VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Podezření na přítomnost viru

https://forum.viry.cz:443/viewtopic.php?t=151228

Stránka 1 z 1

Podezření na přítomnost viru

Napsal: 24 led 2017 21:21
od Elli27
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2017
Ran by Meda Beda (administrator) on MEDABEDA (24-01-2017 20:06:55)
Running from C:\Documents and Settings\Meda Beda\Plocha
Loaded Profiles: Meda Beda (Available Profiles: Meda Beda)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
() C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\WINDOWS\system32\cleanmgr.exe
(forum.viry.cz) C:\Documents and Settings\Meda Beda\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mouseElf] => C:\Program Files\KYE\Genius NetScroll Optical Mouse\MouseElf.exe [151552 2002-05-20] (Genius)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [94208 2006-04-21] (Nero AG)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3281600 2016-03-03] (Disc Soft Ltd)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {3b1936ec-a562-11e4-a8cb-001d7da85684} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad538-f77e-11e6-a97f-027005651504} - F:\Autorun.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad53b-f77e-11e6-a97f-027005651504} - G:\Setup.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d7-c97a-11e6-a95e-001d7da85684} - F:\Startme.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d8-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0dd-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0eb-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {c6002941-7f90-11e4-a8b9-001d7da85684} - F:\Lenovo_Suite.exe
HKLM\...\Providers\vh9ggz5t: C:\Program Files\Clokisevuboly Reports\local32spl.dll [272384 2017-01-20] ()
ShellExecuteHooks: No Name - {C37C42DA-DC66-11E6-A37E-64006A5CFC23} - C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly\Casuch.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk [2014-10-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0E9FDCD7-E94B-48C8-9673-FC1AFA961758}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
URLSearchHook: [S-1-5-21-436374069-1580436667-682003330-1004] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-436374069-1580436667-682003330-1004 - SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
URLSearchHook: HKU\S-1-5-21-436374069-1580436667-682003330-1004 - (No Name) - {31264a33-a653-46c4-af49-1232c59a7da5} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> {6D79A96D-110D-4FA5-8307-B7CB11A6C771} URL = hxxp://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3329621&CUI=UN13311442818921144&UM=4
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: No Name -> {31264a33-a653-46c4-af49-1232c59a7da5} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: No Name -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> No File
Toolbar: HKLM - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> No Name - {31264A33-A653-46C4-AF49-1232C59A7DA5} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1398617036040
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1398617119478
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.amisites.com/?type=sc&ts=1485268826 ... 0664806648

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default [2017-01-24]
FF NewTab: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> about:newtab
FF DefaultSearchEngine: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF DefaultSearchUrl: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF SelectedSearchEngine: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF Homepage: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxps://www.seznam.cz/?clid=22668
FF Keyword.URL: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Extension: (uBlock Origin) - C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\Extensions\uBlock0@raymondhill.net.xpi [2016-12-28]
FF Extension: (SweetPacks Toolbar for Firefox) - C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2014-04-30] [not signed]
FF SearchPlugin: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\searchplugins\amisites.xml [2017-01-24]
FF SearchPlugin: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\searchplugins\seznam-avast.xml [2017-01-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-05] [not signed]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-01-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-21] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Archer; C:\Program Files\WinArcher\Archer.dll [720384 2017-01-24] (TODO: <公司名>) [File not signed]
R2 Dihughterjecult; C:\Program Files\Momicultckerticult\ghezutyferdeingUpdate.dll [136192 2017-01-20] () [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082560 2016-03-03] (Disc Soft Ltd) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 GubedZL; C:\Program Files\Gubed\GubedZL.dll [148480 2017-01-23] () [File not signed]
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1962504 2016-11-11] (LogMeIn Inc.)
R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2016-08-26] () [File not signed]
R3 iThemes5; C:\Program Files\Common Files\Services\iThemes.dll [882688 2017-01-23] () [File not signed] <==== ATTENTION
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-11-11] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
R2 WinSAPSvc; C:\Documents and Settings\All Users\Data aplikací\WinSAPSvc\WinSAP.dll [547840 2017-01-23] () [File not signed]
S2 ed2kidle; "C:\Program Files\amuleC2\ed2k.exe" -downloadwhenidle [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [26168 2017-01-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [40504 2017-01-20] (Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\DRIVERS\ew_usbccgpfilter.sys [15360 2016-05-25] (Huawei Technologies Co., Ltd.)
S3 genmcmn; C:\WINDOWS\System32\DRIVERS\gmfiltr.sys [6656 2002-05-17] (Genius) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2015-08-03] (LogMeIn, Inc.)
S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [9216 2010-02-22] (MBB Incorporated)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
U0 aswVmm; no ImagePath
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2016-05-25] (Huawei Technologies Co., Ltd.)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 21:13 - 2017-02-20 21:13 - 00000000 ____D C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP
2017-02-20 21:13 - 2017-02-20 21:13 - 00000000 ____D C:\Program Files\File Association Helper
2017-02-20 18:46 - 2017-01-20 21:38 - 00002562 _____ C:\WINDOWS\diagwrn.xml
2017-02-20 18:46 - 2017-01-20 21:38 - 00001908 _____ C:\WINDOWS\diagerr.xml
2017-01-24 19:43 - 2017-01-24 20:07 - 00017676 _____ C:\Documents and Settings\Meda Beda\Plocha\FRST.txt
2017-01-24 19:42 - 2017-01-24 20:06 - 00000000 ____D C:\FRST
2017-01-24 19:40 - 2017-01-24 19:40 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Meda Beda\Plocha\FRSTLauncher.exe
2017-01-24 19:39 - 2017-01-24 19:39 - 01762816 _____ (Farbar) C:\Documents and Settings\Meda Beda\Plocha\FRST.exe
2017-01-24 19:00 - 2017-01-24 19:00 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\MFAData
2017-01-24 19:00 - 2017-01-24 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MFAData
2017-01-24 18:55 - 2017-01-24 19:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avg
2017-01-24 18:54 - 2017-01-24 19:34 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\AvgSetupLog
2017-01-24 18:54 - 2017-01-24 18:54 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Avg
2017-01-23 12:39 - 2017-01-24 19:39 - 00000328 _____ C:\WINDOWS\Tasks\WinTOOL.job
2017-01-23 12:38 - 2017-01-23 12:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\wintools
2017-01-23 12:38 - 2017-01-23 12:38 - 00000000 ____D C:\Program Files\WinArcher
2017-01-23 12:38 - 2017-01-23 12:38 - 00000000 ____D C:\Program Files\MIO
2017-01-23 12:38 - 2017-01-23 12:38 - 00000000 ____D C:\Program Files\Gubed
2017-01-23 12:38 - 2017-01-23 12:38 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\WinSAPSvc
2017-01-23 12:37 - 2017-01-23 12:37 - 00000000 ____D C:\Program Files\vh9ggz5t
2017-01-21 14:20 - 2017-01-21 14:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Dokumenty\NFS Most Wanted
2017-01-21 14:20 - 2017-01-21 14:20 - 00000548 _____ C:\Documents and Settings\All Users\Plocha\Need for Speed™ Most Wanted.lnk
2017-01-21 14:20 - 2017-01-21 14:20 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\EA GAMES
2017-01-21 14:14 - 2017-01-21 14:14 - 00000000 ____D C:\WINDOWS\RegisteredPackages
2017-01-21 14:14 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-01-21 14:13 - 2004-07-19 16:19 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax
2017-01-21 14:13 - 2004-07-19 16:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax
2017-01-21 14:13 - 2004-07-09 04:27 - 00381952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dsound.dll
2017-01-21 14:13 - 2004-07-09 04:27 - 00292864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddraw.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 01230336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msvidctl.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00354816 ____C C:\WINDOWS\system32\dllcache\psisdecd.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00354816 _____ C:\WINDOWS\system32\psisdecd.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00226304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nabtsfec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00052224 ____C C:\WINDOWS\system32\dllcache\msdvbnp.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00052224 _____ C:\WINDOWS\system32\msdvbnp.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00052096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msdv.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00039424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00030208 ____C C:\WINDOWS\system32\dllcache\psisrndr.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00030208 _____ C:\WINDOWS\system32\psisrndr.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00018688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wstcodec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdaplgin.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ccdecode.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00015104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00015104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpe.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\streamip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsink.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00011392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bdasup.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\slip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndisip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisip.sys
2017-01-21 14:13 - 2003-05-30 09:00 - 00797184 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\d3dim700.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdllreg.exe
2017-01-21 14:13 - 2002-12-12 00:14 - 00024064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddrawex.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksolay.ax
2017-01-21 14:13 - 2002-12-12 00:14 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\d3d8thk.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstee.sys
2017-01-21 14:13 - 2002-12-12 00:14 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mstee.sys
2017-01-21 14:13 - 2002-08-29 03:40 - 00667648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dinput8.dll
2017-01-20 21:31 - 2017-01-20 21:31 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Disc_Soft_Ltd
2017-01-20 21:30 - 2017-01-20 21:30 - 00000426 _____ C:\WINDOWS\Tasks\Clokisevuboly Reports.job
2017-01-20 21:30 - 2017-01-20 21:30 - 00000000 ____D C:\Program Files\Clokisevuboly Reports
2017-01-20 21:30 - 2017-01-20 21:30 - 00000000 ____D C:\Documents and Settings\All Users\Dokumenty\Daemon Tools Images
2017-01-20 21:29 - 2017-01-24 14:39 - 00000000 ____D C:\Program Files\Momicultckerticult
2017-01-20 21:29 - 2017-01-21 16:35 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly
2017-01-20 21:29 - 2017-01-20 21:29 - 00040504 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-01-20 21:29 - 2017-01-20 21:29 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Gropsycerjaly
2017-01-20 21:28 - 2017-01-21 09:41 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:31 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:28 - 00026168 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-01-20 21:28 - 2017-01-20 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2017-01-20 21:23 - 2017-01-24 15:56 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\Seznam.cz
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Program Files\Seznam.cz
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Program Files\7-Zip
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\7-Zip
2017-01-20 21:20 - 2017-01-20 21:20 - 00000000 ____D C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP
2017-01-20 21:20 - 2017-01-20 21:20 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\UniqueId
2016-12-29 06:08 - 2016-12-29 06:08 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2016-12-29 06:08 - 2016-12-29 06:08 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\LogMeIn Hamachi
2016-12-26 23:40 - 2016-12-26 23:40 - 00004707 _____ C:\WINDOWS\KB2884256.log
2016-12-26 23:40 - 2016-12-26 23:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2016-12-25 20:29 - 2016-12-25 20:29 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\McAfee
2016-12-25 20:28 - 2016-12-25 20:28 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus
2016-12-25 19:58 - 2016-12-25 20:28 - 00001812 _____ C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
2016-12-25 19:58 - 2016-12-25 20:28 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-25 19:58 - 2016-12-25 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2016-12-25 19:58 - 2016-12-25 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\McAfee
2016-12-25 19:15 - 2016-12-25 19:15 - 00001847 _____ C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
2016-12-25 19:15 - 2016-12-25 19:15 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
2016-12-25 18:29 - 2016-12-25 18:29 - 00000411 _____ C:\Documents and Settings\Meda Beda\Plocha\Zástupce - Pisnicky.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-18 22:36 - 2014-04-30 14:04 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\vlc
2017-02-18 17:43 - 2014-10-07 09:24 - 00016384 ____C C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-17 09:59 - 2014-04-27 17:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-02-16 12:45 - 2014-04-27 18:27 - 00048008 ____C C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2017-01-24 20:07 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Temp
2017-01-24 20:06 - 2014-11-06 13:31 - 00000208 _____ C:\WINDOWS\Tasks\AutoKMS.job
2017-01-24 20:06 - 2014-11-06 13:31 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2017-01-24 20:06 - 2014-11-06 13:30 - 00078848 _____ C:\WINDOWS\KMSEmulator.exe
2017-01-24 20:06 - 2014-04-29 21:19 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-24 20:06 - 2014-04-27 17:21 - 00000000 ___HD C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací
2017-01-24 20:06 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Plocha
2017-01-24 20:05 - 2015-10-02 14:24 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\LogMeIn Hamachi
2017-01-24 20:05 - 2015-10-01 09:56 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2017-01-24 20:05 - 2014-10-03 13:43 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-24 20:05 - 2014-05-04 23:10 - 00000230 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2017-01-24 20:05 - 2014-04-27 17:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-24 20:04 - 2014-04-27 17:21 - 00032638 _____ C:\WINDOWS\SchedLgU.Txt
2017-01-24 20:04 - 2014-04-27 17:21 - 00000178 ___SH C:\Documents and Settings\Meda Beda\ntuser.ini
2017-01-24 19:13 - 2014-10-03 13:43 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-24 19:02 - 2016-09-02 14:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-24 19:02 - 2014-10-03 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2017-01-24 19:02 - 2014-04-27 17:21 - 00000000 __RHD C:\Documents and Settings\Meda Beda\Data aplikací
2017-01-24 19:00 - 2014-04-27 19:06 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-01-24 18:57 - 2014-04-27 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2017-01-24 18:57 - 2014-04-27 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-01-24 18:50 - 2014-04-27 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2017-01-24 18:50 - 2014-04-27 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2017-01-24 18:48 - 2014-04-29 21:19 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-01-24 18:48 - 2014-04-29 21:19 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-01-24 18:48 - 2014-04-27 17:16 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-24 18:47 - 2014-04-27 18:56 - 00000000 ___HD C:\WINDOWS\inf
2017-01-24 18:38 - 2014-10-03 13:42 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-24 15:40 - 2016-09-28 18:34 - 00001156 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast SafeZone 1 Browser.lnk
2017-01-24 15:40 - 2014-04-27 17:21 - 00001113 _____ C:\Documents and Settings\Meda Beda\Nabídka Start\Programy\Internet Explorer.lnk
2017-01-24 15:40 - 2014-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\Meda Beda\Nabídka Start\Programy
2017-01-24 14:39 - 2006-03-02 13:00 - 00011936 _____ C:\WINDOWS\system32\wpa.dbl
2017-01-23 12:38 - 2014-04-27 17:16 - 00000000 ____D C:\Program Files\Common Files\Services
2017-01-22 14:18 - 2014-05-01 19:09 - 01072544 ____C C:\WINDOWS\system32\nvdrsdb1.bin
2017-01-22 14:18 - 2014-05-01 19:09 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2017-01-22 14:18 - 2014-05-01 19:09 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2017-01-21 14:20 - 2014-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\Meda Beda\Dokumenty
2017-01-21 14:16 - 2014-04-27 19:08 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2017-01-21 14:14 - 2014-04-27 18:56 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-01-21 14:13 - 2014-04-27 17:17 - 00000000 ____D C:\WINDOWS\system32\DirectX
2017-01-21 09:44 - 2014-04-29 21:18 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Adobe
2017-01-21 00:16 - 2014-09-17 23:49 - 01316886 ____C C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-436374069-1580436667-682003330-1004-0.dat
2017-01-21 00:16 - 2014-09-17 23:49 - 00218878 ____C C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2017-01-20 21:40 - 2014-05-16 10:59 - 00000069 ____C C:\WINDOWS\NeroDigital.ini
2017-01-20 21:30 - 2014-04-27 19:08 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2017-01-20 21:22 - 2016-09-30 14:42 - 00000000 ____D C:\Documents and Settings\Meda Beda\Plocha\Dokumenty
2017-01-10 20:42 - 2014-10-06 15:45 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2017-01-10 13:40 - 2014-04-27 19:05 - 00199344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-09 18:10 - 2014-04-27 17:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2017-01-09 18:09 - 2014-04-27 18:56 - 00000000 ____D C:\WINDOWS\pchealth
2016-12-29 06:08 - 2016-09-02 12:03 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Data aplikací\LogMeIn Hamachi
2016-12-27 20:40 - 2014-05-21 09:34 - 00000151 ____C C:\WINDOWS\PhotoSnapViewer.INI
2016-12-26 23:40 - 2014-04-27 19:08 - 00957483 ____C C:\WINDOWS\FaxSetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00466742 ____C C:\WINDOWS\ocgen.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00368313 ____C C:\WINDOWS\tsoc.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00326802 ____C C:\WINDOWS\comsetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00196320 ____C C:\WINDOWS\ntdtcsetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00148725 ____C C:\WINDOWS\iis6.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00059762 ____C C:\WINDOWS\ocmsn.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00047974 ____C C:\WINDOWS\msgsocm.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00001393 _____ C:\WINDOWS\imsins.log
2016-12-25 20:29 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2016-12-25 20:28 - 2006-03-02 13:00 - 00000766 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-25 19:58 - 2014-04-27 17:53 - 00000000 ____D C:\Documents and Settings\Meda Beda\Dokumenty\Stažené soubory
2016-12-25 19:15 - 2014-10-03 13:43 - 00000000 ____D C:\Program Files\Google
2016-12-25 18:14 - 2014-10-16 14:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-25 18:08 - 2014-04-27 19:06 - 01175680 _____ C:\WINDOWS\setupapi.log.0.old
2016-12-25 18:07 - 2014-10-16 14:13 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-10-07 09:24 - 2017-02-18 17:43 - 0016384 ____C () C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2016-03-04 13:31 - 2016-03-04 13:31 - 1004224 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\AppInstaller.exe
2017-01-21 14:12 - 2005-11-03 20:52 - 0729088 _____ (Electronic Arts Inc.) C:\Documents and Settings\Meda Beda\Local Settings\Temp\AutoRun.exe
2017-01-21 14:12 - 2005-10-13 23:02 - 0585728 _____ (Electronic Arts Inc.) C:\Documents and Settings\Meda Beda\Local Settings\Temp\AutoRunGUI.dll
2016-09-28 21:56 - 2000-04-06 05:00 - 0263168 ____N () C:\Documents and Settings\Meda Beda\Local Settings\Temp\binkw32.dll
2017-01-20 21:28 - 2017-01-20 21:28 - 0102912 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\bitool.dll
2016-09-28 21:56 - 2001-05-09 17:19 - 0352256 ____N (Blizzard Entertainment) C:\Documents and Settings\Meda Beda\Local Settings\Temp\d2l_Install.exe
2017-01-23 12:38 - 2017-01-23 12:38 - 26967248 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\inst12.exe
2014-04-27 17:55 - 2007-01-09 13:59 - 0145184 ___RC (Microsoft Corporation) C:\Documents and Settings\Meda Beda\Local Settings\Temp\ose00000.exe
2016-10-01 15:44 - 2016-12-25 18:11 - 1409992 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\Update.exe
2016-09-28 18:24 - 2014-12-11 14:36 - 0364544 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\_unps.exe
2017-01-24 15:53 - 2017-01-24 15:53 - 0534528 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================


Available physical RAM: 1385.72 MB
Total physical RAM: 1983.48 MB
Percentage of memory in use: 30%

==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\Clokisevuboly Reports.job => C:\Program Files\Momicultckerticult\nobent.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WinTOOL.job => C:\Documents and Settings\All Users\Data aplikací\wintools\WintoolUprI.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Meda Beda\Plocha" je 7 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Czechcrowncoin\\czechcrowncoin-qt.exe"="C:\\Program Files\\Czechcrowncoin\\czechcrowncoin-qt.exe:*:Enabled:Czechcrowncoin-Qt (OSS GUI client for Czechcrowncoin)"
"C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"="C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe:*:Disabled:EEventManager Application"
"D:\\Diablo II\\Game.exe"="D:\\Diablo II\\Game.exe:*:Enabled:Diablo II"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Podezření na přítomnost viru

Napsal: 24 led 2017 21:23
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Podezření na přítomnost viru

Napsal: 24 led 2017 21:32
od Elli27
# AdwCleaner v6.042 - Log vytvořen 24/01/2017 v 21:28:20
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-24.2 [Server]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : Meda Beda - MEDABEDA
# Spuštěno z : C:\Documents and Settings\Meda Beda\Plocha\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: WinSAPSvc
[-] Služba smazána: Archer
[-] Služba smazána: ed2kidle
[-] Služba smazána: iThemes5
[-] Služba smazána: GubedZL


***** [ Složky ] *****

[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\SweetIM
[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\Tbccint
[#] Složka smazána po restartu: C:\Documents and Settings\All Users\Data aplikací\tbccint
[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\WinSAPSvc
[#] Složka smazána po restartu: C:\Documents and Settings\All Users\Data aplikací\winsapsvc
[-] Složka smazána: C:\Documents and Settings\All Users\Nabídka Start\Programy\SweetPlayer
[-] Složka smazána: C:\Documents and Settings\All Users\Nabídka Start\Programy\DriverNavigator
[-] Složka smazána: C:\Program Files\SweetIM
[-] Složka smazána: C:\Program Files\sweetpacks bundle uninstaller
[-] Složka smazána: C:\Program Files\SweetPlayer
[-] Složka smazána: C:\Program Files\WinArcher
[#] Složka smazána po restartu: C:\Program Files\winarcher
[-] Složka smazána: C:\Program Files\Gubed
[-] Složka smazána: C:\Documents and Settings\All Users\Data aplikací\WinTools
[-] Složka smazána: C:\Program Files\MIO


***** [ Soubory ] *****

[-] Soubor smazán: C:\END
[-] Soubor smazán: C:\Program Files\Common Files\SERVICES\ITHEMES.DLL


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****

[-] Zástupce vyléčen: C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast SafeZone 1 Browser.lnk
[-] Zástupce vyléčen: C:\Documents and Settings\All Users\Nabídka Start\Programy\SweeetPlayer bundle\SweeetPlayer bundle.lnk


***** [ Naplánované úlohy ] *****

[-] Úloha smazána: WinTOOL


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\Toolbar.CT3329621
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
[-] Klíč smazán: HKLM\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Toolbar3.SWEETIE
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Toolbar3.SWEETIE.1
[-] Klíč smazán: HKCU\Software\Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
[-] Klíč smazán: HKCU\Software\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
[-] Klíč smazán: HKU\.DEFAULT\Software\ompndb
[-] Klíč smazán: HKU\.DEFAULT\Software\ecb`nl
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\BS_Player_ControlBar_B
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\SweetIM
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Tbccint
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Tbccint_HKLM
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\TbccintSearchScopes
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ompndb
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\ecb`nl
[#] Klíč smazán po restartu: HKCU\Software\BS_Player_ControlBar_B
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\SweetIM
[#] Klíč smazán po restartu: HKCU\Software\Tbccint
[#] Klíč smazán po restartu: HKCU\Software\Tbccint_HKLM
[#] Klíč smazán po restartu: HKCU\Software\TbccintSearchScopes
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\SweetIM
[-] Klíč smazán: HKLM\SOFTWARE\youndooSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\ompndb
[-] Klíč smazán: HKLM\SOFTWARE\ecb`nl
[-] Klíč smazán: HKLM\SOFTWARE\WinArcher
[-] Klíč smazán: HKLM\SOFTWARE\amisitesSoftware
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F5700A1-5116-4BAA-9AD8-3FB238BE9334}_is1
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3F5700A1-5116-4BAA-9AD8-3FB238BE9334}_is1
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E7F552EF334C802D75A55F0F6344722
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Klíč smazán: HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6D79A96D-110D-4FA5-8307-B7CB11A6C771}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6D79A96D-110D-4FA5-8307-B7CB11A6C771}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files\Internet Explorer\iexplore.exe"
[-] Klíč smazán: HKCU\Toolbar
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Hodnota smazána: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12158 Bajty] - [24/01/2017 21:28:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [12373 Bajty] - [24/01/2017 21:26:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12306 Bajty] ##########

Re: Podezření na přítomnost viru

Napsal: 24 led 2017 22:11
od Rudy
Dejte nový log FRST.

Re: Podezření na přítomnost viru

Napsal: 24 led 2017 22:18
od Elli27
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2017
Ran by Meda Beda (administrator) on MEDABEDA (24-01-2017 22:15:58)
Running from C:\Documents and Settings\Meda Beda\Plocha
Loaded Profiles: Meda Beda (Available Profiles: Meda Beda)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
() C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\Meda Beda\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mouseElf] => C:\Program Files\KYE\Genius NetScroll Optical Mouse\MouseElf.exe [151552 2002-05-20] (Genius)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [94208 2006-04-21] (Nero AG)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3281600 2016-03-03] (Disc Soft Ltd)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {3b1936ec-a562-11e4-a8cb-001d7da85684} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad538-f77e-11e6-a97f-027005651504} - F:\Autorun.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad53b-f77e-11e6-a97f-027005651504} - G:\Setup.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d7-c97a-11e6-a95e-001d7da85684} - F:\Startme.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d8-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0dd-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0eb-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {c6002941-7f90-11e4-a8b9-001d7da85684} - F:\Lenovo_Suite.exe
HKLM\...\Providers\vh9ggz5t: C:\Program Files\Clokisevuboly Reports\local32spl.dll [272384 2017-01-20] ()
ShellExecuteHooks: No Name - {C37C42DA-DC66-11E6-A37E-64006A5CFC23} - C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly\Casuch.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk [2014-10-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{0E9FDCD7-E94B-48C8-9673-FC1AFA961758}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKU\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
URLSearchHook: [S-1-5-21-436374069-1580436667-682003330-1004] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-436374069-1580436667-682003330-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1398617036040
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1398617119478
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default [2017-01-24]
FF NewTab: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> about:newtab
FF DefaultSearchEngine: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF DefaultSearchUrl: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF SelectedSearchEngine: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> Seznam
FF Homepage: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxps://www.seznam.cz/?clid=22668
FF Keyword.URL: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Extension: (uBlock Origin) - C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\Extensions\uBlock0@raymondhill.net.xpi [2016-12-28]
FF Extension: (SweetPacks Toolbar for Firefox) - C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2014-04-30] [not signed]
FF SearchPlugin: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\searchplugins\amisites.xml [2017-01-24]
FF SearchPlugin: C:\Documents and Settings\Meda Beda\Data aplikací\Mozilla\Firefox\Profiles\8ofu8nur.default\searchplugins\seznam-avast.xml [2017-01-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-05] [not signed]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-01-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-21] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Dihughterjecult; C:\Program Files\Momicultckerticult\ghezutyferdeingUpdate.dll [136192 2017-01-20] () [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082560 2016-03-03] (Disc Soft Ltd) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1962504 2016-11-11] (LogMeIn Inc.)
R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2016-08-26] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-11-11] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [26168 2017-01-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [40504 2017-01-20] (Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\DRIVERS\ew_usbccgpfilter.sys [15360 2016-05-25] (Huawei Technologies Co., Ltd.)
S3 genmcmn; C:\WINDOWS\System32\DRIVERS\gmfiltr.sys [6656 2002-05-17] (Genius) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2015-08-03] (LogMeIn, Inc.)
S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [9216 2010-02-22] (MBB Incorporated)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
U0 aswVmm; no ImagePath
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2016-05-25] (Huawei Technologies Co., Ltd.)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 21:13 - 2017-02-20 21:13 - 00000000 ____D C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP
2017-02-20 21:13 - 2017-02-20 21:13 - 00000000 ____D C:\Program Files\File Association Helper
2017-02-20 18:46 - 2017-01-20 21:38 - 00002562 _____ C:\WINDOWS\diagwrn.xml
2017-02-20 18:46 - 2017-01-20 21:38 - 00001908 _____ C:\WINDOWS\diagerr.xml
2017-01-24 21:25 - 2017-01-24 21:28 - 00000000 ____D C:\AdwCleaner
2017-01-24 21:25 - 2017-01-24 21:25 - 03988944 _____ C:\Documents and Settings\Meda Beda\Plocha\adwcleaner_6.042.exe
2017-01-24 19:43 - 2017-01-24 22:16 - 00015236 _____ C:\Documents and Settings\Meda Beda\Plocha\FRST.txt
2017-01-24 19:42 - 2017-01-24 22:15 - 00000000 ____D C:\FRST
2017-01-24 19:40 - 2017-01-24 19:40 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Meda Beda\Plocha\FRSTLauncher.exe
2017-01-24 19:39 - 2017-01-24 19:39 - 01762816 _____ (Farbar) C:\Documents and Settings\Meda Beda\Plocha\FRST.exe
2017-01-24 19:00 - 2017-01-24 19:00 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\MFAData
2017-01-24 19:00 - 2017-01-24 19:00 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\MFAData
2017-01-24 18:55 - 2017-01-24 19:39 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Avg
2017-01-24 18:54 - 2017-01-24 19:34 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\AvgSetupLog
2017-01-24 18:54 - 2017-01-24 18:54 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Avg
2017-01-23 12:37 - 2017-01-23 12:37 - 00000000 ____D C:\Program Files\vh9ggz5t
2017-01-21 14:20 - 2017-01-21 14:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Dokumenty\NFS Most Wanted
2017-01-21 14:20 - 2017-01-21 14:20 - 00000548 _____ C:\Documents and Settings\All Users\Plocha\Need for Speed™ Most Wanted.lnk
2017-01-21 14:20 - 2017-01-21 14:20 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\EA GAMES
2017-01-21 14:14 - 2017-01-21 14:14 - 00000000 ____D C:\WINDOWS\RegisteredPackages
2017-01-21 14:14 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-01-21 14:13 - 2004-07-19 16:19 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax
2017-01-21 14:13 - 2004-07-19 16:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax
2017-01-21 14:13 - 2004-07-09 04:27 - 00381952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dsound.dll
2017-01-21 14:13 - 2004-07-09 04:27 - 00292864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddraw.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 01230336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msvidctl.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00354816 ____C C:\WINDOWS\system32\dllcache\psisdecd.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00354816 _____ C:\WINDOWS\system32\psisdecd.dll
2017-01-21 14:13 - 2004-07-09 04:26 - 00226304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nabtsfec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00052224 ____C C:\WINDOWS\system32\dllcache\msdvbnp.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00052224 _____ C:\WINDOWS\system32\msdvbnp.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00052096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msdv.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00039424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00030208 ____C C:\WINDOWS\system32\dllcache\psisrndr.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00030208 _____ C:\WINDOWS\system32\psisrndr.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00018688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wstcodec.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdaplgin.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ccdecode.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00015104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00015104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpe.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\streamip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsink.ax
2017-01-21 14:13 - 2004-07-09 04:26 - 00011392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bdasup.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\slip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndisip.sys
2017-01-21 14:13 - 2004-07-09 04:26 - 00010112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisip.sys
2017-01-21 14:13 - 2003-05-30 09:00 - 00797184 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\d3dim700.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdllreg.exe
2017-01-21 14:13 - 2002-12-12 00:14 - 00024064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddrawex.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksolay.ax
2017-01-21 14:13 - 2002-12-12 00:14 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\d3d8thk.dll
2017-01-21 14:13 - 2002-12-12 00:14 - 00005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstee.sys
2017-01-21 14:13 - 2002-12-12 00:14 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mstee.sys
2017-01-21 14:13 - 2002-08-29 03:40 - 00667648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dinput8.dll
2017-01-20 21:31 - 2017-01-20 21:31 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Disc_Soft_Ltd
2017-01-20 21:30 - 2017-01-20 21:30 - 00000426 _____ C:\WINDOWS\Tasks\Clokisevuboly Reports.job
2017-01-20 21:30 - 2017-01-20 21:30 - 00000000 ____D C:\Program Files\Clokisevuboly Reports
2017-01-20 21:30 - 2017-01-20 21:30 - 00000000 ____D C:\Documents and Settings\All Users\Dokumenty\Daemon Tools Images
2017-01-20 21:29 - 2017-01-24 14:39 - 00000000 ____D C:\Program Files\Momicultckerticult
2017-01-20 21:29 - 2017-01-21 16:35 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly
2017-01-20 21:29 - 2017-01-20 21:29 - 00040504 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-01-20 21:29 - 2017-01-20 21:29 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Gropsycerjaly
2017-01-20 21:28 - 2017-01-21 09:41 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:31 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:28 - 00026168 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-01-20 21:28 - 2017-01-20 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\DAEMON Tools Lite
2017-01-20 21:28 - 2017-01-20 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2017-01-20 21:23 - 2017-01-24 15:56 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\Seznam.cz
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Program Files\Seznam.cz
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Program Files\7-Zip
2017-01-20 21:23 - 2017-01-20 21:23 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\7-Zip
2017-01-20 21:20 - 2017-01-20 21:20 - 00000000 ____D C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP
2017-01-20 21:20 - 2017-01-20 21:20 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\UniqueId
2016-12-29 06:08 - 2016-12-29 06:08 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2016-12-29 06:08 - 2016-12-29 06:08 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\LogMeIn Hamachi
2016-12-26 23:40 - 2016-12-26 23:40 - 00004707 _____ C:\WINDOWS\KB2884256.log
2016-12-26 23:40 - 2016-12-26 23:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2016-12-25 20:29 - 2016-12-25 20:29 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\McAfee
2016-12-25 20:28 - 2016-12-25 20:28 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus
2016-12-25 19:58 - 2016-12-25 20:28 - 00001812 _____ C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
2016-12-25 19:58 - 2016-12-25 20:28 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-25 19:58 - 2016-12-25 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2016-12-25 19:58 - 2016-12-25 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\McAfee
2016-12-25 19:15 - 2016-12-25 19:15 - 00001847 _____ C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
2016-12-25 19:15 - 2016-12-25 19:15 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
2016-12-25 18:29 - 2016-12-25 18:29 - 00000411 _____ C:\Documents and Settings\Meda Beda\Plocha\Zástupce - Pisnicky.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-18 22:36 - 2014-04-30 14:04 - 00000000 ____D C:\Documents and Settings\Meda Beda\Data aplikací\vlc
2017-02-18 17:43 - 2014-10-07 09:24 - 00016384 ____C C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-17 09:59 - 2014-04-27 17:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-02-16 12:45 - 2014-04-27 18:27 - 00048008 ____C C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2017-01-24 22:16 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Temp
2017-01-24 22:15 - 2014-04-27 17:21 - 00000000 ___HD C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací
2017-01-24 22:15 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\Meda Beda\Plocha
2017-01-24 22:13 - 2014-10-03 13:43 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-24 22:06 - 2014-04-29 21:19 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-24 21:30 - 2015-10-02 14:24 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\LogMeIn Hamachi
2017-01-24 21:30 - 2015-10-01 09:56 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2017-01-24 21:30 - 2014-11-06 13:31 - 00000208 _____ C:\WINDOWS\Tasks\AutoKMS.job
2017-01-24 21:30 - 2014-11-06 13:31 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2017-01-24 21:30 - 2014-11-06 13:30 - 00078848 _____ C:\WINDOWS\KMSEmulator.exe
2017-01-24 21:30 - 2014-10-03 13:43 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-24 21:29 - 2014-05-04 23:10 - 00000230 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2017-01-24 21:29 - 2014-04-27 17:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-24 21:28 - 2016-09-28 18:34 - 00000659 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Avast SafeZone 1 Browser.lnk
2017-01-24 21:28 - 2014-04-30 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\SweeetPlayer bundle
2017-01-24 21:28 - 2014-04-27 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-01-24 21:28 - 2014-04-27 17:21 - 00032638 _____ C:\WINDOWS\SchedLgU.Txt
2017-01-24 21:28 - 2014-04-27 17:21 - 00000178 ___SH C:\Documents and Settings\Meda Beda\ntuser.ini
2017-01-24 21:28 - 2014-04-27 17:16 - 00000000 ____D C:\Program Files\Common Files\Services
2017-01-24 21:26 - 2014-04-27 19:06 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-01-24 19:02 - 2016-09-02 14:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-24 19:02 - 2014-10-03 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2017-01-24 19:02 - 2014-04-27 17:21 - 00000000 __RHD C:\Documents and Settings\Meda Beda\Data aplikací
2017-01-24 18:57 - 2014-04-27 19:08 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2017-01-24 18:50 - 2014-04-27 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2017-01-24 18:50 - 2014-04-27 17:51 - 00000712 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2017-01-24 18:48 - 2014-04-29 21:19 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-01-24 18:48 - 2014-04-29 21:19 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-01-24 18:48 - 2014-04-27 17:16 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-24 18:47 - 2014-04-27 18:56 - 00000000 ___HD C:\WINDOWS\inf
2017-01-24 18:38 - 2014-10-03 13:42 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-24 15:40 - 2014-04-27 17:21 - 00001113 _____ C:\Documents and Settings\Meda Beda\Nabídka Start\Programy\Internet Explorer.lnk
2017-01-24 15:40 - 2014-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\Meda Beda\Nabídka Start\Programy
2017-01-24 14:39 - 2006-03-02 13:00 - 00011936 _____ C:\WINDOWS\system32\wpa.dbl
2017-01-22 14:18 - 2014-05-01 19:09 - 01072544 ____C C:\WINDOWS\system32\nvdrsdb1.bin
2017-01-22 14:18 - 2014-05-01 19:09 - 01072544 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2017-01-22 14:18 - 2014-05-01 19:09 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2017-01-21 14:20 - 2014-04-27 17:21 - 00000000 ___RD C:\Documents and Settings\Meda Beda\Dokumenty
2017-01-21 14:16 - 2014-04-27 19:08 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2017-01-21 14:14 - 2014-04-27 18:56 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-01-21 14:13 - 2014-04-27 17:17 - 00000000 ____D C:\WINDOWS\system32\DirectX
2017-01-21 09:44 - 2014-04-29 21:18 - 00000000 ____D C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\Adobe
2017-01-21 00:16 - 2014-09-17 23:49 - 01316886 ____C C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-436374069-1580436667-682003330-1004-0.dat
2017-01-21 00:16 - 2014-09-17 23:49 - 00218878 ____C C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2017-01-20 21:40 - 2014-05-16 10:59 - 00000069 ____C C:\WINDOWS\NeroDigital.ini
2017-01-20 21:30 - 2014-04-27 19:08 - 00000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2017-01-20 21:22 - 2016-09-30 14:42 - 00000000 ____D C:\Documents and Settings\Meda Beda\Plocha\Dokumenty
2017-01-10 20:42 - 2014-10-06 15:45 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2017-01-10 13:40 - 2014-04-27 19:05 - 00199344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-09 18:10 - 2014-04-27 17:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2017-01-09 18:09 - 2014-04-27 18:56 - 00000000 ____D C:\WINDOWS\pchealth
2016-12-29 06:08 - 2016-09-02 12:03 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Data aplikací\LogMeIn Hamachi
2016-12-27 20:40 - 2014-05-21 09:34 - 00000151 ____C C:\WINDOWS\PhotoSnapViewer.INI
2016-12-26 23:40 - 2014-04-27 19:08 - 00957483 ____C C:\WINDOWS\FaxSetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00466742 ____C C:\WINDOWS\ocgen.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00368313 ____C C:\WINDOWS\tsoc.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00326802 ____C C:\WINDOWS\comsetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00196320 ____C C:\WINDOWS\ntdtcsetup.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00148725 ____C C:\WINDOWS\iis6.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00059762 ____C C:\WINDOWS\ocmsn.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00047974 ____C C:\WINDOWS\msgsocm.log
2016-12-26 23:40 - 2014-04-27 19:08 - 00001393 _____ C:\WINDOWS\imsins.log
2016-12-25 20:29 - 2014-04-27 17:21 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2016-12-25 20:28 - 2006-03-02 13:00 - 00000766 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-25 19:58 - 2014-04-27 17:53 - 00000000 ____D C:\Documents and Settings\Meda Beda\Dokumenty\Stažené soubory
2016-12-25 19:15 - 2014-10-03 13:43 - 00000000 ____D C:\Program Files\Google
2016-12-25 18:14 - 2014-10-16 14:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-25 18:08 - 2014-04-27 19:06 - 01175680 _____ C:\WINDOWS\setupapi.log.0.old
2016-12-25 18:07 - 2014-10-16 14:13 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-10-07 09:24 - 2017-02-18 17:43 - 0016384 ____C () C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2016-03-04 13:31 - 2016-03-04 13:31 - 1004224 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\AppInstaller.exe
2017-01-21 14:12 - 2005-11-03 20:52 - 0729088 _____ (Electronic Arts Inc.) C:\Documents and Settings\Meda Beda\Local Settings\Temp\AutoRun.exe
2017-01-21 14:12 - 2005-10-13 23:02 - 0585728 _____ (Electronic Arts Inc.) C:\Documents and Settings\Meda Beda\Local Settings\Temp\AutoRunGUI.dll
2016-09-28 21:56 - 2000-04-06 05:00 - 0263168 ____N () C:\Documents and Settings\Meda Beda\Local Settings\Temp\binkw32.dll
2017-01-20 21:28 - 2017-01-20 21:28 - 0102912 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\bitool.dll
2016-09-28 21:56 - 2001-05-09 17:19 - 0352256 ____N (Blizzard Entertainment) C:\Documents and Settings\Meda Beda\Local Settings\Temp\d2l_Install.exe
2017-01-23 12:38 - 2017-01-23 12:38 - 26967248 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\inst12.exe
2014-04-27 17:55 - 2007-01-09 13:59 - 0145184 ___RC (Microsoft Corporation) C:\Documents and Settings\Meda Beda\Local Settings\Temp\ose00000.exe
2016-10-01 15:44 - 2016-12-25 18:11 - 1409992 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\Update.exe
2016-09-28 18:24 - 2014-12-11 14:36 - 0364544 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\_unps.exe
2017-01-24 15:53 - 2017-01-24 15:53 - 0534528 _____ () C:\Documents and Settings\Meda Beda\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:19.53 GB) (Free:1.68 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (disk) (Fixed) (Total:278.55 GB) (Free:253.36 GB) NTFS
Drive f: (NFS_Most_Wanted) (CDROM) (Total:2.16 GB) (Free:0 GB) CDFS

Available physical RAM: 1237.44 MB
Total physical RAM: 1983.48 MB
Percentage of memory in use: 37%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 298.1 GB) (Disk ID: 31553155)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=278.5 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\Clokisevuboly Reports.job => C:\Program Files\Momicultckerticult\nobent.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Meda Beda\Plocha" je 11 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Czechcrowncoin\\czechcrowncoin-qt.exe"="C:\\Program Files\\Czechcrowncoin\\czechcrowncoin-qt.exe:*:Enabled:Czechcrowncoin-Qt (OSS GUI client for Czechcrowncoin)"
"C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"="C:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe:*:Disabled:EEventManager Application"
"D:\\Diablo II\\Game.exe"="D:\\Diablo II\\Game.exe:*:Enabled:Diablo II"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Podezření na přítomnost viru

Napsal: 24 led 2017 22:30
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {3b1936ec-a562-11e4-a8cb-001d7da85684} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad538-f77e-11e6-a97f-027005651504} - F:\Autorun.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad53b-f77e-11e6-a97f-027005651504} - G:\Setup.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d7-c97a-11e6-a95e-001d7da85684} - F:\Startme.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d8-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0dd-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0eb-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {c6002941-7f90-11e4-a8b9-001d7da85684} - F:\Lenovo_Suite.exe
ShellExecuteHooks: No Name - {C37C42DA-DC66-11E6-A37E-64006A5CFC23} - C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly\Casuch.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: [S-1-5-21-436374069-1580436667-682003330-1004] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
U0 aswVmm; no ImagePath
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP
C:\Documents and Settings\LocalService\Data aplikací\McAfee
C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus
C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
C:\Documents and Settings\All Users\Data aplikací\McAfee
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\AutoKMS.job
C:\WINDOWS\KMSEmulator.exe
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Meda Beda\Local Settings\Temp
C:\WINDOWS\AutoKMS.exe

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Podezření na přítomnost viru

Napsal: 24 led 2017 22:49
od Elli27
Fix result of Farbar Recovery Scan Tool (x86) Version: 22-01-2017
Ran by Meda Beda (24-01-2017 22:45:15) Run:1
Running from C:\Documents and Settings\Meda Beda\Plocha
Loaded Profiles: Meda Beda (Available Profiles: Meda Beda)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {3b1936ec-a562-11e4-a8cb-001d7da85684} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad538-f77e-11e6-a97f-027005651504} - F:\Autorun.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {649ad53b-f77e-11e6-a97f-027005651504} - G:\Setup.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d7-c97a-11e6-a95e-001d7da85684} - F:\Startme.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0d8-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0dd-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9e59b0eb-c97a-11e6-a95e-001d7da85684} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-436374069-1580436667-682003330-1004\...\MountPoints2: {c6002941-7f90-11e4-a8b9-001d7da85684} - F:\Lenovo_Suite.exe
ShellExecuteHooks: No Name - {C37C42DA-DC66-11E6-A37E-64006A5CFC23} - C:\Documents and Settings\Meda Beda\Data aplikací\Kiguly\Casuch.dll -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: [S-1-5-21-436374069-1580436667-682003330-1004] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
U0 aswVmm; no ImagePath
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP
C:\Documents and Settings\LocalService\Data aplikací\McAfee
C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus
C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
C:\Documents and Settings\All Users\Data aplikací\McAfee
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\AutoKMS.job
C:\WINDOWS\KMSEmulator.exe
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Documents and Settings\Meda Beda\Local Settings\Temp
C:\WINDOWS\AutoKMS.exe

EmptyTemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => value removed successfully.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b1936ec-a562-11e4-a8cb-001d7da85684} => key removed successfully.
HKCR\CLSID\{3b1936ec-a562-11e4-a8cb-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{649ad538-f77e-11e6-a97f-027005651504} => key removed successfully.
HKCR\CLSID\{649ad538-f77e-11e6-a97f-027005651504} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{649ad53b-f77e-11e6-a97f-027005651504} => key removed successfully.
HKCR\CLSID\{649ad53b-f77e-11e6-a97f-027005651504} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0d7-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0d7-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0d8-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0d8-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0dd-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0dd-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e59b0eb-c97a-11e6-a95e-001d7da85684} => key removed successfully.
HKCR\CLSID\{9e59b0eb-c97a-11e6-a95e-001d7da85684} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} => key removed successfully.
HKCR\CLSID\{9edf9b5a-b48f-11e6-a95d-ef0e4684db4a} => key not found.
HKU\S-1-5-21-436374069-1580436667-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6002941-7f90-11e4-a8b9-001d7da85684} => key removed successfully.
HKCR\CLSID\{c6002941-7f90-11e4-a8b9-001d7da85684} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} => value removed successfully.
HKCR\CLSID\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk => moved successfully
C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe => moved successfully

"C:\Program Files\McAfee Security Scan" folder move:

Could not move "C:\Program Files\McAfee Security Scan" => Scheduled to move on reboot.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\System\CurrentControlSet\Services\McComponentHostService => key removed successfully.
McComponentHostService => service removed successfully.
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully.
aswVmm => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410C.TMP => moved successfully
C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C2410A.TMP => moved successfully
C:\Documents and Settings\LocalService\Data aplikací\McAfee => moved successfully
C:\Documents and Settings\All Users\Nabídka Start\Programy\McAfee Security Scan Plus => moved successfully
C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk => moved successfully
C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan => moved successfully
C:\Documents and Settings\All Users\Data aplikací\McAfee => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\AutoKMS.job => moved successfully
C:\WINDOWS\KMSEmulator.exe => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Documents and Settings\Meda Beda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Documents and Settings\Meda Beda\Local Settings\Temp => moved successfully
C:\WINDOWS\AutoKMS.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 13616 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 194846 B
Java, Flash, Steam htmlcache => 45790 B
Windows/system/dllcache/drivers => 127707708 B
Edge => 0 B
Chrome => 0 B
Firefox => 271962369 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 320328802 B
LocalService => 66744 B
NetworkService => 66167 B
Meda Beda => 18613206 B

RecycleBin => 0 B
EmptyTemp: => 704.8 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-01-2017 22:47:33)

C:\Program Files\McAfee Security Scan => moved successfully

==== End of Fixlog 22:47:33 ====

Re: Podezření na přítomnost viru

Napsal: 25 led 2017 17:32
od Rudy
Smazáno, log by již měl být OK. Podezření trvá?

Re: Podezření na přítomnost viru

Napsal: 25 led 2017 21:27
od Elli27
Podezření stále trva ,při otevřeni firefox se mi místo nastavene domovske stránky seznam.cz otevře nějaký Amisites, a když chci něco vyhledat otevře se mi web FVP . Nevím si s tím vůbec rady. Prosím o radu co s tím? Už jsem přemýšlela i o odinstalaci firefoxu a naistalaci znovu.Ale zdá se mi to dost asi zbytečné pokud to jde odstranit jinak.
Děkuji za pomoc
Hezký večer Ell

Re: Podezření na přítomnost viru

Napsal: 25 led 2017 21:37
od Rudy
Zkuste ještě tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Re: Podezření na přítomnost viru

Napsal: 25 led 2017 22:49
od Elli27
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Meda Beda on st 25.01.2017 at 22:31:56,68.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Meda Beda\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.1.2017 22:32:33 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\T-Mobile deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Avg deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC0F8E-1F0D-43F9-920E-C4E3CB851958} deleted successfully
HKEY_USERS\S-1-5-21-436374069-1580436667-682003330-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2CB0C4C-9B05-4D95-A204-C29B14B10801} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{C37C42DA-DC66-11E6-A37E-64006A5CFC23} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\T-Mobile not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\Documents and Settings\Meda Beda\.android deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604} deleted
C:\WINDOWS\002613_.tmp deleted
C:\WINDOWS\SET21.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\System32\SET1A8.tmp deleted
C:\WINDOWS\System32\SET1AC.tmp deleted
C:\WINDOWS\System32\SET1AD.tmp deleted
C:\WINDOWS\System32\SET1B4.tmp deleted
"C:\WINDOWS\Installer\8b1a85.msi" deleted
"C:\Program Files\Clokisevuboly Reports\local32spl.dll" deleted
"C:\Program Files\Clokisevuboly Reports" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"e-webprint@epson.com"="C:\Program Files\Epson Software\E-Web Print\Firefox Add-on" [21.01.2015 12:57]

==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/?clid=22668"
"Search Page"="http://search.seznam.cz/?sourceid=quick ... earchTerms}"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://search.seznam.cz/?sourceid=quick ... earchTerms}"
"Start Page"="https://www.seznam.cz/?clid=22668"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... rer:source?}
HKLM\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} - http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKCU\SearchScopes "DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} - http://search.seznam.cz/?sourceid=quick ... earchTerms}

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Meda Beda\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=16 folders=7 8903414 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\MEDABE~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\Meda Beda\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\Clokisevuboly Reports" not found

==== EOF on st 25.01.2017 at 22:43:25,84 ======================

Re: Podezření na přítomnost viru

Napsal: 25 led 2017 22:50
od Elli27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Microsoft Windows XP x86
Ran by Meda Beda (Administrator) on st 25.01.2017 at 22:47:01,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\Documents and Settings\Meda Beda\Data aplikacˇ\Mozilla\Firefox\Profiles\8ofu8nur.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi (File)
Successfully deleted: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job (Task)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7PZ06OKY (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVLZHVWU (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OFACG1J7 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XVKUBAHZ (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\ytd (Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7PZ06OKY (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\IVLZHVWU (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OFACG1J7 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XVKUBAHZ (Temporary Internet Files Folder)

Deleted the following from C:\Documents and Settings\Meda Beda\Data aplikacˇ\Mozilla\Firefox\Profiles\8ofu8nur.default\prefs.js
user_pref(CT3329621.FF19Solved, true);
user_pref(CT3329621.UserID, UN21354768081148019);
user_pref(CT3329621.dum, 2);
user_pref(CT3329621.fullUserID, UN21354768081148019.IN.20141008161926);
user_pref(CT3329621.installDate, 08/10/2014 16:19:31);
user_pref(CT3329621.installSessionId, 9e0e2e37-e501-4698-b296-95503a92f984);
user_pref(CT3329621.installSp, FALSE);
user_pref(CT3329621.installerVersion, 1.11.0.11);
user_pref(CT3329621.searchRevert, false);
user_pref(CT3329621.searchUninstallUserMode, 4);
user_pref(CT3329621.searchUserMode, 4);
user_pref(CT3329621.toolbarInstallDate, 08-10-2014 16:19:27);
user_pref(CT3329621.versionFromInstaller, 10.34.0.3);
user_pref(CT3329621.xpeMode, 1);
user_pref(browser.search.defaulturl, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(keyword.URL, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(smartbar.machineId, S4K5JEARTJ4BHQYAKZE39QZ6VBZDCMZU6HC5I8YCQ1QLTJ2RMQNTRSO43IWLVXZYQSOICQXW6NC4B3PROVK7WA);
user_pref(sweetim.toolbar.RevertDialog.enable, false);
user_pref(sweetim.toolbar.SearchBoxLogo, yahoo.png);
user_pref(sweetim.toolbar.SearchBoxText, Search with Yahoo);
user_pref(sweetim.toolbar.UserSelectedSaveSettings, true);
user_pref(sweetim.toolbar.Visibility.VisibilityGuardLastUnHide, 0);
user_pref(sweetim.toolbar.Visibility.enable, true);
user_pref(sweetim.toolbar.Visibility.intervaldays, 7);
user_pref(sweetim.toolbar.cda.DisableOveride.enable, false);
user_pref(sweetim.toolbar.cda.HideOveride.enable, false);
user_pref(sweetim.toolbar.cda.RemoveOveride.enable, false);
user_pref(sweetim.toolbar.defaultProvider, yho);
user_pref(sweetim.toolbar.dialogs.0.enable, true);
user_pref(sweetim.toolbar.dialogs.0.handler, chrome://sim_toolbar_package/content/optionsdialog-handler.js);
user_pref(sweetim.toolbar.dialogs.0.height, 335);
user_pref(sweetim.toolbar.dialogs.0.id, id_options_dialog);
user_pref(sweetim.toolbar.dialogs.0.title, $string.config.label;);
user_pref(sweetim.toolbar.dialogs.0.url, hxxp://www.sweetim.com/simffbar/options_remote ... crg=$cargo;);
user_pref(sweetim.toolbar.dialogs.0.width, 761);
user_pref(sweetim.toolbar.dialogs.1.enable, true);
user_pref(sweetim.toolbar.dialogs.1.handler, chrome://sim_toolbar_package/content/exampledialog-handler.js);
user_pref(sweetim.toolbar.dialogs.1.height, 300);
user_pref(sweetim.toolbar.dialogs.1.id, id_example_dialog);
user_pref(sweetim.toolbar.dialogs.1.title, Example (unit-test) dialog);
user_pref(sweetim.toolbar.dialogs.1.url, chrome://sim_toolbar_package/content/exampledialog.html);
user_pref(sweetim.toolbar.dialogs.1.width, 500);
user_pref(sweetim.toolbar.dialogs.2.enable, true);
user_pref(sweetim.toolbar.dialogs.2.handler, chrome://sim_toolbar_package/content/cdadialog-handler.js);
user_pref(sweetim.toolbar.dialogs.2.height, 150);
user_pref(sweetim.toolbar.dialogs.2.id, id_dialog_hide_disable_remove);
user_pref(sweetim.toolbar.dialogs.2.title, Option Dialog);
user_pref(sweetim.toolbar.dialogs.2.url, hxxp://www.sweetim.com/simffbar/simcdadialog.asp);
user_pref(sweetim.toolbar.dialogs.2.width, 530);
user_pref(sweetim.toolbar.dnscatch.domain-blacklist, .*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref(sweetim.toolbar.highlight.colors, #FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0);
user_pref(sweetim.toolbar.keywordUrlGuard.enable, false);
user_pref(sweetim.toolbar.logger.ConsoleHandler.MinReportLevel, 7);
user_pref(sweetim.toolbar.logger.FileHandler.FileName, ff-toolbar.log);
user_pref(sweetim.toolbar.logger.FileHandler.MaxFileSize, 200000);
user_pref(sweetim.toolbar.logger.FileHandler.MinReportLevel, 7);
user_pref(sweetim.toolbar.mode.debug, false);
user_pref(sweetim.toolbar.newtab.created, false);
user_pref(sweetim.toolbar.newtab.enable, false);
user_pref(sweetim.toolbar.newtab.url, hxxp://mysearch.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=$cargo;);
user_pref(sweetim.toolbar.previous.keyword.URL, );
user_pref(sweetim.toolbar.rc.url, hxxp://www.sweetim.com/simffbar/rc.html?toolba ... our=$flavr;);
user_pref(sweetim.toolbar.scripts.0.addcontextdiv, true);
user_pref(sweetim.toolbar.scripts.0.callback, simVerification);
user_pref(sweetim.toolbar.scripts.0.domain-blacklist, );
user_pref(sweetim.toolbar.scripts.0.domain-whitelist, hxxp://(www.|apps.)?facebook\\.com.*);
user_pref(sweetim.toolbar.scripts.0.elementid, id_script_sim_fb);
user_pref(sweetim.toolbar.scripts.0.enable, false);
user_pref(sweetim.toolbar.scripts.0.id, id_script_fb);
user_pref(sweetim.toolbar.scripts.0.url, hxxp://sc.sweetim.com/apps/in/fb/infb.js);
user_pref(sweetim.toolbar.scripts.1.addcontextdiv, true);
user_pref(sweetim.toolbar.scripts.1.callback, simVerification);
user_pref(sweetim.toolbar.scripts.1.domain-blacklist, );
user_pref(sweetim.toolbar.scripts.1.domain-whitelist, hxxps://(www.|apps.)?facebook\\.com.*);
user_pref(sweetim.toolbar.scripts.1.elementid, id_script_sim_fb);
user_pref(sweetim.toolbar.scripts.1.enable, false);
user_pref(sweetim.toolbar.scripts.1.id, id_script_fb_hxxpS);
user_pref(sweetim.toolbar.scripts.1.url, hxxps://sc.sweetim.com/apps/in/fb/infb.js);
user_pref(sweetim.toolbar.scripts.2.addcontextdiv, false);
user_pref(sweetim.toolbar.scripts.2.callback, );
user_pref(sweetim.toolbar.scripts.2.domain-blacklist, .*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*);
user_pref(sweetim.toolbar.scripts.2.domain-whitelist, );
user_pref(sweetim.toolbar.scripts.2.elementid, id_predict_include_script);
user_pref(sweetim.toolbar.scripts.2.enable, false);
user_pref(sweetim.toolbar.scripts.2.id, id_script_prad);
user_pref(sweetim.toolbar.scripts.2.url, hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1);
user_pref(sweetim.toolbar.search.external, <?xml version=\1.0\?><TOOLBAR><EXTERNAL_SEARCH engine=\hxxp://*google.*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://sear
user_pref(sweetim.toolbar.search.history, MUDr.%20Helena%20%C5%A0utov%C3%A1);
user_pref(sweetim.toolbar.search.history.capacity, 10);
user_pref(sweetim.toolbar.searchguard.enable, false);
user_pref(sweetim.toolbar.searchguard.initialized_by_rc, true);
user_pref(sweetim.toolbar.simapp_id, 1605756411807700732);
user_pref(sweetim.toolbar.urls.afteruninstall, hxxp://toolbar.sweetpacks.com/uninstallbar.asp?barid=$toolbar_id;&flavour=$flavr;);
user_pref(sweetim.toolbar.urls.contactus, hxxp://www.perion.com/contact-us);
user_pref(sweetim.toolbar.urls.homepage, hxxp://ybar.sweetpacks.com/?src=10);
user_pref(sweetim.toolbar.urls.privacy, hxxp://www.perion.com/privacy-policy);
user_pref(sweetim.toolbar.urls.searchpage, hxxp://mysearch.sweetpacks.com/?barid=$toolbar_id;);
user_pref(sweetim.toolbar.urls.uninstall, hxxp://ybar.sweetpacks.com/uninstall);
user_pref(sweetim.toolbar.version, 1.14.0.1);



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 25.01.2017 at 22:47:34,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Podezření na přítomnost viru

Napsal: 26 led 2017 17:15
od Rudy
Smazáno. Změnilo se něco k lepšímu?
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz