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\BYAIAMUF.job => C:\Users\Ji��\AppData\Roaming\BYAIAMUF.exe <==== ATTENTION
Task: C:\Windows\Tasks\GNOK.job => C:\Users\Ji��\AppData\Roaming\GNOK.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-05-21 18:55 - 2016-05-21 18:55 - 00346624 _____ () C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe
2014-12-27 20:09 - 2012-06-06 09:56 - 00143360 ____N () C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\VmixP8.dll
2014-12-27 19:11 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:2E7127D2 [144]
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E [135]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2789862122-2855940618-1815203127-1000\...\dell.com -> dell.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2789862122-2855940618-1815203127-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: ABBYY.Licensing.FineReader.Professional.11.0 => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\syswow64\HsMgr.exe Envoke
MSCONFIG\startupreg: Cmaudio8788GX64 => C:\Windows\system\HsMgr64.exe Envoke
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C40F5CEF-68CA-466A-86C0-2431344322DA}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{32607B1F-A9FC-43BC-ACB2-2F68A778CA37}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3FF4414A-5C79-44B7-906D-51F25E323258}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{301055DC-ED8A-470F-A8A6-6DAC0742028A}C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe
FirewallRules: [UDP Query User{6937DC64-2CFA-4EEB-9C97-C5958F6D2239}C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe
FirewallRules: [TCP Query User{924C18CF-6FA7-49D6-92A7-7DB7D6012D35}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{47DDE40B-526C-4632-90B6-287EC04A9E80}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{3CC938F9-E94E-4812-A323-9ED485B4A881}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{5C436236-5DD5-4CB6-9AD5-94E5DAB2AA27}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [TCP Query User{A03404F7-9342-48B9-B141-4403B9EEC7DF}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{6B75FB2C-33DA-4B70-A0AB-9CF522CC9AF3}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{4D3CC76D-AE0F-4974-9639-B397D4CAC90A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
21-05-2016 20:53:44 zoek.exe restore point
21-05-2016 21:54:27 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/21/2016 10:24:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/21/2016 10:03:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.
Kontext: aplikace Windows
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800) (0xc0041800)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4700} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (05/21/2016 10:01:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
%%1056
Error: (05/21/2016 10:00:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (05/21/2016 10:00:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search ukončena s chybou %%-1073473535, specifickou pro službu.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) PROSet Monitoring Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/21/2016 09:04:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel(R) Capability Licensing Service Interface byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
Percentage of memory in use: 31%
Total physical RAM: 8063.9 MB
Available physical RAM: 5520.34 MB
Total Virtual: 16426.01 MB
Available Virtual: 14623.53 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:108.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A910D718)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
-----------------------------------------------------------------------------------------------------------------------
RogueKiller V12.2.1.0 (x64) [May 16 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Ji?í [Práva správce]
Started from : C:\Users\Ji?í\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 05/21/2016 22:27:55
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT256MX100SSD1 ATA Device +++++
--- User ---
[MBR] 26b47446ac3259315164f797629ab7ac
[BSP] 7c1cb365c6cba495c3590460c5f55d8a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-05-2016
Ran by Jiří (administrator) on PC (21-05-2016 22:34:25)
Running from C:\Users\Jiří\Desktop
Loaded Profiles: Jiří (Available Profiles: Jiří)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
-----------------------------------------------------------------------------------------------------------------------
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CompSoft) C:\Program Files (x86)\RimhillEx\RimhillEx.exe
(CMedia) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\AsusAudioCenter.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Jiří\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RimhillEx.lnk [2015-11-03]
ShortcutTarget: RimhillEx.lnk -> C:\Program Files (x86)\RimhillEx\RimhillEx.exe (CompSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{C067CDFC-878A-40FA-94F2-DB38F79D4FF1}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2789862122-2855940618-1815203127-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-30] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
FireFox:
========
FF ProfilePath: C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Extension: Zoom Page - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\zoompage@DW-dev.xpi [2015-03-13] [not signed]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\{68300a12-1396-d8b5-cd5b-5fd92d860185} [not found]
FF Extension: No Name - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\extensions\veggy@veggyAddon.com [not found]
FF Extension: Adblock Plus - C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\fq52relb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-01] [not signed]
Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=802811"
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/distib/ep/?q={searchTerms}&product_id=%7BA238B4D9-A676-4B6C-A505-A14F9BB39C25%7D&gp=802821
CHR DefaultSearchKeyword: Default -> go.mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/ff3?q={searchTerms}
CHR Profile: C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-24]
CHR Extension: (Dokumenty Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-24]
CHR Extension: (Disk Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Mail.Ru) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgcifljfapbhgiehkjlckfjmgeojijcb [2016-05-21]
CHR Extension: (YouTube) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (uBlock) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2015-06-25]
CHR Extension: (Tabulky Google) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbjjfiihgfegniolckphpnfaokdkbmdm [2016-05-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj [2016-05-21]
CHR Extension: (Gmail) - C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM-x32\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR StartupUrls: "hxxp://www.google.cz/"
OPR Extension: (uBlock Origin) - C:\Users\Jiří\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-05-21]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S4 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2013-06-17] (ABBYY InfoPoisk LLC)
R2 Ghostery Storage Server; C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe [346624 2016-05-21] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-05-27] (Nitro PDF Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-25] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-21 22:34 - 2016-05-21 22:34 - 00011532 _____ C:\Users\Jiří\Desktop\FRST.txt
2016-05-21 22:29 - 2016-05-21 22:34 - 00000000 ____D C:\FRST
2016-05-21 22:28 - 2016-05-21 22:28 - 00004448 _____ C:\Users\Jiří\Desktop\RK.txt
2016-05-21 22:25 - 2016-05-21 22:29 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-21 22:24 - 2016-05-21 22:24 - 24085576 _____ C:\Users\Jiří\Desktop\RogueKillerX64.exe
2016-05-21 22:08 - 2016-05-21 22:08 - 02382336 _____ (Farbar) C:\Users\Jiří\Desktop\FRST64.exe
2016-05-21 21:25 - 2016-05-21 22:25 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-21 20:54 - 2016-05-21 20:52 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-05-21 20:52 - 2016-05-21 20:52 - 00000000 ____D C:\zoek_backup
2016-05-21 19:37 - 2016-05-21 21:31 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Amigo
2016-05-21 18:55 - 2016-05-21 18:55 - 00000000 ____D C:\Program Files (x86)\Ghostery Storage Server
2016-05-21 18:53 - 2016-05-21 19:38 - 00000000 ____D C:\Users\Jiří\AppData\LocalLow\Unity
2016-05-21 18:53 - 2016-05-21 19:38 - 00000000 ____D C:\Users\Jiří\AppData\Local\Unity
2016-05-17 19:21 - 2016-05-17 19:21 - 03728153 _____ C:\Users\Jiří\Desktop\jbl_m2_soundandrecording_1214.pdf
2016-05-14 14:12 - 2016-05-14 14:12 - 00286030 _____ C:\Users\Jiří\Desktop\casopis_music_store_-_teoreticke_minimum_o_signalech_pro_systemove_inzenyry_-_1._cast_-_2014-01-27.pdf
2016-05-12 21:46 - 2016-05-12 21:46 - 00633393 _____ C:\Users\Jiří\Desktop\AKUSTICKÁ MĚŘENÍ V REÁLNÉM PROSTŘEDÍ.pdf
2016-05-12 14:47 - 2016-05-12 14:47 - 00666326 _____ C:\Users\Jiří\Desktop\zaklady_akustiky_matucha.pdf
2016-05-09 01:04 - 2016-05-09 01:04 - 00000000 ____D C:\Users\Jiří\AppData\Local\Video Enhancer
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-21 22:32 - 2009-07-14 06:45 - 00041168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 22:32 - 2009-07-14 06:45 - 00041168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 22:28 - 2014-12-28 03:49 - 00668768 _____ C:\Windows\system32\perfh005.dat
2016-05-21 22:28 - 2014-12-28 03:49 - 00141428 _____ C:\Windows\system32\perfc005.dat
2016-05-21 22:28 - 2009-07-14 07:13 - 01584138 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-21 22:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-21 22:24 - 2015-03-24 02:16 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-21 22:24 - 2014-12-27 19:35 - 00000000 __SHD C:\Users\Jiří\IntelGraphicsProfiles
2016-05-21 22:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-21 22:02 - 2015-03-24 02:16 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 21:05 - 2014-12-28 00:05 - 00000000 ____D C:\Users\Jiří\Desktop\Torrents
2016-05-21 20:34 - 2015-04-07 15:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-21 20:34 - 2015-01-26 20:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-21 18:53 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-21 18:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-05-21 17:15 - 2015-02-27 20:18 - 00000000 ____D C:\Users\Jiří\Desktop\HiFi
2016-05-21 00:08 - 2014-12-27 23:37 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\foobar2000
2016-05-13 02:03 - 2015-03-24 02:17 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 02:03 - 2015-03-24 02:17 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-11 19:55 - 2015-04-18 17:19 - 00003834 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429370367
2016-05-11 19:55 - 2015-04-18 17:19 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-11 00:57 - 2015-03-24 02:16 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 00:57 - 2015-03-24 02:16 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-08 23:06 - 2015-02-28 01:20 - 00000000 ____D C:\Users\Jiří\AppData\LocalLow\Adblock Plus for IE
2016-04-24 02:14 - 2016-03-20 23:34 - 00000000 ____D C:\Users\Jiří\AppData\Roaming\CUE Tools
2016-04-21 15:05 - 2010-11-21 05:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 _____ () C:\Users\Jiří\AppData\Roaming\BYAIAMUF
2015-03-15 04:25 - 2015-04-25 16:21 - 0007644 _____ () C:\Users\Jiří\AppData\Local\resmon.resmoncfg
2015-04-18 14:50 - 2015-04-18 14:51 - 0000000 _____ () C:\Users\Jiří\AppData\Local\{4141B537-A8C7-492A-9C25-8EE723551956}
2015-09-24 14:21 - 2015-09-24 14:21 - 0000000 _____ () C:\Users\Jiří\AppData\Local\{4852063D-1C32-4B24-9BE1-3E56E68EB444}
2015-04-19 00:37 - 2015-04-19 01:03 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-12-27 19:10 - 2014-12-27 19:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Jiří\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jiří\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jiří\AppData\Local\Temp\proxy_vole7997592111591506299.dll
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-18 15:13
==================== End of FRST.txt ============================
-----------------------------------------------------------------------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-05-2016
Ran by Jiří (2016-05-21 22:34:35)
Running from C:\Users\Jiří\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-12-27 16:53:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2789862122-2855940618-1815203127-500 - Administrator - Disabled)
Guest (S-1-5-21-2789862122-2855940618-1815203127-501 - Limited - Disabled)
Jiří (S-1-5-21-2789862122-2855940618-1815203127-1000 - Administrator - Enabled) => C:\Users\Jiří
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 11 (HKLM-x32\...\{F11000FE-0010-0000-0000-074957833700}) (Version: 11.11.194 - ABBYY Production LLC)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{26D488C3-89E9-455C-B96A-1ADF65A26C54}) (Version: 1.4 - Eyeo GmbH)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
ASUS Xonar Essence ST Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
calibre 64bit (HKLM\...\{277F0069-2F86-48DA-976A-2C86D2B6345A}) (Version: 2.42.0 - Kovid Goyal)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
eMule (HKLM-x32\...\eMule) (Version: - )
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MKVToolNix 7.8.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 7.8.0 - Moritz Bunkus)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{173C15BC-8C06-4A7A-9E6E-6FDFD5E59C77}) (Version: 8.5.4.11 - Nitro)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 37.0.2178.43 (HKLM-x32\...\Opera 37.0.2178.43) (Version: 37.0.2178.43 - Opera Software)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Kakao Corp.)
qBittorrent 3.1.11 (HKLM-x32\...\qBittorrent) (Version: 3.1.11 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
RimhillEx 1.04 (HKU\S-1-5-21-2789862122-2855940618-1815203127-1000\...\RimhillEx_is1) (Version: - CompSoft)
Sonic Radar (HKLM\...\{0E2BE1E8-F087-45D6-8D29-5CB305643B78}) (Version: 1.0.001 - ASUSTeKcomputer.Inc)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Ulož.to File Manager verze 1.7 (HKLM-x32\...\{8190420D-F4BA-4744-8940-A466F81AF89C}_is1) (Version: 1.7 - Nodus Technologies s.r.o.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.68 - NCH Software)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XMedia Recode version 3.2.6.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.6.0 - XMedia Recode)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2789862122-2855940618-1815203127-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {37598D6D-F3D2-4DBA-BEE5-83E3CB24EE37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
Task: {37EB5717-65E7-4C2E-8095-A1D7AD752CCE} - System32\Tasks\{12426F1D-3927-4F33-BF54-DFD93CFED1AE} => pcalua.exe -a C:\Users\Jiří\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: {4565D649-3069-44D1-904C-BC2E9DC5BD8B} - System32\Tasks\Opera scheduled Autoupdate 1429370367 => C:\Program Files (x86)\Opera\launcher.exe [2016-05-09] (Opera Software)
Task: {73392F08-0DFD-4AB5-8CF0-9019FA742DC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
Task: {852DCB09-D1D4-4684-A322-79965D244A91} - System32\Tasks\{844E29D7-7A9B-4308-8563-3ACF0F4A37FE} => C:\Windows\system\HsMgr64.exe [2008-07-11] ()
Task: {A2B6C0E6-464D-439F-B539-1B6ABBA70552} - System32\Tasks\{169D3321-319B-4FAC-84C2-15C95D8D6B95} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lig ... tError=404
Task: {C3A8E176-37E7-4137-8057-2C926C074F56} - System32\Tasks\{941CC844-4B2D-4C63-B1EA-3066D8B292F3} => C:\Windows\system\HsMgr64.exe [2008-07-11] ()
Task: {C7791E79-6767-4467-89F2-F34C7E9B351D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CC2D7DA8-BFA1-41BE-B26E-C5AAD61E48DD} - System32\Tasks\{4C4D49D8-4F3D-43CE-95AE-286B15631B91} => C:\Windows\system\HsMgr64.exe [2008-07-11] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\BYAIAMUF.job => C:\Users\Ji��\AppData\Roaming\BYAIAMUF.exe <==== ATTENTION
Task: C:\Windows\Tasks\GNOK.job => C:\Users\Ji��\AppData\Roaming\GNOK.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-05-21 18:55 - 2016-05-21 18:55 - 00346624 _____ () C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe
2014-12-27 20:09 - 2012-06-06 09:56 - 00143360 ____N () C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\VmixP8.dll
2014-12-27 19:11 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:2E7127D2 [144]
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E [135]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2789862122-2855940618-1815203127-1000\...\dell.com -> dell.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2789862122-2855940618-1815203127-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: ABBYY.Licensing.FineReader.Professional.11.0 => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\syswow64\HsMgr.exe Envoke
MSCONFIG\startupreg: Cmaudio8788GX64 => C:\Windows\system\HsMgr64.exe Envoke
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C40F5CEF-68CA-466A-86C0-2431344322DA}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{32607B1F-A9FC-43BC-ACB2-2F68A778CA37}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3FF4414A-5C79-44B7-906D-51F25E323258}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{301055DC-ED8A-470F-A8A6-6DAC0742028A}C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe
FirewallRules: [UDP Query User{6937DC64-2CFA-4EEB-9C97-C5958F6D2239}C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\launch4j-tmp\frd.exe
FirewallRules: [TCP Query User{924C18CF-6FA7-49D6-92A7-7DB7D6012D35}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{47DDE40B-526C-4632-90B6-287EC04A9E80}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{3CC938F9-E94E-4812-A323-9ED485B4A881}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{5C436236-5DD5-4CB6-9AD5-94E5DAB2AA27}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [TCP Query User{A03404F7-9342-48B9-B141-4403B9EEC7DF}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{6B75FB2C-33DA-4B70-A0AB-9CF522CC9AF3}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{4D3CC76D-AE0F-4974-9639-B397D4CAC90A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
21-05-2016 20:53:44 zoek.exe restore point
21-05-2016 21:54:27 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/21/2016 10:24:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/21/2016 10:03:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.
Kontext: aplikace Windows
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.
Kontext: aplikace Windows, katalog SystemIndex
Podrobnosti:
Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800) (0xc0041800)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/21/2016 10:00:30 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4700} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.
Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (05/21/2016 10:01:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
%%1056
Error: (05/21/2016 10:00:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (05/21/2016 10:00:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search ukončena s chybou %%-1073473535, specifickou pro službu.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (05/21/2016 09:04:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) PROSet Monitoring Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/21/2016 09:04:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel(R) Capability Licensing Service Interface byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
Percentage of memory in use: 31%
Total physical RAM: 8063.9 MB
Available physical RAM: 5520.34 MB
Total Virtual: 16426.01 MB
Available Virtual: 14623.53 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:108.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A910D718)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
-----------------------------------------------------------------------------------------------------------------------
RogueKiller V12.2.1.0 (x64) [May 16 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Ji?í [Práva správce]
Started from : C:\Users\Ji?í\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 05/21/2016 22:27:55
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2789862122-2855940618-1815203127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT256MX100SSD1 ATA Device +++++
--- User ---
[MBR] 26b47446ac3259315164f797629ab7ac
[BSP] 7c1cb365c6cba495c3590460c5f55d8a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Stahnete AdwCleaner 
Nevidim tam zadny antivir, pouzivate nejaky?
Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)