Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2017
Ran by Meda Beda (administrator) on MEDABEDA (24-01-2017 20:06:55)
Running from C:\Documents and Settings\Meda Beda\Plocha
Loaded Profiles: Meda Beda (Available Profiles: Meda Beda)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
() C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\WINDOWS\system32\cleanmgr.exe
(forum.viry.cz) C:\Documents and Settings\Meda Beda\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mouseElf] => C:\Program Files\KYE\Genius NetScroll Optical Mouse\MouseElf.exe [151552 2002-05-20] (Genius)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [94208 2006-04-21] (Nero AG)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3281600 2016-03-03] (Disc Soft Ltd)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {3b1936ec-a562-11e4-a8cb-001d7da85684} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad538-f77e-11e6-a97f-027005651504} - F:\Autorun.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad53b-f77e-11e6-a97f-027005651504} - G:\Setup.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d7-c97a-11e6-a95e-001d7da85684} - F:\Startme.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d8-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0dd-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0eb-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {c6002941-7f90-11e4-a8b9-001d7da85684} - F:\Lenovo_Suite.exe
HKLM\...\Providers\vh9ggz5t: C:\Program Files\Clokisevuboly Reports\local32spl.dll [272384 2017-01-20] ()
ShellExecuteHooks: No Name - {C37C42DA-DC66-11E6-A37E-64006A5CFC23} - C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly\Casuch.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk [2014-10-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0E9FDCD7-E94B-48C8-9673-FC1AFA961758}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
URLSearchHook: [S-1-5-21-436374069-1580436667-682003330-1004] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-436374069-1580436667-682003330-1004 - SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
URLSearchHook: HKU\S-1-5-21-436374069-1580436667-682003330-1004 - (No Name) - {31264a33-a653-46c4-af49-1232c59a7da5} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> {6D79A96D-110D-4FA5-8307-B7CB11A6C771} URL = hxxp://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3329621&CUI=UN13311442818921144&UM=4
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: No Name -> {31264a33-a653-46c4-af49-1232c59a7da5} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> No File
Toolbar: HKLM - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> No Name - {31264A33-A653-46C4-AF49-1232C59A7DA5} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1398617036040
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1398617119478
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.amisites.com/?type=sc&ts=1485268826 ... 0664806648
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default [2017-01-24]
FF NewTab: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> about:newtab
FF DefaultSearchEngine: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF DefaultSearchUrl: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF SelectedSearchEngine: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF Homepage: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxps://www.seznam.cz/?clid=22668
FF Keyword.URL: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Extension: (uBlock Origin) - C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\Extensions\uBlock0@raymondhill.net.xpi [2016-12-28]
FF Extension: (SweetPacks Toolbar for Firefox) - C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2014-04-30] [not signed]
FF SearchPlugin: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\searchplugins\amisites.xml [2017-01-24]
FF SearchPlugin: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\searchplugins\seznam-avast.xml [2017-01-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-05] [not signed]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-01-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-21] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Archer; C:\Program Files\WinArcher\Archer.dll [720384 2017-01-24] (TODO: <公司名>) [File not signed]
R2 Dihughterjecult; C:\Program Files\Momicultckerticult\ghezutyferdeingUpdate.dll [136192 2017-01-20] () [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082560 2016-03-03] (Disc Soft Ltd) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 GubedZL; C:\Program Files\Gubed\GubedZL.dll [148480 2017-01-23] () [File not signed]
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1962504 2016-11-11] (LogMeIn Inc.)
R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2016-08-26] () [File not signed]
R3 iThemes5; C:\Program Files\Common Files\Services\iThemes.dll [882688 2017-01-23] () [File not signed] <==== ATTENTION
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-11-11] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
R2 WinSAPSvc; C:\Documents and Settings\All Users\Data aplikací\WinSAPSvc\WinSAP.dll [547840 2017-01-23] () [File not signed]
S2 ed2kidle; "C:\Program Files\amuleC2\ed2k.exe" -downloadwhenidle [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [26168 2017-01-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [40504 2017-01-20] (Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\DRIVERS\ew_usbccgpfilter.sys [15360 2016-05-25] (Huawei Technologies Co., Ltd.)
S3 genmcmn; C:\WINDOWS\System32\DRIVERS\gmfiltr.sys [6656 2002-05-17] (Genius) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2015-08-03] (LogMeIn, Inc.)
S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [9216 2010-02-22] (MBB Incorporated)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
U0 aswVmm; no ImagePath
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2016-05-25] (Huawei Technologies Co., Ltd.)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-20 21:13 - 2017-02-20 21:13 - 00000000 ____D C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP
2017-02-20 21:13 - 2017-02-20 21:13 - 00000000 ____D C:\Program Files\File Association Helper
2017-02-20 18:46 - 2017-01-20 21:38 - 00002562 _____ C:\WINDOWS\diagwrn.xml
2017-02-20 18:46 - 2017-01-20 21:38 - 00001908 _____ C:\WINDOWS\diagerr.xml
2017-01-24 19:43 - 2017-01-24 20:07 - 00017676 _____ C:\Documents and Settings\Meda Beda\Plocha\FRST.txt
2017-01-24 19:42 - 2017-01-24 20:06 - 00000000 ____D C:\FRST
2017-01-24 19:40 - 2017-01-24 19:40 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Meda Beda\Plocha\FRSTLauncher.exe
2017-01-24 19:39 - 2017-01-24 19:39 - 01762816 _____ (Farbar) C:\Documents and Settings\Meda Beda\Plocha\FRST.exe
2017-01-24 19:00 - 2017-01-24 19:00 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\MFAData
2017-01-24 19:00 - 2017-01-24 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MFAData
2017-01-24 18:55 - 2017-01-24 19:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avg
2017-01-24 18:54 - 2017-01-24 19:34 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\AvgSetupLog
2017-01-24 18:54 - 2017-01-24 18:54 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Avg
2017-01-23 12:39 - 2017-01-24 19:39 - 00000328 _____ C:\WINDOWS\Tasks\WinTOOL.job
2017-01-23 12:38 - 2017-01-23 12:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\wintools
2017-01-23 12:38 - 2017-01-23 12:38 - 00000000 ____D C:\Program Files\WinArcher
2017-01-23 12:38 - 2017-01-23 12:38 - 00000000 ____D C:\Program Files\MIO
2017-01-23 12:38 - 2017-01-23 12:38 - 00000000 ____D C:\Program Files\Gubed
2017-01-23 12:38 - 2017-01-23 12:38 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\WinSAPSvc
2017-01-23 12:37 - 2017-01-23 12:37 - 00000000 ____D C:\Program Files\vh9ggz5t
2017-01-21 14:20 - 2017-01-21 14:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Dokumenty\NFS Most Wanted
2017-01-21 14:20 - 2017-01-21 14:20 - 00000548 _____ C:\Documents and Settings\All Users\Plocha\Need for Speed™ Most Wanted.lnk
2017-01-21 14:20 - 2017-01-21 14:20 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\EA GAMES
2017-01-21 14:14 - 2017-01-21 14:14 - 00000000 ____D C:\WINDOWS\RegisteredPackages
2017-01-21 14:14 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-01-21 14:13 - 2004-07-19 16:19 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax
2017-01-21 14:13 - 2004-07-19 16:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax
2017-01-21 14:13 - 2004-07-09 04:27 - 00381952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dsound.dll
2017-01-21 14:13 - 2004-07-09 04:27 - 00292864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddraw.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 01230336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msvidctl.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00354816 ____C C:\WINDOWS\system32\dllcache\psisdecd.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00354816 _____ C:\WINDOWS\system32\psisdecd.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00226304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nabtsfec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00052224 ____C C:\WINDOWS\system32\dllcache\msdvbnp.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00052224 _____ C:\WINDOWS\system32\msdvbnp.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00052096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msdv.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00039424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00030208 ____C C:\WINDOWS\system32\dllcache\psisrndr.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00030208 _____ C:\WINDOWS\system32\psisrndr.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00018688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wstcodec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdaplgin.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ccdecode.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00015104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00015104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpe.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\streamip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsink.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00011392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bdasup.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\slip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndisip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisip.sys
2017-01-21 14:13 - 2003-05-30 09:00 - 00797184 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\d3dim700.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdllreg.exe
2017-01-21 14:13 - 2002-12-12 00:14 - 00024064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddrawex.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksolay.ax
2017-01-21 14:13 - 2002-12-12 00:14 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\d3d8thk.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstee.sys
2017-01-21 14:13 - 2002-12-12 00:14 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mstee.sys
2017-01-21 14:13 - 2002-08-29 03:40 - 00667648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dinput8.dll
2017-01-20 21:31 - 2017-01-20 21:31 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Disc_Soft_Ltd
2017-01-20 21:30 - 2017-01-20 21:30 - 00000426 _____ C:\WINDOWS\Tasks\Clokisevuboly Reports.job
2017-01-20 21:30 - 2017-01-20 21:30 - 00000000 ____D C:\Program Files\Clokisevuboly Reports
2017-01-20 21:30 - 2017-01-20 21:30 - 00000000 ____D C:\Documents and Settings\All Users\Dokumenty\Daemon Tools Images
2017-01-20 21:29 - 2017-01-24 14:39 - 00000000 ____D C:\Program Files\Momicultckerticult
2017-01-20 21:29 - 2017-01-21 16:35 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly
2017-01-20 21:29 - 2017-01-20 21:29 - 00040504 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-01-20 21:29 - 2017-01-20 21:29 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Gropsycerjaly
2017-01-20 21:28 - 2017-01-21 09:41 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:31 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:28 - 00026168 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-01-20 21:28 - 2017-01-20 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2017-01-20 21:23 - 2017-01-24 15:56 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\Seznam.cz
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Program Files\Seznam.cz
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Program Files\7-Zip
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\7-Zip
2017-01-20 21:20 - 2017-01-20 21:20 - 00000000 ____D C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP
2017-01-20 21:20 - 2017-01-20 21:20 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\UniqueId
2016-12-29 06:08 - 2016-12-29 06:08 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2016-12-29 06:08 - 2016-12-29 06:08 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\LogMeIn Hamachi
2016-12-26 23:40 - 2016-12-26 23:40 - 00004707 _____ C:\WINDOWS\KB2884256.log
2016-12-26 23:40 - 2016-12-26 23:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2016-12-25 20:29 - 2016-12-25 20:29 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\McAfee
2016-12-25 20:28 - 2016-12-25 20:28 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus
2016-12-25 19:58 - 2016-12-25 20:28 - 00001812 _____ C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
2016-12-25 19:58 - 2016-12-25 20:28 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-25 19:58 - 2016-12-25 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2016-12-25 19:58 - 2016-12-25 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\McAfee
2016-12-25 19:15 - 2016-12-25 19:15 - 00001847 _____ C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
2016-12-25 19:15 - 2016-12-25 19:15 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
2016-12-25 18:29 - 2016-12-25 18:29 - 00000411 _____ C:\Documents and Settings\Meda Beda\Plocha\Zástupce - Pisnicky.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-18 22:36 - 2014-04-30 14:04 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\vlc
2017-02-18 17:43 - 2014-10-07 09:24 - 00016384 ____C C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-17 09:59 - 2014-04-27 17:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-02-16 12:45 - 2014-04-27 18:27 - 00048008 ____C C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2017-01-24 20:07 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Temp
2017-01-24 20:06 - 2014-11-06 13:31 - 00000208 _____ C:\WINDOWS\Tasks\AutoKMS.job
2017-01-24 20:06 - 2014-11-06 13:31 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2017-01-24 20:06 - 2014-11-06 13:30 - 00078848 _____ C:\WINDOWS\KMSEmulator.exe
2017-01-24 20:06 - 2014-04-29 21:19 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-24 20:06 - 2014-04-27 17:21 - 00000000 ___HD C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací
2017-01-24 20:06 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Plocha
2017-01-24 20:05 - 2015-10-02 14:24 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\LogMeIn Hamachi
2017-01-24 20:05 - 2015-10-01 09:56 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2017-01-24 20:05 - 2014-10-03 13:43 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-24 20:05 - 2014-05-04 23:10 - 00000230 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2017-01-24 20:05 - 2014-04-27 17:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-24 20:04 - 2014-04-27 17:21 - 00032638 _____ C:\WINDOWS\SchedLgU.Txt
2017-01-24 20:04 - 2014-04-27 17:21 - 00000178 ___SH C:\Documents and Settings\Meda Beda\ntuser.ini
2017-01-24 19:13 - 2014-10-03 13:43 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-24 19:02 - 2016-09-02 14:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-24 19:02 - 2014-10-03 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2017-01-24 19:02 - 2014-04-27 17:21 - 00000000 __RHD C:\Documents and Settings\Meda Beda\Data aplikací
2017-01-24 19:00 - 2014-04-27 19:06 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-01-24 18:57 - 2014-04-27 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2017-01-24 18:57 - 2014-04-27 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-01-24 18:50 - 2014-04-27 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2017-01-24 18:50 - 2014-04-27 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2017-01-24 18:48 - 2014-04-29 21:19 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-01-24 18:48 - 2014-04-29 21:19 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-01-24 18:48 - 2014-04-27 17:16 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-24 18:47 - 2014-04-27 18:56 - 00000000 ___HD C:\WINDOWS\inf
2017-01-24 18:38 - 2014-10-03 13:42 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-24 15:40 - 2016-09-28 18:34 - 00001156 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast SafeZone 1 Browser.lnk
2017-01-24 15:40 - 2014-04-27 17:21 - 00001113 _____ C:\Documents and Settings\Meda Beda\Nabídka Start\Programy\Internet Explorer.lnk
2017-01-24 15:40 - 2014-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\Meda Beda\Nabídka Start\Programy
2017-01-24 14:39 - 2006-03-02 13:00 - 00011936 _____ C:\WINDOWS\system32\wpa.dbl
2017-01-23 12:38 - 2014-04-27 17:16 - 00000000 ____D C:\Program Files\Common Files\Services
2017-01-22 14:18 - 2014-05-01 19:09 - 01072544 ____C C:\WINDOWS\system32\nvdrsdb1.bin
2017-01-22 14:18 - 2014-05-01 19:09 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2017-01-22 14:18 - 2014-05-01 19:09 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2017-01-21 14:20 - 2014-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\Meda Beda\Dokumenty
2017-01-21 14:16 - 2014-04-27 19:08 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2017-01-21 14:14 - 2014-04-27 18:56 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-01-21 14:13 - 2014-04-27 17:17 - 00000000 ____D C:\WINDOWS\system32\DirectX
2017-01-21 09:44 - 2014-04-29 21:18 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Adobe
2017-01-21 00:16 - 2014-09-17 23:49 - 01316886 ____C C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-436374069-1580436667-682003330-1004-0.dat
2017-01-21 00:16 - 2014-09-17 23:49 - 00218878 ____C C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2017-01-20 21:40 - 2014-05-16 10:59 - 00000069 ____C C:\WINDOWS\NeroDigital.ini
2017-01-20 21:30 - 2014-04-27 19:08 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2017-01-20 21:22 - 2016-09-30 14:42 - 00000000 ____D C:\Documents and Settings\Meda Beda\Plocha\Dokumenty
2017-01-10 20:42 - 2014-10-06 15:45 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2017-01-10 13:40 - 2014-04-27 19:05 - 00199344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-09 18:10 - 2014-04-27 17:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2017-01-09 18:09 - 2014-04-27 18:56 - 00000000 ____D C:\WINDOWS\pchealth
2016-12-29 06:08 - 2016-09-02 12:03 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Data aplikací\LogMeIn Hamachi
2016-12-27 20:40 - 2014-05-21 09:34 - 00000151 ____C C:\WINDOWS\PhotoSnapViewer.INI
2016-12-26 23:40 - 2014-04-27 19:08 - 00957483 ____C C:\WINDOWS\FaxSetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00466742 ____C C:\WINDOWS\ocgen.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00368313 ____C C:\WINDOWS\tsoc.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00326802 ____C C:\WINDOWS\comsetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00196320 ____C C:\WINDOWS\ntdtcsetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00148725 ____C C:\WINDOWS\iis6.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00059762 ____C C:\WINDOWS\ocmsn.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00047974 ____C C:\WINDOWS\msgsocm.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00001393 _____ C:\WINDOWS\imsins.log
2016-12-25 20:29 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2016-12-25 20:28 - 2006-03-02 13:00 - 00000766 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-25 19:58 - 2014-04-27 17:53 - 00000000 ____D C:\Documents and Settings\Meda Beda\Dokumenty\Stažené soubory
2016-12-25 19:15 - 2014-10-03 13:43 - 00000000 ____D C:\Program Files\Google
2016-12-25 18:14 - 2014-10-16 14:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-25 18:08 - 2014-04-27 19:06 - 01175680 _____ C:\WINDOWS\setupapi.log.0.old
2016-12-25 18:07 - 2014-10-16 14:13 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2014-10-07 09:24 - 2017-02-18 17:43 - 0016384 ____C () C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2016-03-04 13:31 - 2016-03-04 13:31 - 1004224 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\AppInstaller.exe
2017-01-21 14:12 - 2005-11-03 20:52 - 0729088 _____ (Electronic Arts Inc.) C:\Documents and Settings\Meda Beda\Local Settings\Temp\AutoRun.exe
2017-01-21 14:12 - 2005-10-13 23:02 - 0585728 _____ (Electronic Arts Inc.) C:\Documents and Settings\Meda Beda\Local Settings\Temp\AutoRunGUI.dll
2016-09-28 21:56 - 2000-04-06 05:00 - 0263168 ____N () C:\Documents and Settings\Meda Beda\Local Settings\Temp\binkw32.dll
2017-01-20 21:28 - 2017-01-20 21:28 - 0102912 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\bitool.dll
2016-09-28 21:56 - 2001-05-09 17:19 - 0352256 ____N (Blizzard Entertainment) C:\Documents and Settings\Meda Beda\Local Settings\Temp\d2l_Install.exe
2017-01-23 12:38 - 2017-01-23 12:38 - 26967248 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\inst12.exe
2014-04-27 17:55 - 2007-01-09 13:59 - 0145184 ___RC (Microsoft Corporation) C:\Documents and Settings\Meda Beda\Local Settings\Temp\ose00000.exe
2016-10-01 15:44 - 2016-12-25 18:11 - 1409992 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\Update.exe
2016-09-28 18:24 - 2014-12-11 14:36 - 0364544 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\_unps.exe
2017-01-24 15:53 - 2017-01-24 15:53 - 0534528 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Available physical RAM: 1385.72 MB
Total physical RAM: 1983.48 MB
Percentage of memory in use: 30%
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\Clokisevuboly Reports.job => C:\Program Files\Momicultckerticult\nobent.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WinTOOL.job => C:\Documents and Settings\All Users\Data aplikací\wintools\WintoolUprI.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Meda Beda\Plocha" je 7 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Czechcrowncoin\\czechcrowncoin-qt.exe"="C:\\Program Files\\Czechcrowncoin\\czechcrowncoin-qt.exe:*:Enabled:Czechcrowncoin-Qt (OSS GUI client for Czechcrowncoin)"
"C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"="C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe:*:Disabled:EEventManager Application"
"D:\\Diablo II\\Game.exe"="D:\\Diablo II\\Game.exe:*:Enabled:Diablo II"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Podezření na přítomnost viru
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na přítomnost viru
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření na přítomnost viru
# AdwCleaner v6.042 - Log vytvořen 24/01/2017 v 21:28:20
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-24.2 [Server]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : Meda Beda - MEDABEDA
# Spuštěno z : C:\Documents and Settings\Meda Beda\Plocha\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: Archer
[-] Služba smazána: ed2kidle
[-] Služba smazána: iThemes5
[-] Služba smazána: GubedZL
***** [ Složky ] *****
[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\SweetIM
[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\Tbccint
[#] Složka smazána po restartu: C:\Documents and Settings\All Users\Data aplikací\tbccint
[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\WinSAPSvc
[#] Složka smazána po restartu: C:\Documents and Settings\All Users\Data aplikací\winsapsvc
[-] Složka smazána: C:\Documents and Settings\All Users\Nabídka Start\Programy\SweetPlayer
[-] Složka smazána: C:\Documents and Settings\All Users\Nabídka Start\Programy\DriverNavigator
[-] Složka smazána: C:\Program Files\SweetIM
[-] Složka smazána: C:\Program Files\sweetpacks bundle uninstaller
[-] Složka smazána: C:\Program Files\SweetPlayer
[-] Složka smazána: C:\Program Files\WinArcher
[#] Složka smazána po restartu: C:\Program Files\winarcher
[-] Složka smazána: C:\Program Files\Gubed
[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\WinTools
[-] Složka smazána: C:\Program Files\MIO
***** [ Soubory ] *****
[-] Soubor smazán: C:\END
[-] Soubor smazán: C:\Program Files\Common Files\SERVICES\ITHEMES.DLL
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[-] Zástupce vyléčen: C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast SafeZone 1 Browser.lnk
[-] Zástupce vyléčen: C:\Documents and Settings\All Users\Nabídka Start\Programy\SweeetPlayer bundle\SweeetPlayer bundle.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: WinTOOL
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Toolbar.CT3329621
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Toolbar3.SWEETIE
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Toolbar3.SWEETIE.1
[-] Klíč smazán: HKCU\Software\Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
[-] Klíč smazán: HKCU\Software\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
[-] Klíč smazán: HKU\.DEFAULT\Software\ompndb
[-] Klíč smazán: HKU\.DEFAULT\Software\ecb`nl
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\BS_Player_ControlBar_B
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\SweetIM
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Tbccint
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Tbccint_HKLM
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\TbccintSearchScopes
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ompndb
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ecb`nl
[#] Klíč smazán po restartu: HKCU\Software\BS_Player_ControlBar_B
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\SweetIM
[#] Klíč smazán po restartu: HKCU\Software\Tbccint
[#] Klíč smazán po restartu: HKCU\Software\Tbccint_HKLM
[#] Klíč smazán po restartu: HKCU\Software\TbccintSearchScopes
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\SweetIM
[-] Klíč smazán: HKLM\SOFTWARE\youndooSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\ompndb
[-] Klíč smazán: HKLM\SOFTWARE\ecb`nl
[-] Klíč smazán: HKLM\SOFTWARE\WinArcher
[-] Klíč smazán: HKLM\SOFTWARE\amisitesSoftware
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F5700A1-5116-4BAA-9AD8-3FB238BE9334}_is1
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3F5700A1-5116-4BAA-9AD8-3FB238BE9334}_is1
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E7F552EF334C802D75A55F0F6344722
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6D79A96D-110D-4FA5-8307-B7CB11A6C771}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6D79A96D-110D-4FA5-8307-B7CB11A6C771}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files\Internet Explorer\iexplore.exe"
[-] Klíč smazán: HKCU\Toolbar
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Hodnota smazána: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [12158 Bajty] - [24/01/2017 21:28:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [12373 Bajty] - [24/01/2017 21:26:34]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12306 Bajty] ##########
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-24.2 [Server]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : Meda Beda - MEDABEDA
# Spuštěno z : C:\Documents and Settings\Meda Beda\Plocha\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: Archer
[-] Služba smazána: ed2kidle
[-] Služba smazána: iThemes5
[-] Služba smazána: GubedZL
***** [ Složky ] *****
[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\SweetIM
[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\Tbccint
[#] Složka smazána po restartu: C:\Documents and Settings\All Users\Data aplikací\tbccint
[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\WinSAPSvc
[#] Složka smazána po restartu: C:\Documents and Settings\All Users\Data aplikací\winsapsvc
[-] Složka smazána: C:\Documents and Settings\All Users\Nabídka Start\Programy\SweetPlayer
[-] Složka smazána: C:\Documents and Settings\All Users\Nabídka Start\Programy\DriverNavigator
[-] Složka smazána: C:\Program Files\SweetIM
[-] Složka smazána: C:\Program Files\sweetpacks bundle uninstaller
[-] Složka smazána: C:\Program Files\SweetPlayer
[-] Složka smazána: C:\Program Files\WinArcher
[#] Složka smazána po restartu: C:\Program Files\winarcher
[-] Složka smazána: C:\Program Files\Gubed
[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\WinTools
[-] Složka smazána: C:\Program Files\MIO
***** [ Soubory ] *****
[-] Soubor smazán: C:\END
[-] Soubor smazán: C:\Program Files\Common Files\SERVICES\ITHEMES.DLL
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
[-] Zástupce vyléčen: C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast SafeZone 1 Browser.lnk
[-] Zástupce vyléčen: C:\Documents and Settings\All Users\Nabídka Start\Programy\SweeetPlayer bundle\SweeetPlayer bundle.lnk
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: WinTOOL
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Toolbar.CT3329621
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Toolbar3.SWEETIE
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Toolbar3.SWEETIE.1
[-] Klíč smazán: HKCU\Software\Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
[-] Klíč smazán: HKCU\Software\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
[-] Klíč smazán: HKU\.DEFAULT\Software\ompndb
[-] Klíč smazán: HKU\.DEFAULT\Software\ecb`nl
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\BS_Player_ControlBar_B
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\SweetIM
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Tbccint
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Tbccint_HKLM
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\TbccintSearchScopes
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ompndb
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ecb`nl
[#] Klíč smazán po restartu: HKCU\Software\BS_Player_ControlBar_B
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\SweetIM
[#] Klíč smazán po restartu: HKCU\Software\Tbccint
[#] Klíč smazán po restartu: HKCU\Software\Tbccint_HKLM
[#] Klíč smazán po restartu: HKCU\Software\TbccintSearchScopes
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\SweetIM
[-] Klíč smazán: HKLM\SOFTWARE\youndooSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\ompndb
[-] Klíč smazán: HKLM\SOFTWARE\ecb`nl
[-] Klíč smazán: HKLM\SOFTWARE\WinArcher
[-] Klíč smazán: HKLM\SOFTWARE\amisitesSoftware
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F5700A1-5116-4BAA-9AD8-3FB238BE9334}_is1
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3F5700A1-5116-4BAA-9AD8-3FB238BE9334}_is1
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E7F552EF334C802D75A55F0F6344722
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6D79A96D-110D-4FA5-8307-B7CB11A6C771}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6D79A96D-110D-4FA5-8307-B7CB11A6C771}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files\Internet Explorer\iexplore.exe"
[-] Klíč smazán: HKCU\Toolbar
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Hodnota smazána: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [12158 Bajty] - [24/01/2017 21:28:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [12373 Bajty] - [24/01/2017 21:26:34]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12306 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na přítomnost viru
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření na přítomnost viru
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2017
Ran by Meda Beda (administrator) on MEDABEDA (24-01-2017 22:15:58)
Running from C:\Documents and Settings\Meda Beda\Plocha
Loaded Profiles: Meda Beda (Available Profiles: Meda Beda)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
() C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\Meda Beda\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mouseElf] => C:\Program Files\KYE\Genius NetScroll Optical Mouse\MouseElf.exe [151552 2002-05-20] (Genius)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [94208 2006-04-21] (Nero AG)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3281600 2016-03-03] (Disc Soft Ltd)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {3b1936ec-a562-11e4-a8cb-001d7da85684} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad538-f77e-11e6-a97f-027005651504} - F:\Autorun.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad53b-f77e-11e6-a97f-027005651504} - G:\Setup.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d7-c97a-11e6-a95e-001d7da85684} - F:\Startme.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d8-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0dd-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0eb-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {c6002941-7f90-11e4-a8b9-001d7da85684} - F:\Lenovo_Suite.exe
HKLM\...\Providers\vh9ggz5t: C:\Program Files\Clokisevuboly Reports\local32spl.dll [272384 2017-01-20] ()
ShellExecuteHooks: No Name - {C37C42DA-DC66-11E6-A37E-64006A5CFC23} - C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly\Casuch.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk [2014-10-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0E9FDCD7-E94B-48C8-9673-FC1AFA961758}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
URLSearchHook: [S-1-5-21-436374069-1580436667-682003330-1004] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1398617036040
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1398617119478
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default [2017-01-24]
FF NewTab: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> about:newtab
FF DefaultSearchEngine: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF DefaultSearchUrl: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF SelectedSearchEngine: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF Homepage: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxps://www.seznam.cz/?clid=22668
FF Keyword.URL: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Extension: (uBlock Origin) - C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\Extensions\uBlock0@raymondhill.net.xpi [2016-12-28]
FF Extension: (SweetPacks Toolbar for Firefox) - C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2014-04-30] [not signed]
FF SearchPlugin: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\searchplugins\amisites.xml [2017-01-24]
FF SearchPlugin: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\searchplugins\seznam-avast.xml [2017-01-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-05] [not signed]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-01-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-21] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Dihughterjecult; C:\Program Files\Momicultckerticult\ghezutyferdeingUpdate.dll [136192 2017-01-20] () [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082560 2016-03-03] (Disc Soft Ltd) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1962504 2016-11-11] (LogMeIn Inc.)
R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2016-08-26] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-11-11] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [26168 2017-01-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [40504 2017-01-20] (Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\DRIVERS\ew_usbccgpfilter.sys [15360 2016-05-25] (Huawei Technologies Co., Ltd.)
S3 genmcmn; C:\WINDOWS\System32\DRIVERS\gmfiltr.sys [6656 2002-05-17] (Genius) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2015-08-03] (LogMeIn, Inc.)
S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [9216 2010-02-22] (MBB Incorporated)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
U0 aswVmm; no ImagePath
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2016-05-25] (Huawei Technologies Co., Ltd.)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-20 21:13 - 2017-02-20 21:13 - 00000000 ____D C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP
2017-02-20 21:13 - 2017-02-20 21:13 - 00000000 ____D C:\Program Files\File Association Helper
2017-02-20 18:46 - 2017-01-20 21:38 - 00002562 _____ C:\WINDOWS\diagwrn.xml
2017-02-20 18:46 - 2017-01-20 21:38 - 00001908 _____ C:\WINDOWS\diagerr.xml
2017-01-24 21:25 - 2017-01-24 21:28 - 00000000 ____D C:\AdwCleaner
2017-01-24 21:25 - 2017-01-24 21:25 - 03988944 _____ C:\Documents and Settings\Meda Beda\Plocha\adwcleaner_6.042.exe
2017-01-24 19:43 - 2017-01-24 22:16 - 00015236 _____ C:\Documents and Settings\Meda Beda\Plocha\FRST.txt
2017-01-24 19:42 - 2017-01-24 22:15 - 00000000 ____D C:\FRST
2017-01-24 19:40 - 2017-01-24 19:40 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Meda Beda\Plocha\FRSTLauncher.exe
2017-01-24 19:39 - 2017-01-24 19:39 - 01762816 _____ (Farbar) C:\Documents and Settings\Meda Beda\Plocha\FRST.exe
2017-01-24 19:00 - 2017-01-24 19:00 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\MFAData
2017-01-24 19:00 - 2017-01-24 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MFAData
2017-01-24 18:55 - 2017-01-24 19:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avg
2017-01-24 18:54 - 2017-01-24 19:34 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\AvgSetupLog
2017-01-24 18:54 - 2017-01-24 18:54 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Avg
2017-01-23 12:37 - 2017-01-23 12:37 - 00000000 ____D C:\Program Files\vh9ggz5t
2017-01-21 14:20 - 2017-01-21 14:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Dokumenty\NFS Most Wanted
2017-01-21 14:20 - 2017-01-21 14:20 - 00000548 _____ C:\Documents and Settings\All Users\Plocha\Need for Speed™ Most Wanted.lnk
2017-01-21 14:20 - 2017-01-21 14:20 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\EA GAMES
2017-01-21 14:14 - 2017-01-21 14:14 - 00000000 ____D C:\WINDOWS\RegisteredPackages
2017-01-21 14:14 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-01-21 14:13 - 2004-07-19 16:19 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax
2017-01-21 14:13 - 2004-07-19 16:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax
2017-01-21 14:13 - 2004-07-09 04:27 - 00381952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dsound.dll
2017-01-21 14:13 - 2004-07-09 04:27 - 00292864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddraw.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 01230336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msvidctl.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00354816 ____C C:\WINDOWS\system32\dllcache\psisdecd.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00354816 _____ C:\WINDOWS\system32\psisdecd.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00226304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nabtsfec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00052224 ____C C:\WINDOWS\system32\dllcache\msdvbnp.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00052224 _____ C:\WINDOWS\system32\msdvbnp.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00052096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msdv.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00039424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00030208 ____C C:\WINDOWS\system32\dllcache\psisrndr.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00030208 _____ C:\WINDOWS\system32\psisrndr.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00018688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wstcodec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdaplgin.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ccdecode.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00015104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00015104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpe.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\streamip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsink.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00011392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bdasup.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\slip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndisip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisip.sys
2017-01-21 14:13 - 2003-05-30 09:00 - 00797184 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\d3dim700.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdllreg.exe
2017-01-21 14:13 - 2002-12-12 00:14 - 00024064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddrawex.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksolay.ax
2017-01-21 14:13 - 2002-12-12 00:14 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\d3d8thk.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstee.sys
2017-01-21 14:13 - 2002-12-12 00:14 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mstee.sys
2017-01-21 14:13 - 2002-08-29 03:40 - 00667648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dinput8.dll
2017-01-20 21:31 - 2017-01-20 21:31 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Disc_Soft_Ltd
2017-01-20 21:30 - 2017-01-20 21:30 - 00000426 _____ C:\WINDOWS\Tasks\Clokisevuboly Reports.job
2017-01-20 21:30 - 2017-01-20 21:30 - 00000000 ____D C:\Program Files\Clokisevuboly Reports
2017-01-20 21:30 - 2017-01-20 21:30 - 00000000 ____D C:\Documents and Settings\All Users\Dokumenty\Daemon Tools Images
2017-01-20 21:29 - 2017-01-24 14:39 - 00000000 ____D C:\Program Files\Momicultckerticult
2017-01-20 21:29 - 2017-01-21 16:35 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly
2017-01-20 21:29 - 2017-01-20 21:29 - 00040504 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-01-20 21:29 - 2017-01-20 21:29 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Gropsycerjaly
2017-01-20 21:28 - 2017-01-21 09:41 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:31 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:28 - 00026168 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-01-20 21:28 - 2017-01-20 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2017-01-20 21:23 - 2017-01-24 15:56 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\Seznam.cz
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Program Files\Seznam.cz
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Program Files\7-Zip
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\7-Zip
2017-01-20 21:20 - 2017-01-20 21:20 - 00000000 ____D C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP
2017-01-20 21:20 - 2017-01-20 21:20 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\UniqueId
2016-12-29 06:08 - 2016-12-29 06:08 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2016-12-29 06:08 - 2016-12-29 06:08 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\LogMeIn Hamachi
2016-12-26 23:40 - 2016-12-26 23:40 - 00004707 _____ C:\WINDOWS\KB2884256.log
2016-12-26 23:40 - 2016-12-26 23:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2016-12-25 20:29 - 2016-12-25 20:29 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\McAfee
2016-12-25 20:28 - 2016-12-25 20:28 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus
2016-12-25 19:58 - 2016-12-25 20:28 - 00001812 _____ C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
2016-12-25 19:58 - 2016-12-25 20:28 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-25 19:58 - 2016-12-25 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2016-12-25 19:58 - 2016-12-25 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\McAfee
2016-12-25 19:15 - 2016-12-25 19:15 - 00001847 _____ C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
2016-12-25 19:15 - 2016-12-25 19:15 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
2016-12-25 18:29 - 2016-12-25 18:29 - 00000411 _____ C:\Documents and Settings\Meda Beda\Plocha\Zástupce - Pisnicky.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-18 22:36 - 2014-04-30 14:04 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\vlc
2017-02-18 17:43 - 2014-10-07 09:24 - 00016384 ____C C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-17 09:59 - 2014-04-27 17:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-02-16 12:45 - 2014-04-27 18:27 - 00048008 ____C C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2017-01-24 22:16 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Temp
2017-01-24 22:15 - 2014-04-27 17:21 - 00000000 ___HD C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací
2017-01-24 22:15 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Plocha
2017-01-24 22:13 - 2014-10-03 13:43 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-24 22:06 - 2014-04-29 21:19 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-24 21:30 - 2015-10-02 14:24 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\LogMeIn Hamachi
2017-01-24 21:30 - 2015-10-01 09:56 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2017-01-24 21:30 - 2014-11-06 13:31 - 00000208 _____ C:\WINDOWS\Tasks\AutoKMS.job
2017-01-24 21:30 - 2014-11-06 13:31 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2017-01-24 21:30 - 2014-11-06 13:30 - 00078848 _____ C:\WINDOWS\KMSEmulator.exe
2017-01-24 21:30 - 2014-10-03 13:43 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-24 21:29 - 2014-05-04 23:10 - 00000230 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2017-01-24 21:29 - 2014-04-27 17:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-24 21:28 - 2016-09-28 18:34 - 00000659 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast SafeZone 1 Browser.lnk
2017-01-24 21:28 - 2014-04-30 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\SweeetPlayer bundle
2017-01-24 21:28 - 2014-04-27 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-01-24 21:28 - 2014-04-27 17:21 - 00032638 _____ C:\WINDOWS\SchedLgU.Txt
2017-01-24 21:28 - 2014-04-27 17:21 - 00000178 ___SH C:\Documents and Settings\Meda Beda\ntuser.ini
2017-01-24 21:28 - 2014-04-27 17:16 - 00000000 ____D C:\Program Files\Common Files\Services
2017-01-24 21:26 - 2014-04-27 19:06 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-01-24 19:02 - 2016-09-02 14:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-24 19:02 - 2014-10-03 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2017-01-24 19:02 - 2014-04-27 17:21 - 00000000 __RHD C:\Documents and Settings\Meda Beda\Data aplikací
2017-01-24 18:57 - 2014-04-27 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2017-01-24 18:50 - 2014-04-27 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2017-01-24 18:50 - 2014-04-27 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2017-01-24 18:48 - 2014-04-29 21:19 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-01-24 18:48 - 2014-04-29 21:19 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-01-24 18:48 - 2014-04-27 17:16 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-24 18:47 - 2014-04-27 18:56 - 00000000 ___HD C:\WINDOWS\inf
2017-01-24 18:38 - 2014-10-03 13:42 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-24 15:40 - 2014-04-27 17:21 - 00001113 _____ C:\Documents and Settings\Meda Beda\Nabídka Start\Programy\Internet Explorer.lnk
2017-01-24 15:40 - 2014-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\Meda Beda\Nabídka Start\Programy
2017-01-24 14:39 - 2006-03-02 13:00 - 00011936 _____ C:\WINDOWS\system32\wpa.dbl
2017-01-22 14:18 - 2014-05-01 19:09 - 01072544 ____C C:\WINDOWS\system32\nvdrsdb1.bin
2017-01-22 14:18 - 2014-05-01 19:09 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2017-01-22 14:18 - 2014-05-01 19:09 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2017-01-21 14:20 - 2014-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\Meda Beda\Dokumenty
2017-01-21 14:16 - 2014-04-27 19:08 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2017-01-21 14:14 - 2014-04-27 18:56 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-01-21 14:13 - 2014-04-27 17:17 - 00000000 ____D C:\WINDOWS\system32\DirectX
2017-01-21 09:44 - 2014-04-29 21:18 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Adobe
2017-01-21 00:16 - 2014-09-17 23:49 - 01316886 ____C C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-436374069-1580436667-682003330-1004-0.dat
2017-01-21 00:16 - 2014-09-17 23:49 - 00218878 ____C C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2017-01-20 21:40 - 2014-05-16 10:59 - 00000069 ____C C:\WINDOWS\NeroDigital.ini
2017-01-20 21:30 - 2014-04-27 19:08 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2017-01-20 21:22 - 2016-09-30 14:42 - 00000000 ____D C:\Documents and Settings\Meda Beda\Plocha\Dokumenty
2017-01-10 20:42 - 2014-10-06 15:45 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2017-01-10 13:40 - 2014-04-27 19:05 - 00199344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-09 18:10 - 2014-04-27 17:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2017-01-09 18:09 - 2014-04-27 18:56 - 00000000 ____D C:\WINDOWS\pchealth
2016-12-29 06:08 - 2016-09-02 12:03 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Data aplikací\LogMeIn Hamachi
2016-12-27 20:40 - 2014-05-21 09:34 - 00000151 ____C C:\WINDOWS\PhotoSnapViewer.INI
2016-12-26 23:40 - 2014-04-27 19:08 - 00957483 ____C C:\WINDOWS\FaxSetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00466742 ____C C:\WINDOWS\ocgen.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00368313 ____C C:\WINDOWS\tsoc.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00326802 ____C C:\WINDOWS\comsetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00196320 ____C C:\WINDOWS\ntdtcsetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00148725 ____C C:\WINDOWS\iis6.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00059762 ____C C:\WINDOWS\ocmsn.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00047974 ____C C:\WINDOWS\msgsocm.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00001393 _____ C:\WINDOWS\imsins.log
2016-12-25 20:29 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2016-12-25 20:28 - 2006-03-02 13:00 - 00000766 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-25 19:58 - 2014-04-27 17:53 - 00000000 ____D C:\Documents and Settings\Meda Beda\Dokumenty\Stažené soubory
2016-12-25 19:15 - 2014-10-03 13:43 - 00000000 ____D C:\Program Files\Google
2016-12-25 18:14 - 2014-10-16 14:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-25 18:08 - 2014-04-27 19:06 - 01175680 _____ C:\WINDOWS\setupapi.log.0.old
2016-12-25 18:07 - 2014-10-16 14:13 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2014-10-07 09:24 - 2017-02-18 17:43 - 0016384 ____C () C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2016-03-04 13:31 - 2016-03-04 13:31 - 1004224 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\AppInstaller.exe
2017-01-21 14:12 - 2005-11-03 20:52 - 0729088 _____ (Electronic Arts Inc.) C:\Documents and Settings\Meda Beda\Local Settings\Temp\AutoRun.exe
2017-01-21 14:12 - 2005-10-13 23:02 - 0585728 _____ (Electronic Arts Inc.) C:\Documents and Settings\Meda Beda\Local Settings\Temp\AutoRunGUI.dll
2016-09-28 21:56 - 2000-04-06 05:00 - 0263168 ____N () C:\Documents and Settings\Meda Beda\Local Settings\Temp\binkw32.dll
2017-01-20 21:28 - 2017-01-20 21:28 - 0102912 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\bitool.dll
2016-09-28 21:56 - 2001-05-09 17:19 - 0352256 ____N (Blizzard Entertainment) C:\Documents and Settings\Meda Beda\Local Settings\Temp\d2l_Install.exe
2017-01-23 12:38 - 2017-01-23 12:38 - 26967248 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\inst12.exe
2014-04-27 17:55 - 2007-01-09 13:59 - 0145184 ___RC (Microsoft Corporation) C:\Documents and Settings\Meda Beda\Local Settings\Temp\ose00000.exe
2016-10-01 15:44 - 2016-12-25 18:11 - 1409992 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\Update.exe
2016-09-28 18:24 - 2014-12-11 14:36 - 0364544 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\_unps.exe
2017-01-24 15:53 - 2017-01-24 15:53 - 0534528 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:19.53 GB) (Free:1.68 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (disk) (Fixed) (Total:278.55 GB) (Free:253.36 GB) NTFS
Drive f: (NFS_Most_Wanted) (CDROM) (Total:2.16 GB) (Free:0 GB) CDFS
Available physical RAM: 1237.44 MB
Total physical RAM: 1983.48 MB
Percentage of memory in use: 37%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 298.1 GB) (Disk ID: 31553155)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=278.5 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\Clokisevuboly Reports.job => C:\Program Files\Momicultckerticult\nobent.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Meda Beda\Plocha" je 11 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Czechcrowncoin\\czechcrowncoin-qt.exe"="C:\\Program Files\\Czechcrowncoin\\czechcrowncoin-qt.exe:*:Enabled:Czechcrowncoin-Qt (OSS GUI client for Czechcrowncoin)"
"C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"="C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe:*:Disabled:EEventManager Application"
"D:\\Diablo II\\Game.exe"="D:\\Diablo II\\Game.exe:*:Enabled:Diablo II"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Meda Beda (administrator) on MEDABEDA (24-01-2017 22:15:58)
Running from C:\Documents and Settings\Meda Beda\Plocha
Loaded Profiles: Meda Beda (Available Profiles: Meda Beda)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
() C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\Meda Beda\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mouseElf] => C:\Program Files\KYE\Genius NetScroll Optical Mouse\MouseElf.exe [151552 2002-05-20] (Genius)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [94208 2006-04-21] (Nero AG)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3281600 2016-03-03] (Disc Soft Ltd)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {3b1936ec-a562-11e4-a8cb-001d7da85684} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad538-f77e-11e6-a97f-027005651504} - F:\Autorun.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad53b-f77e-11e6-a97f-027005651504} - G:\Setup.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d7-c97a-11e6-a95e-001d7da85684} - F:\Startme.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d8-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0dd-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0eb-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {c6002941-7f90-11e4-a8b9-001d7da85684} - F:\Lenovo_Suite.exe
HKLM\...\Providers\vh9ggz5t: C:\Program Files\Clokisevuboly Reports\local32spl.dll [272384 2017-01-20] ()
ShellExecuteHooks: No Name - {C37C42DA-DC66-11E6-A37E-64006A5CFC23} - C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly\Casuch.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk [2014-10-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0E9FDCD7-E94B-48C8-9673-FC1AFA961758}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
URLSearchHook: [S-1-5-21-436374069-1580436667-682003330-1004] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1398617036040
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1398617119478
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default [2017-01-24]
FF NewTab: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> about:newtab
FF DefaultSearchEngine: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF DefaultSearchUrl: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF SelectedSearchEngine: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF Homepage: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxps://www.seznam.cz/?clid=22668
FF Keyword.URL: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Extension: (uBlock Origin) - C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\Extensions\uBlock0@raymondhill.net.xpi [2016-12-28]
FF Extension: (SweetPacks Toolbar for Firefox) - C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2014-04-30] [not signed]
FF SearchPlugin: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\searchplugins\amisites.xml [2017-01-24]
FF SearchPlugin: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\searchplugins\seznam-avast.xml [2017-01-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-05] [not signed]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-01-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-21] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Dihughterjecult; C:\Program Files\Momicultckerticult\ghezutyferdeingUpdate.dll [136192 2017-01-20] () [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082560 2016-03-03] (Disc Soft Ltd) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1962504 2016-11-11] (LogMeIn Inc.)
R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2016-08-26] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-11-11] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [26168 2017-01-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [40504 2017-01-20] (Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\DRIVERS\ew_usbccgpfilter.sys [15360 2016-05-25] (Huawei Technologies Co., Ltd.)
S3 genmcmn; C:\WINDOWS\System32\DRIVERS\gmfiltr.sys [6656 2002-05-17] (Genius) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2015-08-03] (LogMeIn, Inc.)
S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [9216 2010-02-22] (MBB Incorporated)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
U0 aswVmm; no ImagePath
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2016-05-25] (Huawei Technologies Co., Ltd.)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-20 21:13 - 2017-02-20 21:13 - 00000000 ____D C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP
2017-02-20 21:13 - 2017-02-20 21:13 - 00000000 ____D C:\Program Files\File Association Helper
2017-02-20 18:46 - 2017-01-20 21:38 - 00002562 _____ C:\WINDOWS\diagwrn.xml
2017-02-20 18:46 - 2017-01-20 21:38 - 00001908 _____ C:\WINDOWS\diagerr.xml
2017-01-24 21:25 - 2017-01-24 21:28 - 00000000 ____D C:\AdwCleaner
2017-01-24 21:25 - 2017-01-24 21:25 - 03988944 _____ C:\Documents and Settings\Meda Beda\Plocha\adwcleaner_6.042.exe
2017-01-24 19:43 - 2017-01-24 22:16 - 00015236 _____ C:\Documents and Settings\Meda Beda\Plocha\FRST.txt
2017-01-24 19:42 - 2017-01-24 22:15 - 00000000 ____D C:\FRST
2017-01-24 19:40 - 2017-01-24 19:40 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Meda Beda\Plocha\FRSTLauncher.exe
2017-01-24 19:39 - 2017-01-24 19:39 - 01762816 _____ (Farbar) C:\Documents and Settings\Meda Beda\Plocha\FRST.exe
2017-01-24 19:00 - 2017-01-24 19:00 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\MFAData
2017-01-24 19:00 - 2017-01-24 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MFAData
2017-01-24 18:55 - 2017-01-24 19:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avg
2017-01-24 18:54 - 2017-01-24 19:34 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\AvgSetupLog
2017-01-24 18:54 - 2017-01-24 18:54 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Avg
2017-01-23 12:37 - 2017-01-23 12:37 - 00000000 ____D C:\Program Files\vh9ggz5t
2017-01-21 14:20 - 2017-01-21 14:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Dokumenty\NFS Most Wanted
2017-01-21 14:20 - 2017-01-21 14:20 - 00000548 _____ C:\Documents and Settings\All Users\Plocha\Need for Speed™ Most Wanted.lnk
2017-01-21 14:20 - 2017-01-21 14:20 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\EA GAMES
2017-01-21 14:14 - 2017-01-21 14:14 - 00000000 ____D C:\WINDOWS\RegisteredPackages
2017-01-21 14:14 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-01-21 14:13 - 2004-07-19 16:19 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax
2017-01-21 14:13 - 2004-07-19 16:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax
2017-01-21 14:13 - 2004-07-09 04:27 - 00381952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dsound.dll
2017-01-21 14:13 - 2004-07-09 04:27 - 00292864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddraw.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 01230336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msvidctl.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00354816 ____C C:\WINDOWS\system32\dllcache\psisdecd.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00354816 _____ C:\WINDOWS\system32\psisdecd.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00226304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nabtsfec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00052224 ____C C:\WINDOWS\system32\dllcache\msdvbnp.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00052224 _____ C:\WINDOWS\system32\msdvbnp.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00052096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msdv.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00039424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00030208 ____C C:\WINDOWS\system32\dllcache\psisrndr.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00030208 _____ C:\WINDOWS\system32\psisrndr.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00018688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wstcodec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdaplgin.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ccdecode.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00015104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00015104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpe.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\streamip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsink.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00011392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bdasup.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\slip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndisip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisip.sys
2017-01-21 14:13 - 2003-05-30 09:00 - 00797184 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\d3dim700.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdllreg.exe
2017-01-21 14:13 - 2002-12-12 00:14 - 00024064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddrawex.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksolay.ax
2017-01-21 14:13 - 2002-12-12 00:14 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\d3d8thk.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstee.sys
2017-01-21 14:13 - 2002-12-12 00:14 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mstee.sys
2017-01-21 14:13 - 2002-08-29 03:40 - 00667648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dinput8.dll
2017-01-20 21:31 - 2017-01-20 21:31 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Disc_Soft_Ltd
2017-01-20 21:30 - 2017-01-20 21:30 - 00000426 _____ C:\WINDOWS\Tasks\Clokisevuboly Reports.job
2017-01-20 21:30 - 2017-01-20 21:30 - 00000000 ____D C:\Program Files\Clokisevuboly Reports
2017-01-20 21:30 - 2017-01-20 21:30 - 00000000 ____D C:\Documents and Settings\All Users\Dokumenty\Daemon Tools Images
2017-01-20 21:29 - 2017-01-24 14:39 - 00000000 ____D C:\Program Files\Momicultckerticult
2017-01-20 21:29 - 2017-01-21 16:35 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly
2017-01-20 21:29 - 2017-01-20 21:29 - 00040504 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-01-20 21:29 - 2017-01-20 21:29 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Gropsycerjaly
2017-01-20 21:28 - 2017-01-21 09:41 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:31 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:28 - 00026168 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-01-20 21:28 - 2017-01-20 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2017-01-20 21:23 - 2017-01-24 15:56 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\Seznam.cz
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Program Files\Seznam.cz
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Program Files\7-Zip
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\7-Zip
2017-01-20 21:20 - 2017-01-20 21:20 - 00000000 ____D C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP
2017-01-20 21:20 - 2017-01-20 21:20 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\UniqueId
2016-12-29 06:08 - 2016-12-29 06:08 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2016-12-29 06:08 - 2016-12-29 06:08 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\LogMeIn Hamachi
2016-12-26 23:40 - 2016-12-26 23:40 - 00004707 _____ C:\WINDOWS\KB2884256.log
2016-12-26 23:40 - 2016-12-26 23:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2016-12-25 20:29 - 2016-12-25 20:29 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\McAfee
2016-12-25 20:28 - 2016-12-25 20:28 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus
2016-12-25 19:58 - 2016-12-25 20:28 - 00001812 _____ C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
2016-12-25 19:58 - 2016-12-25 20:28 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-25 19:58 - 2016-12-25 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2016-12-25 19:58 - 2016-12-25 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\McAfee
2016-12-25 19:15 - 2016-12-25 19:15 - 00001847 _____ C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
2016-12-25 19:15 - 2016-12-25 19:15 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
2016-12-25 18:29 - 2016-12-25 18:29 - 00000411 _____ C:\Documents and Settings\Meda Beda\Plocha\Zástupce - Pisnicky.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-18 22:36 - 2014-04-30 14:04 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\vlc
2017-02-18 17:43 - 2014-10-07 09:24 - 00016384 ____C C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-17 09:59 - 2014-04-27 17:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-02-16 12:45 - 2014-04-27 18:27 - 00048008 ____C C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2017-01-24 22:16 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Temp
2017-01-24 22:15 - 2014-04-27 17:21 - 00000000 ___HD C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací
2017-01-24 22:15 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Plocha
2017-01-24 22:13 - 2014-10-03 13:43 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-24 22:06 - 2014-04-29 21:19 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-24 21:30 - 2015-10-02 14:24 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\LogMeIn Hamachi
2017-01-24 21:30 - 2015-10-01 09:56 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2017-01-24 21:30 - 2014-11-06 13:31 - 00000208 _____ C:\WINDOWS\Tasks\AutoKMS.job
2017-01-24 21:30 - 2014-11-06 13:31 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2017-01-24 21:30 - 2014-11-06 13:30 - 00078848 _____ C:\WINDOWS\KMSEmulator.exe
2017-01-24 21:30 - 2014-10-03 13:43 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-24 21:29 - 2014-05-04 23:10 - 00000230 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2017-01-24 21:29 - 2014-04-27 17:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-24 21:28 - 2016-09-28 18:34 - 00000659 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast SafeZone 1 Browser.lnk
2017-01-24 21:28 - 2014-04-30 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\SweeetPlayer bundle
2017-01-24 21:28 - 2014-04-27 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-01-24 21:28 - 2014-04-27 17:21 - 00032638 _____ C:\WINDOWS\SchedLgU.Txt
2017-01-24 21:28 - 2014-04-27 17:21 - 00000178 ___SH C:\Documents and Settings\Meda Beda\ntuser.ini
2017-01-24 21:28 - 2014-04-27 17:16 - 00000000 ____D C:\Program Files\Common Files\Services
2017-01-24 21:26 - 2014-04-27 19:06 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-01-24 19:02 - 2016-09-02 14:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-24 19:02 - 2014-10-03 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2017-01-24 19:02 - 2014-04-27 17:21 - 00000000 __RHD C:\Documents and Settings\Meda Beda\Data aplikací
2017-01-24 18:57 - 2014-04-27 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2017-01-24 18:50 - 2014-04-27 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2017-01-24 18:50 - 2014-04-27 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2017-01-24 18:48 - 2014-04-29 21:19 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-01-24 18:48 - 2014-04-29 21:19 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-01-24 18:48 - 2014-04-27 17:16 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-24 18:47 - 2014-04-27 18:56 - 00000000 ___HD C:\WINDOWS\inf
2017-01-24 18:38 - 2014-10-03 13:42 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-24 15:40 - 2014-04-27 17:21 - 00001113 _____ C:\Documents and Settings\Meda Beda\Nabídka Start\Programy\Internet Explorer.lnk
2017-01-24 15:40 - 2014-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\Meda Beda\Nabídka Start\Programy
2017-01-24 14:39 - 2006-03-02 13:00 - 00011936 _____ C:\WINDOWS\system32\wpa.dbl
2017-01-22 14:18 - 2014-05-01 19:09 - 01072544 ____C C:\WINDOWS\system32\nvdrsdb1.bin
2017-01-22 14:18 - 2014-05-01 19:09 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2017-01-22 14:18 - 2014-05-01 19:09 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2017-01-21 14:20 - 2014-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\Meda Beda\Dokumenty
2017-01-21 14:16 - 2014-04-27 19:08 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2017-01-21 14:14 - 2014-04-27 18:56 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-01-21 14:13 - 2014-04-27 17:17 - 00000000 ____D C:\WINDOWS\system32\DirectX
2017-01-21 09:44 - 2014-04-29 21:18 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Adobe
2017-01-21 00:16 - 2014-09-17 23:49 - 01316886 ____C C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-436374069-1580436667-682003330-1004-0.dat
2017-01-21 00:16 - 2014-09-17 23:49 - 00218878 ____C C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2017-01-20 21:40 - 2014-05-16 10:59 - 00000069 ____C C:\WINDOWS\NeroDigital.ini
2017-01-20 21:30 - 2014-04-27 19:08 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2017-01-20 21:22 - 2016-09-30 14:42 - 00000000 ____D C:\Documents and Settings\Meda Beda\Plocha\Dokumenty
2017-01-10 20:42 - 2014-10-06 15:45 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2017-01-10 13:40 - 2014-04-27 19:05 - 00199344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-09 18:10 - 2014-04-27 17:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2017-01-09 18:09 - 2014-04-27 18:56 - 00000000 ____D C:\WINDOWS\pchealth
2016-12-29 06:08 - 2016-09-02 12:03 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Data aplikací\LogMeIn Hamachi
2016-12-27 20:40 - 2014-05-21 09:34 - 00000151 ____C C:\WINDOWS\PhotoSnapViewer.INI
2016-12-26 23:40 - 2014-04-27 19:08 - 00957483 ____C C:\WINDOWS\FaxSetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00466742 ____C C:\WINDOWS\ocgen.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00368313 ____C C:\WINDOWS\tsoc.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00326802 ____C C:\WINDOWS\comsetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00196320 ____C C:\WINDOWS\ntdtcsetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00148725 ____C C:\WINDOWS\iis6.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00059762 ____C C:\WINDOWS\ocmsn.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00047974 ____C C:\WINDOWS\msgsocm.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00001393 _____ C:\WINDOWS\imsins.log
2016-12-25 20:29 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2016-12-25 20:28 - 2006-03-02 13:00 - 00000766 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-25 19:58 - 2014-04-27 17:53 - 00000000 ____D C:\Documents and Settings\Meda Beda\Dokumenty\Stažené soubory
2016-12-25 19:15 - 2014-10-03 13:43 - 00000000 ____D C:\Program Files\Google
2016-12-25 18:14 - 2014-10-16 14:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-25 18:08 - 2014-04-27 19:06 - 01175680 _____ C:\WINDOWS\setupapi.log.0.old
2016-12-25 18:07 - 2014-10-16 14:13 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2014-10-07 09:24 - 2017-02-18 17:43 - 0016384 ____C () C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2016-03-04 13:31 - 2016-03-04 13:31 - 1004224 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\AppInstaller.exe
2017-01-21 14:12 - 2005-11-03 20:52 - 0729088 _____ (Electronic Arts Inc.) C:\Documents and Settings\Meda Beda\Local Settings\Temp\AutoRun.exe
2017-01-21 14:12 - 2005-10-13 23:02 - 0585728 _____ (Electronic Arts Inc.) C:\Documents and Settings\Meda Beda\Local Settings\Temp\AutoRunGUI.dll
2016-09-28 21:56 - 2000-04-06 05:00 - 0263168 ____N () C:\Documents and Settings\Meda Beda\Local Settings\Temp\binkw32.dll
2017-01-20 21:28 - 2017-01-20 21:28 - 0102912 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\bitool.dll
2016-09-28 21:56 - 2001-05-09 17:19 - 0352256 ____N (Blizzard Entertainment) C:\Documents and Settings\Meda Beda\Local Settings\Temp\d2l_Install.exe
2017-01-23 12:38 - 2017-01-23 12:38 - 26967248 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\inst12.exe
2014-04-27 17:55 - 2007-01-09 13:59 - 0145184 ___RC (Microsoft Corporation) C:\Documents and Settings\Meda Beda\Local Settings\Temp\ose00000.exe
2016-10-01 15:44 - 2016-12-25 18:11 - 1409992 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\Update.exe
2016-09-28 18:24 - 2014-12-11 14:36 - 0364544 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\_unps.exe
2017-01-24 15:53 - 2017-01-24 15:53 - 0534528 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:19.53 GB) (Free:1.68 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (disk) (Fixed) (Total:278.55 GB) (Free:253.36 GB) NTFS
Drive f: (NFS_Most_Wanted) (CDROM) (Total:2.16 GB) (Free:0 GB) CDFS
Available physical RAM: 1237.44 MB
Total physical RAM: 1983.48 MB
Percentage of memory in use: 37%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 298.1 GB) (Disk ID: 31553155)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=278.5 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\Clokisevuboly Reports.job => C:\Program Files\Momicultckerticult\nobent.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Meda Beda\Plocha" je 11 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Czechcrowncoin\\czechcrowncoin-qt.exe"="C:\\Program Files\\Czechcrowncoin\\czechcrowncoin-qt.exe:*:Enabled:Czechcrowncoin-Qt (OSS GUI client for Czechcrowncoin)"
"C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"="C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe:*:Disabled:EEventManager Application"
"D:\\Diablo II\\Game.exe"="D:\\Diablo II\\Game.exe:*:Enabled:Diablo II"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na přítomnost viru
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {3b1936ec-a562-11e4-a8cb-001d7da85684} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad538-f77e-11e6-a97f-027005651504} - F:\Autorun.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad53b-f77e-11e6-a97f-027005651504} - G:\Setup.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d7-c97a-11e6-a95e-001d7da85684} - F:\Startme.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d8-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0dd-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0eb-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {c6002941-7f90-11e4-a8b9-001d7da85684} - F:\Lenovo_Suite.exe
ShellExecuteHooks: No Name - {C37C42DA-DC66-11E6-A37E-64006A5CFC23} - C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly\Casuch.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: [S-1-5-21-436374069-1580436667-682003330-1004] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
U0 aswVmm; no ImagePath
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP
C:\Documents and Settings\LocalService\Data aplikací\McAfee
C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus
C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
C:\Documents and Settings\All Users\Data aplikací\McAfee
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\AutoKMS.job
C:\WINDOWS\KMSEmulator.exe
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Meda Beda\Local Settings\Temp
C:\WINDOWS\AutoKMS.exe
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření na přítomnost viru
Fix result of Farbar Recovery Scan Tool (x86) Version: 22-01-2017
Ran by Meda Beda (24-01-2017 22:45:15) Run:1
Running from C:\Documents and Settings\Meda Beda\Plocha
Loaded Profiles: Meda Beda (Available Profiles: Meda Beda)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {3b1936ec-a562-11e4-a8cb-001d7da85684} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad538-f77e-11e6-a97f-027005651504} - F:\Autorun.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad53b-f77e-11e6-a97f-027005651504} - G:\Setup.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d7-c97a-11e6-a95e-001d7da85684} - F:\Startme.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d8-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0dd-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0eb-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {c6002941-7f90-11e4-a8b9-001d7da85684} - F:\Lenovo_Suite.exe
ShellExecuteHooks: No Name - {C37C42DA-DC66-11E6-A37E-64006A5CFC23} - C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly\Casuch.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: [S-1-5-21-436374069-1580436667-682003330-1004] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
U0 aswVmm; no ImagePath
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP
C:\Documents and Settings\LocalService\Data aplikací\McAfee
C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus
C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
C:\Documents and Settings\All Users\Data aplikací\McAfee
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\AutoKMS.job
C:\WINDOWS\KMSEmulator.exe
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Meda Beda\Local Settings\Temp
C:\WINDOWS\AutoKMS.exe
EmptyTemp:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => value removed successfully.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b1936ec-a562-11e4-a8cb-001d7da85684} => key removed successfully.
HKCR\CLSID\{3b1936ec-a562-11e4-a8cb-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{649ad538-f77e-11e6-a97f-027005651504} => key removed successfully.
HKCR\CLSID\{649ad538-f77e-11e6-a97f-027005651504} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{649ad53b-f77e-11e6-a97f-027005651504} => key removed successfully.
HKCR\CLSID\{649ad53b-f77e-11e6-a97f-027005651504} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0d7-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0d7-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0d8-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0d8-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0dd-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0dd-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0eb-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0eb-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} => key removed successfully.
HKCR\CLSID\{9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6002941-7f90-11e4-a8b9-001d7da85684} => key removed successfully.
HKCR\CLSID\{c6002941-7f90-11e4-a8b9-001d7da85684} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} => value removed successfully.
HKCR\CLSID\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk => moved successfully
C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe => moved successfully
"C:\Program Files\McAfee Security Scan" folder move:
Could not move "C:\Program Files\McAfee Security Scan" => Scheduled to move on reboot.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\System\CurrentControlSet\Services\McComponentHostService => key removed successfully.
McComponentHostService => service removed successfully.
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully.
aswVmm => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP => moved successfully
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP => moved successfully
C:\Documents and Settings\LocalService\Data aplikací\McAfee => moved successfully
C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus => moved successfully
C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk => moved successfully
C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan => moved successfully
C:\Documents and Settings\All Users\Data aplikací\McAfee => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\AutoKMS.job => moved successfully
C:\WINDOWS\KMSEmulator.exe => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Documents and Settings\Meda Beda\Local Settings\Temp => moved successfully
C:\WINDOWS\AutoKMS.exe => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 13616 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 194846 B
Java, Flash, Steam htmlcache => 45790 B
Windows/system/dllcache/drivers => 127707708 B
Edge => 0 B
Chrome => 0 B
Firefox => 271962369 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 320328802 B
LocalService => 66744 B
NetworkService => 66167 B
Meda Beda => 18613206 B
RecycleBin => 0 B
EmptyTemp: => 704.8 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-01-2017 22:47:33)
C:\Program Files\McAfee Security Scan => moved successfully
==== End of Fixlog 22:47:33 ====
Ran by Meda Beda (24-01-2017 22:45:15) Run:1
Running from C:\Documents and Settings\Meda Beda\Plocha
Loaded Profiles: Meda Beda (Available Profiles: Meda Beda)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {3b1936ec-a562-11e4-a8cb-001d7da85684} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad538-f77e-11e6-a97f-027005651504} - F:\Autorun.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad53b-f77e-11e6-a97f-027005651504} - G:\Setup.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d7-c97a-11e6-a95e-001d7da85684} - F:\Startme.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d8-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0dd-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0eb-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {c6002941-7f90-11e4-a8b9-001d7da85684} - F:\Lenovo_Suite.exe
ShellExecuteHooks: No Name - {C37C42DA-DC66-11E6-A37E-64006A5CFC23} - C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly\Casuch.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: [S-1-5-21-436374069-1580436667-682003330-1004] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
U0 aswVmm; no ImagePath
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP
C:\Documents and Settings\LocalService\Data aplikací\McAfee
C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus
C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
C:\Documents and Settings\All Users\Data aplikací\McAfee
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\AutoKMS.job
C:\WINDOWS\KMSEmulator.exe
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Meda Beda\Local Settings\Temp
C:\WINDOWS\AutoKMS.exe
EmptyTemp:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => value removed successfully.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b1936ec-a562-11e4-a8cb-001d7da85684} => key removed successfully.
HKCR\CLSID\{3b1936ec-a562-11e4-a8cb-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{649ad538-f77e-11e6-a97f-027005651504} => key removed successfully.
HKCR\CLSID\{649ad538-f77e-11e6-a97f-027005651504} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{649ad53b-f77e-11e6-a97f-027005651504} => key removed successfully.
HKCR\CLSID\{649ad53b-f77e-11e6-a97f-027005651504} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0d7-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0d7-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0d8-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0d8-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0dd-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0dd-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0eb-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0eb-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} => key removed successfully.
HKCR\CLSID\{9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6002941-7f90-11e4-a8b9-001d7da85684} => key removed successfully.
HKCR\CLSID\{c6002941-7f90-11e4-a8b9-001d7da85684} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} => value removed successfully.
HKCR\CLSID\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk => moved successfully
C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe => moved successfully
"C:\Program Files\McAfee Security Scan" folder move:
Could not move "C:\Program Files\McAfee Security Scan" => Scheduled to move on reboot.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\System\CurrentControlSet\Services\McComponentHostService => key removed successfully.
McComponentHostService => service removed successfully.
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully.
aswVmm => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP => moved successfully
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP => moved successfully
C:\Documents and Settings\LocalService\Data aplikací\McAfee => moved successfully
C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus => moved successfully
C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk => moved successfully
C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan => moved successfully
C:\Documents and Settings\All Users\Data aplikací\McAfee => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\AutoKMS.job => moved successfully
C:\WINDOWS\KMSEmulator.exe => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Documents and Settings\Meda Beda\Local Settings\Temp => moved successfully
C:\WINDOWS\AutoKMS.exe => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 13616 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 194846 B
Java, Flash, Steam htmlcache => 45790 B
Windows/system/dllcache/drivers => 127707708 B
Edge => 0 B
Chrome => 0 B
Firefox => 271962369 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 320328802 B
LocalService => 66744 B
NetworkService => 66167 B
Meda Beda => 18613206 B
RecycleBin => 0 B
EmptyTemp: => 704.8 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-01-2017 22:47:33)
C:\Program Files\McAfee Security Scan => moved successfully
==== End of Fixlog 22:47:33 ====
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na přítomnost viru
Smazáno, log by již měl být OK. Podezření trvá?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření na přítomnost viru
Podezření stále trva ,při otevřeni firefox se mi místo nastavene domovske stránky seznam.cz otevře nějaký Amisites, a když chci něco vyhledat otevře se mi web FVP . Nevím si s tím vůbec rady. Prosím o radu co s tím? Už jsem přemýšlela i o odinstalaci firefoxu a naistalaci znovu.Ale zdá se mi to dost asi zbytečné pokud to jde odstranit jinak.
Děkuji za pomoc
Hezký večer Ell
Děkuji za pomoc
Hezký večer Ell
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na přítomnost viru
Zkuste ještě tyto skeny:
1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření na přítomnost viru
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Meda Beda on st 25.01.2017 at 22:31:56,68.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Meda Beda\Plocha\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
25.1.2017 22:32:33 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\Program Files\T-Mobile deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Avg deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC0F8E-1F0D-43F9-920E-C4E3CB851958} deleted successfully
HKEY_USERS\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2CB0C4C-9B05-4D95-A204-C29B14B10801} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Program Files\T-Mobile not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\Documents and Settings\Meda Beda\.android deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604} deleted
C:\WINDOWS\002613_.tmp deleted
C:\WINDOWS\SET21.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\System32\SET1A8.tmp deleted
C:\WINDOWS\System32\SET1AC.tmp deleted
C:\WINDOWS\System32\SET1AD.tmp deleted
C:\WINDOWS\System32\SET1B4.tmp deleted
"C:\WINDOWS\Installer\8b1a85.msi" deleted
"C:\Program Files\Clokisevuboly Reports\local32spl.dll" deleted
"C:\Program Files\Clokisevuboly Reports" not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"e-webprint@epson.com"="C:\Program Files\Epson Software\E-Web Print\Firefox Add-on" [21.01.2015 12:57]
==== Chromium Look ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/?clid=22668"
"Search Page"="http://search.seznam.cz/?sourceid=quick ... earchTerms}"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://search.seznam.cz/?sourceid=quick ... earchTerms}"
"Start Page"="https://www.seznam.cz/?clid=22668"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... rer:source?}
HKLM\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} - http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKCU\SearchScopes "DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} - http://search.seznam.cz/?sourceid=quick ... earchTerms}
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Meda Beda\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=16 folders=7 8903414 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\MEDABE~1\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\Meda Beda\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\Clokisevuboly Reports" not found
==== EOF on st 25.01.2017 at 22:43:25,84 ======================
Tool run by Meda Beda on st 25.01.2017 at 22:31:56,68.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Meda Beda\Plocha\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
25.1.2017 22:32:33 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\Program Files\T-Mobile deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Avg deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC0F8E-1F0D-43F9-920E-C4E3CB851958} deleted successfully
HKEY_USERS\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2CB0C4C-9B05-4D95-A204-C29B14B10801} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Program Files\T-Mobile not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\Documents and Settings\Meda Beda\.android deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604} deleted
C:\WINDOWS\002613_.tmp deleted
C:\WINDOWS\SET21.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\System32\SET1A8.tmp deleted
C:\WINDOWS\System32\SET1AC.tmp deleted
C:\WINDOWS\System32\SET1AD.tmp deleted
C:\WINDOWS\System32\SET1B4.tmp deleted
"C:\WINDOWS\Installer\8b1a85.msi" deleted
"C:\Program Files\Clokisevuboly Reports\local32spl.dll" deleted
"C:\Program Files\Clokisevuboly Reports" not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"e-webprint@epson.com"="C:\Program Files\Epson Software\E-Web Print\Firefox Add-on" [21.01.2015 12:57]
==== Chromium Look ======================
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/?clid=22668"
"Search Page"="http://search.seznam.cz/?sourceid=quick ... earchTerms}"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://search.seznam.cz/?sourceid=quick ... earchTerms}"
"Start Page"="https://www.seznam.cz/?clid=22668"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... rer:source?}
HKLM\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} - http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKCU\SearchScopes "DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} - http://search.seznam.cz/?sourceid=quick ... earchTerms}
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Meda Beda\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=16 folders=7 8903414 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\MEDABE~1\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\Meda Beda\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\Clokisevuboly Reports" not found
==== EOF on st 25.01.2017 at 22:43:25,84 ======================
Re: Podezření na přítomnost viru
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Microsoft Windows XP x86
Ran by Meda Beda (Administrator) on st 25.01.2017 at 22:47:01,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 11
Successfully deleted: C:\Documents and Settings\Meda Beda\Data aplikacˇ\Mozilla\Firefox\Profiles\8ofu8nur.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi (File)
Successfully deleted: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job (Task)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7PZ06OKY (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVLZHVWU (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OFACG1J7 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XVKUBAHZ (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\ytd (Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7PZ06OKY (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IVLZHVWU (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OFACG1J7 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XVKUBAHZ (Temporary Internet Files Folder)
Deleted the following from C:\Documents and Settings\Meda Beda\Data aplikacˇ\Mozilla\Firefox\Profiles\8ofu8nur.default\prefs.js
user_pref(CT3329621.FF19Solved, true);
user_pref(CT3329621.UserID, UN21354768081148019);
user_pref(CT3329621.dum, 2);
user_pref(CT3329621.fullUserID, UN21354768081148019.IN.20141008161926);
user_pref(CT3329621.installDate, 08/10/2014 16:19:31);
user_pref(CT3329621.installSessionId, 9e0e2e37-e501-4698-b296-95503a92f984);
user_pref(CT3329621.installSp, FALSE);
user_pref(CT3329621.installerVersion, 1.11.0.11);
user_pref(CT3329621.searchRevert, false);
user_pref(CT3329621.searchUninstallUserMode, 4);
user_pref(CT3329621.searchUserMode, 4);
user_pref(CT3329621.toolbarInstallDate, 08-10-2014 16:19:27);
user_pref(CT3329621.versionFromInstaller, 10.34.0.3);
user_pref(CT3329621.xpeMode, 1);
user_pref(browser.search.defaulturl, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(keyword.URL, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(smartbar.machineId, S4K5JEARTJ4BHQYAKZE39QZ6VBZDCMZU6HC5I8YCQ1QLTJ2RMQNTRSO43IWLVXZYQSOICQXW6NC4B3PROVK7WA);
user_pref(sweetim.toolbar.RevertDialog.enable, false);
user_pref(sweetim.toolbar.SearchBoxLogo, yahoo.png);
user_pref(sweetim.toolbar.SearchBoxText, Search with Yahoo);
user_pref(sweetim.toolbar.UserSelectedSaveSettings, true);
user_pref(sweetim.toolbar.Visibility.VisibilityGuardLastUnHide, 0);
user_pref(sweetim.toolbar.Visibility.enable, true);
user_pref(sweetim.toolbar.Visibility.intervaldays, 7);
user_pref(sweetim.toolbar.cda.DisableOveride.enable, false);
user_pref(sweetim.toolbar.cda.HideOveride.enable, false);
user_pref(sweetim.toolbar.cda.RemoveOveride.enable, false);
user_pref(sweetim.toolbar.defaultProvider, yho);
user_pref(sweetim.toolbar.dialogs.0.enable, true);
user_pref(sweetim.toolbar.dialogs.0.handler, chrome://sim_toolbar_package/content/optionsdialog-handler.js);
user_pref(sweetim.toolbar.dialogs.0.height, 335);
user_pref(sweetim.toolbar.dialogs.0.id, id_options_dialog);
user_pref(sweetim.toolbar.dialogs.0.title, $string.config.label;);
user_pref(sweetim.toolbar.dialogs.0.url, hxxp://www.sweetim.com/simffbar/options_remote ... crg=$cargo;);
user_pref(sweetim.toolbar.dialogs.0.width, 761);
user_pref(sweetim.toolbar.dialogs.1.enable, true);
user_pref(sweetim.toolbar.dialogs.1.handler, chrome://sim_toolbar_package/content/exampledialog-handler.js);
user_pref(sweetim.toolbar.dialogs.1.height, 300);
user_pref(sweetim.toolbar.dialogs.1.id, id_example_dialog);
user_pref(sweetim.toolbar.dialogs.1.title, Example (unit-test) dialog);
user_pref(sweetim.toolbar.dialogs.1.url, chrome://sim_toolbar_package/content/exampledialog.html);
user_pref(sweetim.toolbar.dialogs.1.width, 500);
user_pref(sweetim.toolbar.dialogs.2.enable, true);
user_pref(sweetim.toolbar.dialogs.2.handler, chrome://sim_toolbar_package/content/cdadialog-handler.js);
user_pref(sweetim.toolbar.dialogs.2.height, 150);
user_pref(sweetim.toolbar.dialogs.2.id, id_dialog_hide_disable_remove);
user_pref(sweetim.toolbar.dialogs.2.title, Option Dialog);
user_pref(sweetim.toolbar.dialogs.2.url, hxxp://www.sweetim.com/simffbar/simcdadialog.asp);
user_pref(sweetim.toolbar.dialogs.2.width, 530);
user_pref(sweetim.toolbar.dnscatch.domain-blacklist, .*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref(sweetim.toolbar.highlight.colors, #FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0);
user_pref(sweetim.toolbar.keywordUrlGuard.enable, false);
user_pref(sweetim.toolbar.logger.ConsoleHandler.MinReportLevel, 7);
user_pref(sweetim.toolbar.logger.FileHandler.FileName, ff-toolbar.log);
user_pref(sweetim.toolbar.logger.FileHandler.MaxFileSize, 200000);
user_pref(sweetim.toolbar.logger.FileHandler.MinReportLevel, 7);
user_pref(sweetim.toolbar.mode.debug, false);
user_pref(sweetim.toolbar.newtab.created, false);
user_pref(sweetim.toolbar.newtab.enable, false);
user_pref(sweetim.toolbar.newtab.url, hxxp://mysearch.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=$cargo;);
user_pref(sweetim.toolbar.previous.keyword.URL, );
user_pref(sweetim.toolbar.rc.url, hxxp://www.sweetim.com/simffbar/rc.html?toolba ... our=$flavr;);
user_pref(sweetim.toolbar.scripts.0.addcontextdiv, true);
user_pref(sweetim.toolbar.scripts.0.callback, simVerification);
user_pref(sweetim.toolbar.scripts.0.domain-blacklist, );
user_pref(sweetim.toolbar.scripts.0.domain-whitelist, hxxp://(www.|apps.)?facebook\\.com.*);
user_pref(sweetim.toolbar.scripts.0.elementid, id_script_sim_fb);
user_pref(sweetim.toolbar.scripts.0.enable, false);
user_pref(sweetim.toolbar.scripts.0.id, id_script_fb);
user_pref(sweetim.toolbar.scripts.0.url, hxxp://sc.sweetim.com/apps/in/fb/infb.js);
user_pref(sweetim.toolbar.scripts.1.addcontextdiv, true);
user_pref(sweetim.toolbar.scripts.1.callback, simVerification);
user_pref(sweetim.toolbar.scripts.1.domain-blacklist, );
user_pref(sweetim.toolbar.scripts.1.domain-whitelist, hxxps://(www.|apps.)?facebook\\.com.*);
user_pref(sweetim.toolbar.scripts.1.elementid, id_script_sim_fb);
user_pref(sweetim.toolbar.scripts.1.enable, false);
user_pref(sweetim.toolbar.scripts.1.id, id_script_fb_hxxpS);
user_pref(sweetim.toolbar.scripts.1.url, hxxps://sc.sweetim.com/apps/in/fb/infb.js);
user_pref(sweetim.toolbar.scripts.2.addcontextdiv, false);
user_pref(sweetim.toolbar.scripts.2.callback, );
user_pref(sweetim.toolbar.scripts.2.domain-blacklist, .*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*);
user_pref(sweetim.toolbar.scripts.2.domain-whitelist, );
user_pref(sweetim.toolbar.scripts.2.elementid, id_predict_include_script);
user_pref(sweetim.toolbar.scripts.2.enable, false);
user_pref(sweetim.toolbar.scripts.2.id, id_script_prad);
user_pref(sweetim.toolbar.scripts.2.url, hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1);
user_pref(sweetim.toolbar.search.external, <?xml version=\1.0\?><TOOLBAR><EXTERNAL_SEARCH engine=\hxxp://*google.*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://sear
user_pref(sweetim.toolbar.search.history, MUDr.%20Helena%20%C5%A0utov%C3%A1);
user_pref(sweetim.toolbar.search.history.capacity, 10);
user_pref(sweetim.toolbar.searchguard.enable, false);
user_pref(sweetim.toolbar.searchguard.initialized_by_rc, true);
user_pref(sweetim.toolbar.simapp_id, 1605756411807700732);
user_pref(sweetim.toolbar.urls.afteruninstall, hxxp://toolbar.sweetpacks.com/uninstallbar.asp?barid=$toolbar_id;&flavour=$flavr;);
user_pref(sweetim.toolbar.urls.contactus, hxxp://www.perion.com/contact-us);
user_pref(sweetim.toolbar.urls.homepage, hxxp://ybar.sweetpacks.com/?src=10);
user_pref(sweetim.toolbar.urls.privacy, hxxp://www.perion.com/privacy-policy);
user_pref(sweetim.toolbar.urls.searchpage, hxxp://mysearch.sweetpacks.com/?barid=$toolbar_id;);
user_pref(sweetim.toolbar.urls.uninstall, hxxp://ybar.sweetpacks.com/uninstall);
user_pref(sweetim.toolbar.version, 1.14.0.1);
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 25.01.2017 at 22:47:34,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Microsoft Windows XP x86
Ran by Meda Beda (Administrator) on st 25.01.2017 at 22:47:01,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 11
Successfully deleted: C:\Documents and Settings\Meda Beda\Data aplikacˇ\Mozilla\Firefox\Profiles\8ofu8nur.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi (File)
Successfully deleted: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job (Task)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7PZ06OKY (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVLZHVWU (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OFACG1J7 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XVKUBAHZ (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\ytd (Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7PZ06OKY (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IVLZHVWU (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OFACG1J7 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XVKUBAHZ (Temporary Internet Files Folder)
Deleted the following from C:\Documents and Settings\Meda Beda\Data aplikacˇ\Mozilla\Firefox\Profiles\8ofu8nur.default\prefs.js
user_pref(CT3329621.FF19Solved, true);
user_pref(CT3329621.UserID, UN21354768081148019);
user_pref(CT3329621.dum, 2);
user_pref(CT3329621.fullUserID, UN21354768081148019.IN.20141008161926);
user_pref(CT3329621.installDate, 08/10/2014 16:19:31);
user_pref(CT3329621.installSessionId, 9e0e2e37-e501-4698-b296-95503a92f984);
user_pref(CT3329621.installSp, FALSE);
user_pref(CT3329621.installerVersion, 1.11.0.11);
user_pref(CT3329621.searchRevert, false);
user_pref(CT3329621.searchUninstallUserMode, 4);
user_pref(CT3329621.searchUserMode, 4);
user_pref(CT3329621.toolbarInstallDate, 08-10-2014 16:19:27);
user_pref(CT3329621.versionFromInstaller, 10.34.0.3);
user_pref(CT3329621.xpeMode, 1);
user_pref(browser.search.defaulturl, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(keyword.URL, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(smartbar.machineId, S4K5JEARTJ4BHQYAKZE39QZ6VBZDCMZU6HC5I8YCQ1QLTJ2RMQNTRSO43IWLVXZYQSOICQXW6NC4B3PROVK7WA);
user_pref(sweetim.toolbar.RevertDialog.enable, false);
user_pref(sweetim.toolbar.SearchBoxLogo, yahoo.png);
user_pref(sweetim.toolbar.SearchBoxText, Search with Yahoo);
user_pref(sweetim.toolbar.UserSelectedSaveSettings, true);
user_pref(sweetim.toolbar.Visibility.VisibilityGuardLastUnHide, 0);
user_pref(sweetim.toolbar.Visibility.enable, true);
user_pref(sweetim.toolbar.Visibility.intervaldays, 7);
user_pref(sweetim.toolbar.cda.DisableOveride.enable, false);
user_pref(sweetim.toolbar.cda.HideOveride.enable, false);
user_pref(sweetim.toolbar.cda.RemoveOveride.enable, false);
user_pref(sweetim.toolbar.defaultProvider, yho);
user_pref(sweetim.toolbar.dialogs.0.enable, true);
user_pref(sweetim.toolbar.dialogs.0.handler, chrome://sim_toolbar_package/content/optionsdialog-handler.js);
user_pref(sweetim.toolbar.dialogs.0.height, 335);
user_pref(sweetim.toolbar.dialogs.0.id, id_options_dialog);
user_pref(sweetim.toolbar.dialogs.0.title, $string.config.label;);
user_pref(sweetim.toolbar.dialogs.0.url, hxxp://www.sweetim.com/simffbar/options_remote ... crg=$cargo;);
user_pref(sweetim.toolbar.dialogs.0.width, 761);
user_pref(sweetim.toolbar.dialogs.1.enable, true);
user_pref(sweetim.toolbar.dialogs.1.handler, chrome://sim_toolbar_package/content/exampledialog-handler.js);
user_pref(sweetim.toolbar.dialogs.1.height, 300);
user_pref(sweetim.toolbar.dialogs.1.id, id_example_dialog);
user_pref(sweetim.toolbar.dialogs.1.title, Example (unit-test) dialog);
user_pref(sweetim.toolbar.dialogs.1.url, chrome://sim_toolbar_package/content/exampledialog.html);
user_pref(sweetim.toolbar.dialogs.1.width, 500);
user_pref(sweetim.toolbar.dialogs.2.enable, true);
user_pref(sweetim.toolbar.dialogs.2.handler, chrome://sim_toolbar_package/content/cdadialog-handler.js);
user_pref(sweetim.toolbar.dialogs.2.height, 150);
user_pref(sweetim.toolbar.dialogs.2.id, id_dialog_hide_disable_remove);
user_pref(sweetim.toolbar.dialogs.2.title, Option Dialog);
user_pref(sweetim.toolbar.dialogs.2.url, hxxp://www.sweetim.com/simffbar/simcdadialog.asp);
user_pref(sweetim.toolbar.dialogs.2.width, 530);
user_pref(sweetim.toolbar.dnscatch.domain-blacklist, .*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref(sweetim.toolbar.highlight.colors, #FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0);
user_pref(sweetim.toolbar.keywordUrlGuard.enable, false);
user_pref(sweetim.toolbar.logger.ConsoleHandler.MinReportLevel, 7);
user_pref(sweetim.toolbar.logger.FileHandler.FileName, ff-toolbar.log);
user_pref(sweetim.toolbar.logger.FileHandler.MaxFileSize, 200000);
user_pref(sweetim.toolbar.logger.FileHandler.MinReportLevel, 7);
user_pref(sweetim.toolbar.mode.debug, false);
user_pref(sweetim.toolbar.newtab.created, false);
user_pref(sweetim.toolbar.newtab.enable, false);
user_pref(sweetim.toolbar.newtab.url, hxxp://mysearch.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=$cargo;);
user_pref(sweetim.toolbar.previous.keyword.URL, );
user_pref(sweetim.toolbar.rc.url, hxxp://www.sweetim.com/simffbar/rc.html?toolba ... our=$flavr;);
user_pref(sweetim.toolbar.scripts.0.addcontextdiv, true);
user_pref(sweetim.toolbar.scripts.0.callback, simVerification);
user_pref(sweetim.toolbar.scripts.0.domain-blacklist, );
user_pref(sweetim.toolbar.scripts.0.domain-whitelist, hxxp://(www.|apps.)?facebook\\.com.*);
user_pref(sweetim.toolbar.scripts.0.elementid, id_script_sim_fb);
user_pref(sweetim.toolbar.scripts.0.enable, false);
user_pref(sweetim.toolbar.scripts.0.id, id_script_fb);
user_pref(sweetim.toolbar.scripts.0.url, hxxp://sc.sweetim.com/apps/in/fb/infb.js);
user_pref(sweetim.toolbar.scripts.1.addcontextdiv, true);
user_pref(sweetim.toolbar.scripts.1.callback, simVerification);
user_pref(sweetim.toolbar.scripts.1.domain-blacklist, );
user_pref(sweetim.toolbar.scripts.1.domain-whitelist, hxxps://(www.|apps.)?facebook\\.com.*);
user_pref(sweetim.toolbar.scripts.1.elementid, id_script_sim_fb);
user_pref(sweetim.toolbar.scripts.1.enable, false);
user_pref(sweetim.toolbar.scripts.1.id, id_script_fb_hxxpS);
user_pref(sweetim.toolbar.scripts.1.url, hxxps://sc.sweetim.com/apps/in/fb/infb.js);
user_pref(sweetim.toolbar.scripts.2.addcontextdiv, false);
user_pref(sweetim.toolbar.scripts.2.callback, );
user_pref(sweetim.toolbar.scripts.2.domain-blacklist, .*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*);
user_pref(sweetim.toolbar.scripts.2.domain-whitelist, );
user_pref(sweetim.toolbar.scripts.2.elementid, id_predict_include_script);
user_pref(sweetim.toolbar.scripts.2.enable, false);
user_pref(sweetim.toolbar.scripts.2.id, id_script_prad);
user_pref(sweetim.toolbar.scripts.2.url, hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1);
user_pref(sweetim.toolbar.search.external, <?xml version=\1.0\?><TOOLBAR><EXTERNAL_SEARCH engine=\hxxp://*google.*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://sear
user_pref(sweetim.toolbar.search.history, MUDr.%20Helena%20%C5%A0utov%C3%A1);
user_pref(sweetim.toolbar.search.history.capacity, 10);
user_pref(sweetim.toolbar.searchguard.enable, false);
user_pref(sweetim.toolbar.searchguard.initialized_by_rc, true);
user_pref(sweetim.toolbar.simapp_id, 1605756411807700732);
user_pref(sweetim.toolbar.urls.afteruninstall, hxxp://toolbar.sweetpacks.com/uninstallbar.asp?barid=$toolbar_id;&flavour=$flavr;);
user_pref(sweetim.toolbar.urls.contactus, hxxp://www.perion.com/contact-us);
user_pref(sweetim.toolbar.urls.homepage, hxxp://ybar.sweetpacks.com/?src=10);
user_pref(sweetim.toolbar.urls.privacy, hxxp://www.perion.com/privacy-policy);
user_pref(sweetim.toolbar.urls.searchpage, hxxp://mysearch.sweetpacks.com/?barid=$toolbar_id;);
user_pref(sweetim.toolbar.urls.uninstall, hxxp://ybar.sweetpacks.com/uninstall);
user_pref(sweetim.toolbar.version, 1.14.0.1);
Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 25.01.2017 at 22:47:34,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na přítomnost viru
Smazáno. Změnilo se něco k lepšímu?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?