VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

pomalý NTB, eset neustale odstranuje trojany

https://forum.viry.cz:443/viewtopic.php?t=150956

Stránka 1 z 1

pomalý NTB, eset neustale odstranuje trojany

Napsal: 27 pro 2016 12:26
od ian
Dobrý den
cca před týdne se mi výrazně spomalil NTB, a nod začal hlásit trojany a blokuje stránky. Jak zapnu int. prohlížeč tak eset blokuje stránku http://alfhadd.no-ip.biz:100/is-ready. Prosím o pomoc děkuji

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by kik (administrator) on KIK-PC (27-12-2016 12:23:01)
Running from C:\Users\kik\Desktop
Loaded Profiles: kik & UpdatusUser (Available Profiles: kik & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\kik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\kik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2016-02-12] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2014-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2014-03-10] (Synaptics Incorporated)
HKLM\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKLM\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: {67d556a0-affd-11e6-ba41-ac72891e4f5a} - G:\Startme.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-05-28] (NVIDIA Corporation)
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs [2016-11-06] ()
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.250.192.1 213.250.194.1
Tcpip\..\Interfaces\{98B0165E-2F05-4440-86BB-FB65468E077E}: [DhcpNameServer] 213.250.192.1 213.250.194.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {08D2BA02-E2BE-481C-BAFA-27B666E6A236} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {12154D41-8799-45BF-BDCE-298659E6B639} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {29A01E2D-7A1A-470B-BA9B-4BBB6C3290CD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {6113D045-0CD7-4843-B9CE-676152EC90BA} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {9FC9731A-A0E6-4CFF-B6B6-EF80586EFD47} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {DB21617D-D6A1-4BB0-89C0-0A590B6B7FBA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {F6ADA3E3-6B5C-410A-95F2-C77CB78F982F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {FB766F29-D473-4113-8FE8-424F01401D37} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {08D2BA02-E2BE-481C-BAFA-27B666E6A236} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {12154D41-8799-45BF-BDCE-298659E6B639} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {29A01E2D-7A1A-470B-BA9B-4BBB6C3290CD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {6113D045-0CD7-4843-B9CE-676152EC90BA} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {7917A5FC-B7C0-434D-9D4E-DEEAC7916BC8} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {9FC9731A-A0E6-4CFF-B6B6-EF80586EFD47} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {DB21617D-D6A1-4BB0-89C0-0A590B6B7FBA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {F6ADA3E3-6B5C-410A-95F2-C77CB78F982F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {FB766F29-D473-4113-8FE8-424F01401D37} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
DPF: HKLM-x32 {4ED0ADAD-9FFA-4315-9E02-6B21A9F5C235}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: r9n6jj6g.default
FF ProfilePath: C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default [2016-12-27]
FF Homepage: Mozilla\Firefox\Profiles\r9n6jj6g.default -> hxxp://seznam.cz/
FF Extension: (Firefox Hotfix) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-15]
FF Extension: (Seznam lištička) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-07-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default [2016-12-25]
CHR Extension: (Prezentace Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-08]
CHR Extension: (Dokumenty Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-08]
CHR Extension: (Disk Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-08]
CHR Extension: (YouTube) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-08]
CHR Extension: (Tabulky Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Gmail) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-18] (ESET)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2016-03-14] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-18] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-11-18] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-11-18] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-11-18] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-11-18] (ESET)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-12-22] (Kingsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-27 12:23 - 2016-12-27 12:23 - 00021104 _____ C:\Users\kik\Desktop\FRST.txt
2016-12-27 12:22 - 2016-12-27 12:23 - 00000000 ____D C:\FRST
2016-12-27 12:05 - 2016-12-27 12:07 - 00000000 ____D C:\AdwCleaner
2016-12-27 12:05 - 2016-12-27 12:05 - 03977168 _____ C:\Users\kik\Desktop\AdwCleaner.exe
2016-12-27 12:04 - 2016-12-27 12:04 - 02420736 _____ (Farbar) C:\Users\kik\Desktop\FRST64.exe
2016-12-27 12:04 - 2016-12-27 12:04 - 01663040 _____ (Malwarebytes) C:\Users\kik\Desktop\JRT.exe
2016-12-27 08:59 - 2016-12-27 08:59 - 00019066 _____ C:\ComboFix.txt
2016-12-27 08:29 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-27 08:29 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-27 08:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-27 08:28 - 2016-12-27 09:00 - 00000000 ____D C:\Qoobox
2016-12-27 08:28 - 2016-12-27 08:55 - 00000000 ____D C:\Windows\erdnt
2016-12-27 08:28 - 2016-12-27 08:28 - 05659917 ____R (Swearware) C:\Users\kik\Desktop\ComboFix.exe
2016-12-23 09:48 - 2016-12-23 09:48 - 00426104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-23 09:19 - 2016-12-23 09:19 - 00118248 _____ C:\Users\kik\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-22 21:31 - 2016-12-22 21:31 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2016-12-22 21:31 - 2016-12-22 21:31 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\ProgramData\Kingsoft
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\ProgramData\cmcm
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\Program Files (x86)\cmcm
2016-12-21 18:33 - 2016-12-21 18:33 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-12-18 16:27 - 2016-12-18 16:28 - 00000000 ____D C:\Program Files (x86)\mp3DirectCut
2016-12-18 16:27 - 2016-12-18 16:27 - 00001055 _____ C:\Users\kik\Desktop\mp3DirectCut.lnk
2016-12-18 14:43 - 2016-12-18 14:43 - 00001862 _____ C:\Users\Public\Desktop\linguatec Voice Reader.lnk
2016-12-18 14:43 - 2016-12-18 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec
2016-12-18 14:43 - 2016-12-18 14:43 - 00000000 ____D C:\Program Files (x86)\linguatec
2016-12-18 14:43 - 2004-10-11 13:29 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2016-12-18 14:43 - 2004-10-11 13:29 - 00499712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2016-12-18 14:43 - 2004-10-11 13:29 - 00348160 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-12-18 14:43 - 2003-03-19 07:12 - 01047552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll
2016-12-17 16:20 - 2016-12-17 16:20 - 00000000 ____D C:\Users\kik\Nová složka
2016-12-17 11:08 - 2016-12-17 11:08 - 00001029 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk
2016-12-17 11:08 - 2016-12-17 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2016-12-16 22:08 - 2016-12-21 18:32 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2016-12-14 19:35 - 2016-12-14 19:35 - 00000000 ____D C:\Users\kik\AppData\Local\Chromium
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\%LOCALAPPDATA%
2016-12-08 20:43 - 2016-12-08 20:45 - 57375934 _____ C:\Users\kik\Documents\ĺSCN9076.MOV
2016-12-08 19:50 - 2016-12-08 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program
2016-12-08 19:50 - 2016-12-08 19:50 - 00000000 ____D C:\Program Files (x86)\My Program
2016-12-08 19:48 - 2016-11-06 23:07 - 00045902 _____ C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
2016-12-08 17:59 - 2016-12-08 17:59 - 00000000 ____D C:\Program Files\EaseUS
2016-12-08 16:48 - 2016-12-15 19:27 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-08 16:47 - 2016-12-08 18:10 - 00000000 ____D C:\Users\kik\AppData\Local\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-27 12:22 - 2016-11-15 19:49 - 00000000 ____D C:\Users\kik\AppData\LocalLow\Mozilla
2016-12-27 12:20 - 2011-04-12 09:34 - 00671630 _____ C:\Windows\system32\perfh005.dat
2016-12-27 12:20 - 2011-04-12 09:34 - 00142194 _____ C:\Windows\system32\perfc005.dat
2016-12-27 12:20 - 2009-07-14 06:13 - 01590786 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-27 12:20 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-27 12:20 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-27 12:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-27 12:19 - 2016-04-07 20:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-27 12:18 - 2016-03-17 20:47 - 00000000 ____D C:\Users\kik\AppData\Roaming\Seznam.cz
2016-12-27 12:13 - 2016-04-03 20:15 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-27 12:13 - 2016-02-12 16:14 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-27 12:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-27 09:44 - 2016-02-12 16:31 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-27 08:40 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-12-27 00:02 - 2016-03-13 18:34 - 00000000 ____D C:\Users\kik\AppData\Roaming\vlc
2016-12-23 12:09 - 2016-03-13 18:33 - 00371200 _____ C:\Users\kik\Desktop\účet 2009.xls
2016-12-22 21:35 - 2016-03-14 18:46 - 00000000 ____D C:\Users\kik\AppData\Roaming\DAEMON Tools Lite
2016-12-22 21:32 - 2016-02-12 14:31 - 00000000 ____D C:\Windows\Panther
2016-12-22 21:32 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-12-18 14:43 - 2016-02-12 16:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-18 09:08 - 2016-06-28 18:04 - 00000000 ____D C:\Users\kik\AppData\Local\ElevatedDiagnostics
2016-12-18 09:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-17 16:20 - 2016-02-12 15:09 - 00000000 ____D C:\Users\kik
2016-12-16 21:27 - 2016-05-11 18:21 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933
2016-12-16 21:27 - 2016-04-03 20:15 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-15 19:06 - 2016-02-12 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 20:44 - 2016-02-12 16:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 20:44 - 2016-02-12 16:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 20:44 - 2016-02-12 16:31 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 20:44 - 2016-02-12 16:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 20:44 - 2016-02-12 16:31 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 20:14 - 2016-11-15 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-14 19:36 - 2016-04-07 20:11 - 00000000 ____D C:\Users\kik\AppData\Local\Steam
2016-12-14 19:34 - 2016-02-12 16:14 - 00000000 ____D C:\Users\UpdatusUser
2016-12-08 16:48 - 2016-04-03 20:15 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-08 15:28 - 2016-02-12 15:11 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2016-12-07 16:03 - 2016-03-20 18:08 - 00000000 ____D C:\Users\kik\AppData\Roaming\dvdcss
2016-12-07 15:51 - 2016-02-12 15:11 - 00001153 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2016-12-07 15:51 - 2016-02-12 15:11 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-11-27 11:28 - 2016-03-13 18:33 - 00010263 _____ C:\Users\kik\Desktop\p z k.xlsx

==================== Files in the root of some directories =======

2016-12-08 19:48 - 2016-11-06 23:07 - 0045902 _____ () C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
2016-10-11 19:18 - 2016-10-21 14:58 - 0004608 _____ () C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\kik\AppData\Local\Temp\libeay32.dll
C:\Users\kik\AppData\Local\Temp\msvcr120.dll
C:\Users\kik\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-24 13:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by kik (27-12-2016 12:23:31)
Running from C:\Users\kik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-12 14:09:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3848322618-442018629-1780355425-500 - Administrator - Disabled)
Guest (S-1-5-21-3848322618-442018629-1780355425-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3848322618-442018629-1780355425-1003 - Limited - Enabled)
kik (S-1-5-21-3848322618-442018629-1780355425-1000 - Administrator - Enabled) => C:\Users\kik
UpdatusUser (S-1-5-21-3848322618-442018629-1780355425-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.6.3.0 - Asmedia Technology)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0013 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
ESET Smart Security (HKLM\...\{B7DE9695-00B8-4935-97B5-A2CBFBA6A3F8}) (Version: 9.0.376.1 - ESET, spol. s r.o.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 cs)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
My Program version 1.5 (HKLM-x32\...\{11C0B447-2D00-4891-B686-367E63EDAC63}_is1) (Version: 1.5 - My Company, Inc.)
NVIDIA Ovladač 3D Vision 268.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 268.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.74 - NVIDIA Corporation)
Ovládací panel NVIDIA 268.74 (Version: 268.74 - NVIDIA Corporation) Hidden
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM\...\Steam App 4500) (Version: - GSC Game World)
Seznam Software (HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\SeznamInstall) (Version: - Seznam.cz)
Seznam Software (HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\SeznamInstall) (Version: - Seznam.cz)
Slideshow Creator (HKLM-x32\...\{4E1A63B1-F547-4CFC-91F7-F32F1A6BF430}_is1) (Version: 1.4 - Bolide Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {062E3D81-37CB-4AFC-9099-B80101F17491} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {07B27044-6E8C-4717-AF7E-AA85B45144A7} - System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {093C71EA-A147-43C0-A495-B11A3ED46C4B} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {0BB7DBA3-E1EC-4BEC-9E22-75A6D3372D94} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {0EFF2C3E-02A6-42C2-BF76-2593DE06D45D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {14631C8D-B636-4F9F-B71B-5B5013F67550} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {155A9281-C6A6-4770-B36A-05E50ED05FED} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1D25DFBE-1A92-4F17-ADFC-EE604932C50F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {25EEE18A-5CC8-4EAC-8B36-BB9BF7A40451} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {2AFE5FE1-554E-475E-A609-43071913EA90} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B9A048B-F9C6-45BD-A1D5-275FA63DA658} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {2ED7D93E-3C84-475F-9EEB-5CB1493D7BDE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {2FCAAC55-5239-4831-A3EF-70138DB15331} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {30CA994A-4AD5-4489-A314-B5D8D5EA5D04} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {40998701-8693-45F4-B716-32B7B2CB32C9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {5D8783EB-A2F8-491E-B1D4-87B2F400412F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {65722CEB-898F-4DB6-8B5C-527959478998} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {85BD1173-8997-422B-BB95-391606F20E12} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {933F48B3-F598-4C79-8FC9-C07BDD85D56B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {9E4B6383-6268-46BE-8C85-DFCF644CF1D4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AA621048-FF7A-4708-A073-42D0BAAA403C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C1360B99-1C98-451C-B579-1852EE81DE84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {C646F5CB-5A97-4EFF-98DB-0F094323308F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C99C02A0-36EA-443E-8A59-5001192B1F75} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {D1A843A6-D4FD-447E-834D-02E721DEEE14} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {D6FDE686-B4E7-4907-87A5-8E9BA9AF0FA0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {EB1E6AEB-6D0C-414C-ABB3-760480EF4204} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {EC4E4B4E-9461-4986-AD96-F82782338039} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F34C6BCF-E242-4E78-8258-EF4F26B847C6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-03-17 20:47 - 2015-05-26 12:35 - 00079872 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\1927libfoxloader-x64.dll
2016-02-12 16:09 - 2011-04-10 10:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-03-13 18:27 - 2014-03-10 22:00 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-09-25 19:44 - 2014-09-25 19:44 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-03-17 20:47 - 2015-05-26 12:38 - 00457384 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2016-03-17 20:47 - 2015-05-26 12:36 - 00073896 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2016-03-17 20:47 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\1927libfoxloader.dll
2016-04-07 20:11 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-07 20:11 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-03-17 20:47 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-12-14 19:35 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-07 20:11 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-12-27 08:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.250.192.1 - 213.250.194.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9B8694DF-571E-4774-A10E-3187262659BC}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6233870B-1DE6-4996-AD8C-3B33B48E8208}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{A2C55146-019D-4270-A981-8B6B18CADBF9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41152431-5129-4833-9856-3BE0620A7B20}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BEC1CD2-BE0B-43DB-ABDC-AC4DCFE8BD31}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C207833-534B-43BD-B9FD-BD106979C909}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{32CBE80F-D2BD-4279-82FC-E8D8B0C8B55F}] => C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{6100EFE1-AC24-4E6B-89B0-97FB556C6101}] => C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{0E4A21A3-D0C8-4F45-8C02-C533CBD609B4}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{13B5884B-7313-45E2-B8C3-8B4D97D05F40}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{14DE22E1-9935-44C9-AD6B-C0C3545FDFB5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-12-2016 05:11:44 Windows Update
17-12-2016 00:01:20 Naplánovaný kontrolní bod
17-12-2016 05:41:08 Windows Update
18-12-2016 14:43:16 Installed linguatec Voice Reader
25-12-2016 19:21:35 Naplánovaný kontrolní bod
27-12-2016 08:29:47 ComboFix created restore point
27-12-2016 12:09:54 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2016 12:13:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 12:08:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/27/2016 12:08:04 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 12:08:04 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 12:08:04 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 11:56:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/27/2016 11:56:13 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0


System errors:
=============
Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll
Kód chyby: 126

Error: (12/27/2016 12:13:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/27/2016 12:10:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Driver Helper Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/27/2016 12:08:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll
Kód chyby: 126

Error: (12/27/2016 12:08:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/27/2016 12:07:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Update Service Daemon byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/27/2016 12:07:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (12/27/2016 12:07:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Office Software Protection Platform byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/27/2016 12:07:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bluetooth Media Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/27/2016 12:07:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bluetooth OBEX Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===================================
Date: 2016-12-27 09:29:41.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:41.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:41.293
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:41.246
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 08:35:04.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-27 08:35:04.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-26 09:03:55.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 8102.06 MB
Available physical RAM: 6405.6 MB
Total Virtual: 16202.32 MB
Available Virtual: 14422.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.47 GB) (Free:186.4 GB) NTFS
Drive d: () (Fixed) (Total:146.39 GB) (Free:62.37 GB) NTFS
Drive e: (Nový svazek) (Fixed) (Total:319.27 GB) (Free:4.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 9152EE0C)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9A8E8901)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: pomalý NTB, eset neustale odstranuje trojany

Napsal: 27 pro 2016 17:21
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: pomalý NTB, eset neustale odstranuje trojany

Napsal: 27 pro 2016 17:38
od ian
# AdwCleaner v6.041 - Log vytvořen 27/12/2016 v 17:35:53
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-26.3 [Místní]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : kik - KIK-PC
# Spuštěno z : C:\Users\kik\Desktop\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC


***** [ Registry ] *****

[#] Klíč smazán po restartu: HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3415 Bajty] - [27/12/2016 12:07:22]
C:\AdwCleaner\AdwCleaner[C2].txt - [1141 Bajty] - [27/12/2016 17:35:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [3427 Bajty] - [27/12/2016 12:06:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [1681 Bajty] - [27/12/2016 17:35:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1360 Bajty] ##########

Re: pomalý NTB, eset neustale odstranuje trojany

Napsal: 27 pro 2016 18:56
od Rudy
Dejte nový log FRST.

Re: pomalý NTB, eset neustale odstranuje trojany

Napsal: 27 pro 2016 19:14
od ian
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by kik (administrator) on KIK-PC (27-12-2016 19:12:43)
Running from C:\Users\kik\Desktop
Loaded Profiles: kik & UpdatusUser (Available Profiles: kik & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Users\kik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Users\kik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2016-02-12] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2014-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2014-03-10] (Synaptics Incorporated)
HKLM\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKLM\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: {67d556a0-affd-11e6-ba41-ac72891e4f5a} - G:\Startme.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-05-28] (NVIDIA Corporation)
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs [2016-11-06] ()
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.250.192.1 213.250.194.1
Tcpip\..\Interfaces\{98B0165E-2F05-4440-86BB-FB65468E077E}: [DhcpNameServer] 213.250.192.1 213.250.194.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {08D2BA02-E2BE-481C-BAFA-27B666E6A236} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {12154D41-8799-45BF-BDCE-298659E6B639} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {29A01E2D-7A1A-470B-BA9B-4BBB6C3290CD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {6113D045-0CD7-4843-B9CE-676152EC90BA} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {9FC9731A-A0E6-4CFF-B6B6-EF80586EFD47} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {DB21617D-D6A1-4BB0-89C0-0A590B6B7FBA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {F6ADA3E3-6B5C-410A-95F2-C77CB78F982F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1000 -> {FB766F29-D473-4113-8FE8-424F01401D37} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {08D2BA02-E2BE-481C-BAFA-27B666E6A236} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {12154D41-8799-45BF-BDCE-298659E6B639} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {29A01E2D-7A1A-470B-BA9B-4BBB6C3290CD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {6113D045-0CD7-4843-B9CE-676152EC90BA} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {7917A5FC-B7C0-434D-9D4E-DEEAC7916BC8} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {9FC9731A-A0E6-4CFF-B6B6-EF80586EFD47} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {DB21617D-D6A1-4BB0-89C0-0A590B6B7FBA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {F6ADA3E3-6B5C-410A-95F2-C77CB78F982F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> {FB766F29-D473-4113-8FE8-424F01401D37} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
DPF: HKLM-x32 {4ED0ADAD-9FFA-4315-9E02-6B21A9F5C235}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: r9n6jj6g.default
FF ProfilePath: C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default [2016-12-27]
FF Homepage: Mozilla\Firefox\Profiles\r9n6jj6g.default -> hxxp://seznam.cz/
FF Extension: (Firefox Hotfix) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-15]
FF Extension: (Seznam lištička) - C:\Users\kik\AppData\Roaming\Mozilla\Firefox\Profiles\r9n6jj6g.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-07-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default [2016-12-25]
CHR Extension: (Prezentace Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-08]
CHR Extension: (Dokumenty Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-08]
CHR Extension: (Disk Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-08]
CHR Extension: (YouTube) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-08]
CHR Extension: (Tabulky Google) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-08]
CHR Extension: (Gmail) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\kik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2771848 2016-11-18] (ESET)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2016-03-14] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-18] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-11-18] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-11-18] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-11-18] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-11-18] (ESET)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-12-22] (Kingsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-27 17:34 - 2016-12-27 17:34 - 03977168 _____ C:\Users\kik\Desktop\adwcleaner_6.041.exe
2016-12-27 12:23 - 2016-12-27 19:12 - 00021104 _____ C:\Users\kik\Desktop\FRST.txt
2016-12-27 12:23 - 2016-12-27 12:23 - 00027190 _____ C:\Users\kik\Desktop\Addition.txt
2016-12-27 12:22 - 2016-12-27 19:12 - 00000000 ____D C:\FRST
2016-12-27 12:05 - 2016-12-27 17:35 - 00000000 ____D C:\AdwCleaner
2016-12-27 12:05 - 2016-12-27 12:05 - 03977168 _____ C:\Users\kik\Desktop\AdwCleaner.exe
2016-12-27 12:04 - 2016-12-27 12:04 - 02420736 _____ (Farbar) C:\Users\kik\Desktop\FRST64.exe
2016-12-27 12:04 - 2016-12-27 12:04 - 01663040 _____ (Malwarebytes) C:\Users\kik\Desktop\JRT.exe
2016-12-27 08:59 - 2016-12-27 08:59 - 00019066 _____ C:\ComboFix.txt
2016-12-27 08:29 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-27 08:29 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-27 08:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-27 08:29 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-27 08:28 - 2016-12-27 09:00 - 00000000 ____D C:\Qoobox
2016-12-27 08:28 - 2016-12-27 08:55 - 00000000 ____D C:\Windows\erdnt
2016-12-27 08:28 - 2016-12-27 08:28 - 05659917 ____R (Swearware) C:\Users\kik\Desktop\ComboFix.exe
2016-12-23 09:48 - 2016-12-23 09:48 - 00426104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-23 09:19 - 2016-12-23 09:19 - 00118248 _____ C:\Users\kik\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-22 21:31 - 2016-12-22 21:31 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2016-12-22 21:31 - 2016-12-22 21:31 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\ProgramData\Kingsoft
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\ProgramData\cmcm
2016-12-22 21:31 - 2016-12-22 21:31 - 00000000 ____D C:\Program Files (x86)\cmcm
2016-12-21 18:33 - 2016-12-21 18:33 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-12-18 16:27 - 2016-12-18 16:28 - 00000000 ____D C:\Program Files (x86)\mp3DirectCut
2016-12-18 16:27 - 2016-12-18 16:27 - 00001055 _____ C:\Users\kik\Desktop\mp3DirectCut.lnk
2016-12-18 14:43 - 2016-12-18 14:43 - 00001862 _____ C:\Users\Public\Desktop\linguatec Voice Reader.lnk
2016-12-18 14:43 - 2016-12-18 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\linguatec
2016-12-18 14:43 - 2016-12-18 14:43 - 00000000 ____D C:\Program Files (x86)\linguatec
2016-12-18 14:43 - 2004-10-11 13:29 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2016-12-18 14:43 - 2004-10-11 13:29 - 00499712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2016-12-18 14:43 - 2004-10-11 13:29 - 00348160 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-12-18 14:43 - 2003-03-19 07:12 - 01047552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll
2016-12-17 16:20 - 2016-12-17 16:20 - 00000000 ____D C:\Users\kik\Nová složka
2016-12-17 11:08 - 2016-12-17 11:08 - 00001029 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk
2016-12-17 11:08 - 2016-12-17 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2016-12-16 22:08 - 2016-12-21 18:32 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2016-12-14 19:35 - 2016-12-14 19:35 - 00000000 ____D C:\Users\kik\AppData\Local\Chromium
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-12-14 19:34 - 2016-12-14 19:34 - 00000000 ____D C:\%LOCALAPPDATA%
2016-12-08 20:43 - 2016-12-08 20:45 - 57375934 _____ C:\Users\kik\Documents\ĺSCN9076.MOV
2016-12-08 19:50 - 2016-12-08 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program
2016-12-08 19:50 - 2016-12-08 19:50 - 00000000 ____D C:\Program Files (x86)\My Program
2016-12-08 19:48 - 2016-11-06 23:07 - 00045902 _____ C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
2016-12-08 17:59 - 2016-12-08 17:59 - 00000000 ____D C:\Program Files\EaseUS
2016-12-08 16:48 - 2016-12-15 19:27 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-08 16:47 - 2016-12-08 18:10 - 00000000 ____D C:\Users\kik\AppData\Local\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-27 18:44 - 2016-02-12 16:31 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-27 17:43 - 2011-04-12 09:34 - 00671630 _____ C:\Windows\system32\perfh005.dat
2016-12-27 17:43 - 2011-04-12 09:34 - 00142194 _____ C:\Windows\system32\perfc005.dat
2016-12-27 17:43 - 2009-07-14 06:13 - 01590786 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-27 17:43 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-27 17:43 - 2009-07-14 05:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-27 17:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-27 17:42 - 2016-04-07 20:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-27 17:41 - 2016-03-17 20:47 - 00000000 ____D C:\Users\kik\AppData\Roaming\Seznam.cz
2016-12-27 17:37 - 2016-11-15 19:49 - 00000000 ____D C:\Users\kik\AppData\LocalLow\Mozilla
2016-12-27 17:37 - 2016-04-03 20:15 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-27 17:36 - 2016-02-12 16:14 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-27 17:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-27 08:40 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-12-27 00:02 - 2016-03-13 18:34 - 00000000 ____D C:\Users\kik\AppData\Roaming\vlc
2016-12-23 12:09 - 2016-03-13 18:33 - 00371200 _____ C:\Users\kik\Desktop\účet 2009.xls
2016-12-22 21:35 - 2016-03-14 18:46 - 00000000 ____D C:\Users\kik\AppData\Roaming\DAEMON Tools Lite
2016-12-22 21:32 - 2016-02-12 14:31 - 00000000 ____D C:\Windows\Panther
2016-12-22 21:32 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-12-18 14:43 - 2016-02-12 16:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-18 09:08 - 2016-06-28 18:04 - 00000000 ____D C:\Users\kik\AppData\Local\ElevatedDiagnostics
2016-12-18 09:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-17 16:20 - 2016-02-12 15:09 - 00000000 ____D C:\Users\kik
2016-12-16 21:27 - 2016-05-11 18:21 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933
2016-12-16 21:27 - 2016-04-03 20:15 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-15 19:06 - 2016-02-12 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 20:44 - 2016-02-12 16:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 20:44 - 2016-02-12 16:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 20:44 - 2016-02-12 16:31 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 20:44 - 2016-02-12 16:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 20:44 - 2016-02-12 16:31 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 20:14 - 2016-11-15 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-14 19:36 - 2016-04-07 20:11 - 00000000 ____D C:\Users\kik\AppData\Local\Steam
2016-12-14 19:34 - 2016-02-12 16:14 - 00000000 ____D C:\Users\UpdatusUser
2016-12-08 16:48 - 2016-04-03 20:15 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-08 15:28 - 2016-02-12 15:11 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2016-12-07 16:03 - 2016-03-20 18:08 - 00000000 ____D C:\Users\kik\AppData\Roaming\dvdcss
2016-12-07 15:51 - 2016-02-12 15:11 - 00001153 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2016-12-07 15:51 - 2016-02-12 15:11 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-11-27 11:28 - 2016-03-13 18:33 - 00010263 _____ C:\Users\kik\Desktop\p z k.xlsx

==================== Files in the root of some directories =======

2016-12-08 19:48 - 2016-11-06 23:07 - 0045902 _____ () C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
2016-10-11 19:18 - 2016-10-21 14:58 - 0004608 _____ () C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\kik\AppData\Local\Temp\libeay32.dll
C:\Users\kik\AppData\Local\Temp\msvcr120.dll
C:\Users\kik\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-24 13:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by kik (27-12-2016 19:13:05)
Running from C:\Users\kik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-02-12 14:09:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3848322618-442018629-1780355425-500 - Administrator - Disabled)
Guest (S-1-5-21-3848322618-442018629-1780355425-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3848322618-442018629-1780355425-1003 - Limited - Enabled)
kik (S-1-5-21-3848322618-442018629-1780355425-1000 - Administrator - Enabled) => C:\Users\kik
UpdatusUser (S-1-5-21-3848322618-442018629-1780355425-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.6.3.0 - Asmedia Technology)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0013 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
ESET Smart Security (HKLM\...\{B7DE9695-00B8-4935-97B5-A2CBFBA6A3F8}) (Version: 9.0.376.1 - ESET, spol. s r.o.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
linguatec Voice Reader (HKLM-x32\...\{93293322-B694-4270-B7FE-DDE1A681ACCA}) (Version: 1.00.0000 - linguatec)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 cs)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
My Program version 1.5 (HKLM-x32\...\{11C0B447-2D00-4891-B686-367E63EDAC63}_is1) (Version: 1.5 - My Company, Inc.)
NVIDIA Ovladač 3D Vision 268.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 268.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.74 - NVIDIA Corporation)
Ovládací panel NVIDIA 268.74 (Version: 268.74 - NVIDIA Corporation) Hidden
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM\...\Steam App 4500) (Version: - GSC Game World)
Seznam Software (HKU\S-1-5-21-3848322618-442018629-1780355425-1000\...\SeznamInstall) (Version: - Seznam.cz)
Seznam Software (HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\SeznamInstall) (Version: - Seznam.cz)
Slideshow Creator (HKLM-x32\...\{4E1A63B1-F547-4CFC-91F7-F32F1A6BF430}_is1) (Version: 1.4 - Bolide Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {062E3D81-37CB-4AFC-9099-B80101F17491} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {07B27044-6E8C-4717-AF7E-AA85B45144A7} - System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {093C71EA-A147-43C0-A495-B11A3ED46C4B} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {0BB7DBA3-E1EC-4BEC-9E22-75A6D3372D94} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {0EFF2C3E-02A6-42C2-BF76-2593DE06D45D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {14631C8D-B636-4F9F-B71B-5B5013F67550} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {155A9281-C6A6-4770-B36A-05E50ED05FED} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1D25DFBE-1A92-4F17-ADFC-EE604932C50F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {25EEE18A-5CC8-4EAC-8B36-BB9BF7A40451} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {2AFE5FE1-554E-475E-A609-43071913EA90} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2B9A048B-F9C6-45BD-A1D5-275FA63DA658} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {2ED7D93E-3C84-475F-9EEB-5CB1493D7BDE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {2FCAAC55-5239-4831-A3EF-70138DB15331} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {30CA994A-4AD5-4489-A314-B5D8D5EA5D04} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {40998701-8693-45F4-B716-32B7B2CB32C9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {5D8783EB-A2F8-491E-B1D4-87B2F400412F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {65722CEB-898F-4DB6-8B5C-527959478998} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {85BD1173-8997-422B-BB95-391606F20E12} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {933F48B3-F598-4C79-8FC9-C07BDD85D56B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {9E4B6383-6268-46BE-8C85-DFCF644CF1D4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {AA621048-FF7A-4708-A073-42D0BAAA403C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C1360B99-1C98-451C-B579-1852EE81DE84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {C646F5CB-5A97-4EFF-98DB-0F094323308F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C99C02A0-36EA-443E-8A59-5001192B1F75} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {D1A843A6-D4FD-447E-834D-02E721DEEE14} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {D6FDE686-B4E7-4907-87A5-8E9BA9AF0FA0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {EB1E6AEB-6D0C-414C-ABB3-760480EF4204} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {EC4E4B4E-9461-4986-AD96-F82782338039} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F34C6BCF-E242-4E78-8258-EF4F26B847C6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-03-17 20:47 - 2015-05-26 12:35 - 00079872 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\1927libfoxloader-x64.dll
2016-02-12 16:09 - 2011-04-10 10:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-03-13 18:27 - 2014-03-10 22:00 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-09-25 19:44 - 2014-09-25 19:44 - 00043008 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-03-17 20:47 - 2015-05-26 12:38 - 00457384 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2016-03-17 20:47 - 2015-05-26 12:36 - 00073896 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2016-03-17 20:47 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\1927libfoxloader.dll
2016-04-07 20:11 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-07 20:11 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-07 20:11 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-07 20:11 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-03-17 20:47 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\kik\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-12-14 19:35 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-07 20:11 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-07 20:11 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-12-27 08:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3848322618-442018629-1780355425-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.250.192.1 - 213.250.194.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9B8694DF-571E-4774-A10E-3187262659BC}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6233870B-1DE6-4996-AD8C-3B33B48E8208}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{A2C55146-019D-4270-A981-8B6B18CADBF9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41152431-5129-4833-9856-3BE0620A7B20}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BEC1CD2-BE0B-43DB-ABDC-AC4DCFE8BD31}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C207833-534B-43BD-B9FD-BD106979C909}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{32CBE80F-D2BD-4279-82FC-E8D8B0C8B55F}] => C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{6100EFE1-AC24-4E6B-89B0-97FB556C6101}] => C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{0E4A21A3-D0C8-4F45-8C02-C533CBD609B4}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{13B5884B-7313-45E2-B8C3-8B4D97D05F40}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{14DE22E1-9935-44C9-AD6B-C0C3545FDFB5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-12-2016 05:11:44 Windows Update
17-12-2016 00:01:20 Naplánovaný kontrolní bod
17-12-2016 05:41:08 Windows Update
18-12-2016 14:43:16 Installed linguatec Voice Reader
25-12-2016 19:21:35 Naplánovaný kontrolní bod
27-12-2016 08:29:47 ComboFix created restore point
27-12-2016 12:09:54 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2016 05:36:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/27/2016 05:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 05:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 05:36:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 04:12:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80004005).

Error: (12/27/2016 12:13:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=43, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=25, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 12:13:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Přeskočení: Ověření Eap method DLL path name se nezdařilo. Chyba: ID typu=17, ID autora=9, ID dodavatele=0, typ dodavatele=0

Error: (12/27/2016 12:08:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (12/27/2016 07:07:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/27/2016 07:06:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/27/2016 07:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/27/2016 07:06:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/27/2016 07:06:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/27/2016 07:06:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/27/2016 07:06:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/27/2016 05:58:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/27/2016 05:58:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/27/2016 05:58:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba TrustedInstaller neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


CodeIntegrity:
===================================
Date: 2016-12-27 09:29:41.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:41.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:41.293
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:41.246
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 09:29:35.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-12-27 08:35:04.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-27 08:35:04.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-26 09:03:55.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\My Program\explorer.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8102.06 MB
Available physical RAM: 5867.03 MB
Total Virtual: 16202.32 MB
Available Virtual: 13778.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.47 GB) (Free:186.05 GB) NTFS
Drive d: () (Fixed) (Total:146.39 GB) (Free:62.37 GB) NTFS
Drive e: (Nový svazek) (Fixed) (Total:319.27 GB) (Free:4.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 9152EE0C)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9A8E8901)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: pomalý NTB, eset neustale odstranuje trojany

Napsal: 27 pro 2016 20:03
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
C:\Windows\AutoKMS.exe
HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2016-02-12] ()
HKLM\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKLM\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: {67d556a0-affd-11e6-ba41-ac72891e4f5a} - G:\Startme.exe
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs [2016-11-06] ()
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\kik\AppData\Local\Temp
Task: {65722CEB-898F-4DB6-8B5C-527959478998} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

EmptyTemp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: pomalý NTB, eset neustale odstranuje trojany

Napsal: 27 pro 2016 20:14
od ian
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by kik (27-12-2016 20:11:45) Run:1
Running from C:\Users\kik\Desktop
Loaded Profiles: kik & UpdatusUser (Available Profiles: kik & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
C:\Windows\AutoKMS.exe
HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2016-02-12] ()
HKLM\...\Run: [EaseUS Data Recovery Wizard Technician 10] => wscript.exe //B "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs"
HKLM\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\Run: [final] => wscript.exe //B "C:\Users\kik\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\...\MountPoints2: {67d556a0-affd-11e6-ba41-ac72891e4f5a} - G:\Startme.exe
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs [2016-11-06] ()
Startup: C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKU\S-1-5-21-3848322618-442018629-1780355425-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs
C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\kik\AppData\Local\Temp
Task: {65722CEB-898F-4DB6-8B5C-527959478998} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

EmptyTemp
End
*****************

C:\Windows\AutoKMS.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EaseUS Data Recovery Wizard Technician 10 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
"HKU\S-1-5-21-3848322618-442018629-1780355425-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-3848322618-442018629-1780355425-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67d556a0-affd-11e6-ba41-ac72891e4f5a}" => key removed successfully
HKCR\CLSID\{67d556a0-affd-11e6-ba41-ac72891e4f5a} => key not found.
C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen => not found.
C:\Users\kik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3848322618-442018629-1780355425-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value removed successfully
"HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}" => key removed successfully
HKU\S-1-5-21-3848322618-442018629-1780355425-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value removed successfully
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aba9847a3933 => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
Could not move "C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs" => Scheduled to move on reboot.
C:\Users\kik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\kik\AppData\Local\Temp" folder move:

Could not move "C:\Users\kik\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65722CEB-898F-4DB6-8B5C-527959478998}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65722CEB-898F-4DB6-8B5C-527959478998}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => not found.
EmptyTemp => Error: No automatic fix found for this entry.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-12-2016 20:13:10)

C:\Users\kik\AppData\Roaming\EaseUS Data Recovery Wizard Technician 10.2.0 + Keygen [SadeemPC.vbs => Is moved successfully
C:\Users\kik\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:13:10 ====

Re: pomalý NTB, eset neustale odstranuje trojany

Napsal: 27 pro 2016 20:23
od Rudy
Smazáno. Nastala nějaká změna?

Re: pomalý NTB, eset neustale odstranuje trojany

Napsal: 27 pro 2016 20:45
od ian
Už to zase valí jako dříve, a zdá se že to nemusí blokovat tu stránku. Děkuju moc a hezký svátky

Re: pomalý NTB, eset neustale odstranuje trojany

Napsal: 27 pro 2016 21:02
od Rudy
Šťastný nový rok a nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz