Logfile of random's system information tool 1.10 (written by random/random)
Run by Pavel at 2014-12-30 10:16:56
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 93 GB (19%) free of 477 GB
Total RAM: 3580 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:19, on 30.12.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\LockStatusTray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\DiFM Listener\DiFM.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
C:\Users\Pavel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\TrayStatus\TrayStatus.exe
C:\Users\Pavel\AppData\Local\Akamai\netsession_win.exe
C:\Users\Pavel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Radio Wave Jukebox\Jukebox.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Pavel\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Users\Pavel\Downloads\RSIT.exe
C:\Program Files\trend micro\Pavel.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://encrypted.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [LockStatusTray] C:\Windows\LockStatusTray.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DiFM Listener] C:\Program Files\DiFM Listener\DiFM.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [AlSrvN] C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Pavel\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Pavel\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [TrayStatus] "C:\Program Files\TrayStatus\TrayStatus.exe"
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Pavel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - Startup: Radio Wave Jukebox.lnk = C:\Program Files\Radio Wave Jukebox\Jukebox.exe
O4 - Startup: taskmgr.lnk = C:\Windows\System32\taskmgr.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MIF5BA~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540200} - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~2\GO36F4~1.DLL
O23 - Service: ArcSoft Exchange Service (ADExchange) - Unknown owner - C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c1f21f27f4c2b301\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Unknown owner - C:\Program Files\Borland\InterBase\bin\ibguard.exe (file missing)
O23 - Service: InterBase Server (InterBaseServer) - Unknown owner - C:\Program Files\Borland\InterBase\bin\ibserver.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSSQL$UIRADR - Unknown owner - F:\MSSQL$UIRADR\Binn\sqlservr.exe (file missing)
O23 - Service: mysql - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: SQLAgent$UIRADR - Unknown owner - F:\MSSQL$UIRADR\Binn\sqlagent.EXE (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c1f21f27f4c2b301\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
--
End of file - 13067 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8d4b3dd83dfd.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2552486549-48890951-3667146554-1000Core.job - C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2552486549-48890951-3667146554-1000UA1cf492bca629b2f.job - C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default
prefs.js - "browser.startup.homepage" - "https://google.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nullsoft.com/winampDetector;version=1]
"Description"=Winamp Detector
"Path"=C:\Program Files\Winamp Detect\npwachk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\extensions\
printPages2Pdf@reinhold.ripper
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
Microsoft Web Test Recorder 10.0 Helper - C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-29 75104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-11-12 710864]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [2009-07-17 4562944]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-01-23 217088]
"LockStatusTray"=C:\Windows\LockStatusTray.exe [2008-02-19 192512]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-11-06 495708]
"pdfFactory Pro Dispatcher v3"=C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2009-12-11 614400]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-06 30192]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2012-02-09 312376]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]
"DivXMediaServer"=C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [2014-11-17 448856]
"AdobeCS6ServiceManager"=C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-10-01 5088456]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DiFM Listener"=C:\Program Files\DiFM Listener\DiFM.exe [2009-01-20 797184]
"Google Update"=C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
"COMMUNICATOR"=C:\Program Files\Microsoft Office Communicator\Communicator.exe /silentRetrials /background []
"AdobeBridge"= []
"ICQ"=C:\Program Files\ICQ7.4\ICQ.exe silent loginmode=4 []
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"AlSrvN"=C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe [2010-02-06 53760]
"googletalk"=C:\Users\Pavel\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Akamai NetSession Interface"=C:\Users\Pavel\AppData\Local\Akamai\netsession_win.exe [2014-10-29 4673432]
"TrayStatus"=C:\Program Files\TrayStatus\TrayStatus.exe [2011-05-18 283032]
"SkyDrive"=C:\Users\Pavel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [2014-10-10 277672]
C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Radio Wave Jukebox.lnk - C:\Program Files\Radio Wave Jukebox\Jukebox.exe
taskmgr.lnk - C:\Windows\System32\taskmgr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~2\GO36F4~1.DLL"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=i420vfw.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.divxa32"=msaud32_divx.acm
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"msacm.l3codec"=l3codecp.acm
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux1"=wdmaud.drv
"aux2"=wdmaud.drv
"aux3"=wdmaud.drv
"aux4"=wdmaud.drv
"aux5"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"msacm.vorbis"=vorbis.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-12-30 10:16:56 ----D---- C:\rsit
2014-12-17 20:32:39 ----A---- C:\Windows\system32\ieUnatt.exe
2014-12-11 20:38:11 ----D---- C:\Windows\system32\appraiser
2014-12-11 19:46:11 ----A---- C:\Windows\system32\mf.dll
2014-12-09 19:53:42 ----A---- C:\Windows\system32\drivers\tdx.sys
2014-12-09 19:53:41 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-12-09 19:53:39 ----A---- C:\Windows\system32\appraiser.dll
2014-12-09 19:53:39 ----A---- C:\Windows\system32\aitstatic.exe
2014-12-09 19:53:39 ----A---- C:\Windows\system32\aepic.dll
2014-12-09 19:53:39 ----A---- C:\Windows\system32\aeinv.dll
2014-12-09 19:53:38 ----A---- C:\Windows\system32\invagent.dll
2014-12-09 19:53:38 ----A---- C:\Windows\system32\generaltel.dll
2014-12-09 19:53:38 ----A---- C:\Windows\system32\devinv.dll
2014-12-09 19:53:36 ----A---- C:\Windows\system32\aepdu.dll
2014-12-09 19:53:29 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 19:53:28 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 19:53:28 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-09 19:53:28 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-12-09 19:53:28 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-12-09 19:53:27 ----A---- C:\Windows\system32\wininet.dll
2014-12-09 19:53:27 ----A---- C:\Windows\system32\vbscript.dll
2014-12-09 19:53:27 ----A---- C:\Windows\system32\jscript9diag.dll
2014-12-09 19:53:27 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 19:53:27 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-09 19:53:25 ----A---- C:\Windows\system32\ieui.dll
2014-12-09 19:53:25 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-09 19:53:24 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-12-09 19:53:24 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-09 19:53:23 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-12-09 19:53:23 ----A---- C:\Windows\system32\iertutil.dll
2014-12-09 19:53:21 ----A---- C:\Windows\system32\jscript9.dll
2014-12-09 19:53:20 ----A---- C:\Windows\system32\mshtml.dll
2014-12-09 19:53:19 ----A---- C:\Windows\system32\iernonce.dll
2014-12-09 19:53:19 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-09 19:53:18 ----A---- C:\Windows\system32\urlmon.dll
2014-12-09 19:53:18 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-09 19:53:18 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-09 19:53:18 ----A---- C:\Windows\system32\ieapfltr.dll
2014-12-09 19:53:17 ----A---- C:\Windows\system32\msrating.dll
2014-12-09 19:53:16 ----A---- C:\Windows\system32\iesetup.dll
2014-12-09 19:53:16 ----A---- C:\Windows\system32\ieframe.dll
2014-12-09 19:52:28 ----A---- C:\Windows\system32\tzres.dll
2014-12-09 19:51:58 ----A---- C:\Windows\system32\charmap.exe
2014-12-05 06:07:25 ----D---- C:\Program Files\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2014-12-30 10:16:59 ----D---- C:\Program Files\trend micro
2014-12-30 10:16:58 ----D---- C:\Windows\Temp
2014-12-30 09:18:19 ----D---- C:\Windows\system32\config
2014-12-30 09:04:49 ----SHD---- C:\System Volume Information
2014-12-29 14:35:35 ----D---- C:\Users\Pavel\AppData\Roaming\Vso
2014-12-29 12:41:36 ----D---- C:\Windows\Prefetch
2014-12-26 13:44:27 ----SHD---- C:\Windows\Installer
2014-12-26 13:44:25 ----D---- C:\Windows\system32\Tasks
2014-12-24 15:39:18 ----D---- C:\Windows\System32
2014-12-24 15:39:18 ----D---- C:\Windows\inf
2014-12-24 15:39:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-23 20:40:35 ----D---- C:\Users\Pavel\AppData\Roaming\Mp3tag
2014-12-23 09:12:14 ----RSD---- C:\Windows\assembly
2014-12-23 09:12:09 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-12-23 09:10:47 ----D---- C:\Program Files\Microsoft Office 15
2014-12-21 16:17:51 ----D---- C:\Program Files\TeamViewer
2014-12-17 20:35:46 ----D---- C:\Windows\winsxs
2014-12-17 16:44:49 ----D---- C:\Windows\Microsoft.NET
2014-12-17 15:21:48 ----D---- C:\ProgramData\Package Cache
2014-12-14 07:13:29 ----D---- C:\Windows\rescache
2014-12-14 05:52:54 ----D---- C:\Program Files\Microsoft Silverlight
2014-12-13 10:58:11 ----D---- C:\Program Files\QuickTime
2014-12-13 10:57:27 ----D---- C:\ProgramData\Apple Computer
2014-12-13 10:33:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 20:38:11 ----SD---- C:\Windows\system32\CompatTel
2014-12-11 20:38:11 ----SD---- C:\ProgramData\Microsoft
2014-12-11 20:38:11 ----D---- C:\Windows\system32\en-US
2014-12-11 20:38:11 ----D---- C:\Windows\system32\drivers
2014-12-11 20:38:11 ----D---- C:\Windows\system32\cs-CZ
2014-12-11 20:38:11 ----D---- C:\Windows\PolicyDefinitions
2014-12-11 20:38:11 ----D---- C:\Windows\AppCompat
2014-12-11 20:38:10 ----D---- C:\Program Files\Internet Explorer
2014-12-09 20:17:59 ----D---- C:\Windows\system32\MRT
2014-12-09 20:01:53 ----A---- C:\Windows\system32\MRT.exe
2014-12-09 19:50:54 ----D---- C:\Windows\system32\catroot2
2014-12-07 08:29:04 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-12-05 06:07:44 ----RD---- C:\Program Files
2014-12-02 16:17:31 ----D---- C:\Windows\Tasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2014-10-10 51288]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-06-15 461080]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2012-12-29 24184]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-31 428088]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2014-10-10 191928]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2014-10-10 135296]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2014-10-10 37928]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-02-09 112096]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2014-10-10 176448]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-02-05 192048]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2009-07-17 18424]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-17 2506232]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-03-17 81960]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-03-17 100392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-07-21 29472]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-21 18344]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-05-08 165888]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-11-06 420864]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys []
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\Windows\System32\Drivers\frmupgr.sys []
S3 DrvSnSht;DrvSnSht; \??\C:\Program Files\R-Drive Image\DrvSnSht.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-10-06 47360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 R-ImageDisk;R-ImageDisk; \??\C:\Program Files\R-Drive Image\R-ImageDisk.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 SeratoUsb;SeratoUsb driver; C:\Windows\System32\Drivers\SeratoUsb.sys [2013-07-09 38904]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [2011-01-26 805888]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2009-09-21 98560]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2009-09-21 14848]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2009-09-21 123776]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 15872]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S4 RsFx0105;RsFx0105 Driver; C:\Windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c1f21f27f4c2b301\aestsrv.exe [2009-03-03 81920]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 Apache2.2;Apache2.2; C:\Program Files\AppServ\Apache2.2\bin\httpd.exe [2007-01-09 20539]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 582944]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2014-11-11 1679536]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2014-10-01 1349576]
R2 MsDtsServer100;SQL Server Integration Services 10.0; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2014-07-12 224928]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2014-07-12 43044512]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [2014-07-12 43044512]
R2 MSSQLServerOLAPService;SQL Server Analysis Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [2011-09-22 22012776]
R2 mysql;mysql; C:\Program Files\AppServ\MySQL\bin\mysqld-nt --defaults-file=C:\PROGRA~1\AppServ\MySQL\my.ini mysql []
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-09-22 1118056]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-02-11 105048]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c1f21f27f4c2b301\STacSV.exe [2009-11-06 229458]
R2 TeamViewer;TeamViewer 10; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2014-12-15 5426448]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 ADExchange;ArcSoft Exchange Service; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22 107912]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-15 194104]
S2 InterBaseGuardian;InterBase Guardian; C:\Program Files\Borland\InterBase\bin\ibguard.exe []
S2 MSSQL$UIRADR;MSSQL$UIRADR; F:\MSSQL$UIRADR\Binn\sqlservr.exe -sUIRADR []
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 133632]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-06 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22 107912]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 102912]
S3 InterBaseServer;InterBase Server; C:\Program Files\Borland\InterBase\bin\ibserver.exe []
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-05 114800]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2014-09-12 4846168]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 SQLAgent$UIRADR;SQLAgent$UIRADR; F:\MSSQL$UIRADR\Binn\sqlagent.EXE -i UIRADR []
S3 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [2014-07-12 380064]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 Te.Service;Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 94208]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-07-12 380064]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2011-09-22 255336]
-----------------EOF-----------------
Děkuji.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o preventivní kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o preventivní kontrolu logu
Zdravim 
Spousteni spravce uloh pri startu mate schvalne? O4 - Startup: taskmgr.lnk = C:\Windows\System32\taskmgr.exe
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Spousteni spravce uloh pri startu mate schvalne? O4 - Startup: taskmgr.lnk = C:\Windows\System32\taskmgr.exe V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Clean
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o preventivní kontrolu logu
Ano, to mám schválně nastaveno.altrok píše:
Tady je log:
# AdwCleaner v4.106 - Report created 31/12/2014 at 03:18:05
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Pavel - PAVEL-PC
# Running from : C:\Users\Pavel\Desktop\adwcleaner_4.106.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\VideoConverter
Folder Deleted : C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
File Deleted : C:\END
File Deleted : C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0405-0000-0000000FF1CE}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0 (x86 cs)
-\\ Google Chrome v39.0.2171.95
[C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&hl={language}&ai=14797
[C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&hl={language}&ai=14797
[C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/web/%7BsearchTerms%7D?AF=14796&babsrc=browsersearch
[C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/web/%7BsearchTerms%7D?AF=14796&babsrc=browsersearch
*************************
AdwCleaner[R0].txt - [3727 octets] - [31/12/2014 03:15:20]
AdwCleaner[S0].txt - [3664 octets] - [31/12/2014 03:18:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3724 octets] ##########
Re: Prosím o preventivní kontrolu logu
Licence na ESS je jak ma byt, cili zakoupena? Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o preventivní kontrolu logu
Ano, již řadu let jej používám k plné spokojenosti. Faktura a lic. certifikat jsou tady.altrok píše:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Pavel (administrator) on PAVEL-PC on 31-12-2014 03:44:28
Running from C:\Users\Pavel\Desktop
Loaded Profile: Pavel (Available profiles: Pavel)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c1f21f27f4c2b301\stacsv.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c1f21f27f4c2b301\AEstSrv.exe
(Apache Software Foundation) C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Apache Software Foundation) C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Logitech, Inc.) C:\Windows\LockStatusTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\DiFM Listener\DiFM.exe
() C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
(Akamai Technologies, Inc.) C:\Users\Pavel\AppData\Local\Akamai\netsession_win.exe
(Binary Fortress Software) C:\Program Files\TrayStatus\TrayStatus.exe
(Microsoft Corporation) C:\Users\Pavel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
() C:\Program Files\Radio Wave Jukebox\Jukebox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Akamai Technologies, Inc.) C:\Users\Pavel\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
() C:\Program Files\AppServ\MySQL\bin\mysqld-nt.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Ghisler Software GmbH) C:\Program Files\Totalcmd\TOTALCMD.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4562944 2009-07-17] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-01-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [LockStatusTray] => C:\Windows\LockStatusTray.exe [192512 2008-02-19] (Logitech, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2009-11-06] (IDT, Inc.)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [614400 2009-12-11] (FinePrint Software, LLC)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-06] (Google)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [312376 2012-02-09] (Power Software Ltd)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2014-10-01] (ESET)
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [DiFM Listener] => C:\Program Files\DiFM Listener\DiFM.exe [797184 2009-01-20] ()
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [Google Update] => C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [COMMUNICATOR] => "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [ICQ] => "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [AlSrvN] => C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe [53760 2010-02-06] ()
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [googletalk] => C:\Users\Pavel\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Pavel\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [TrayStatus] => C:\Program Files\TrayStatus\TrayStatus.exe [283032 2011-05-18] (Binary Fortress Software)
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [SkyDrive] => C:\Users\Pavel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-10] (Microsoft Corporation)
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-09-06] (Google)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GO36F4~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-09-06] (Google)
Startup: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Radio Wave Jukebox.lnk
ShortcutTarget: Radio Wave Jukebox.lnk -> C:\Program Files\Radio Wave Jukebox\Jukebox.exe ()
Startup: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.lnk
ShortcutTarget: taskmgr.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://encrypted.google.com/
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2552486549-48890951-3667146554-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=ocCUAGxK ... earchTerms}
SearchScopes: HKU\S-1-5-21-2552486549-48890951-3667146554-1000 -> {883D3234-E9E3-4B10-923E-6A94D56B7DCD} URL = http://cs.wikipedia.org/w/index.php?tit ... earchTerms}
BHO: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540200} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.3.1
FireFox:
========
FF ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default
FF Homepage: https://google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll No File
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2552486549-48890951-3667146554-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Pavel\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKU\S-1-5-21-2552486549-48890951-3667146554-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pavel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2552486549-48890951-3667146554-1000: @talk.google.com/O1DPlugin -> C:\Users\Pavel\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2552486549-48890951-3667146554-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Pavel\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2552486549-48890951-3667146554-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Pavel\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2552486549-48890951-3667146554-1000: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Pavel\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pavel\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Print pages to PDF - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\Extensions\printPages2Pdf@reinhold.ripper [2014-11-27]
FF Extension: WOT - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-27]
FF Extension: DownloadHelper - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-27]
FF Extension: Add Bookmark Here ² - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\Extensions\abhere2@moztw.org.xpi [2014-11-27]
FF Extension: S3.Google Translator - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\Extensions\s3google@translator.xpi [2014-11-27]
FF Extension: SQL Inject Me - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\Extensions\sqlime@security.compass.xpi [2014-11-27]
FF Extension: Test Pilot - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\Extensions\testpilot@labs.mozilla.com.xpi [2014-11-27]
FF Extension: BBCode - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\Extensions\{AE37D527-6604-461c-8102-975CF8053A2F}.xpi [2014-11-27]
FF Extension: Web Developer - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-27]
FF Extension: Tab Mix Plus - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-11-27]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.cz/"
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Web Developer) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-01-13]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-04-08]
CHR Extension: (Download Album for Facebook) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbmhonenddnnmbailokbccgmikhkpni [2011-10-01]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Vyhledávání Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (Facebook Power Editor) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\djicncbfodbeijpfpjjojkfhgbpjnlih [2013-01-29]
CHR Extension: (Kalendář Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-02-16]
CHR Extension: (Symtica) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fafldeedegmfkdkolgpcopgfcdidgbjk [2013-01-17]
CHR Extension: (HTML5 Animation Software & Banner Maker) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hioegghdmpcchhfdcbkldeiobkahllhg [2014-02-23]
CHR Extension: (XL extension) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnbcfcblagndbbmdokfenkgcndbonkdp [2012-07-21]
CHR Extension: (Context Menu for Google Translate™) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmfpmcomhecmajcfiianbhjgcenado [2012-11-21]
CHR Extension: (Google Play) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-01-19]
CHR Extension: (Peněženka Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-04-08]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apache2.2; C:\Program Files\AppServ\Apache2.2\bin\httpd.exe [20539 2007-01-09] (Apache Software Foundation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1679536 2014-11-11] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2014-10-01] (ESET)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-25] (Microsoft Corporation) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-06] (Google)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [224928 2014-07-12] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [31256 2008-07-10] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [65602 2000-08-06] (Microsoft Corporation) [File not signed]
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [22012776 2011-09-22] (Microsoft Corporation)
R2 mysql; C:\Program Files\AppServ\MySQL\my.ini [9602 2010-02-01] () [File not signed]
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1118056 2011-09-22] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c1f21f27f4c2b301\STacSV.exe [229458 2009-11-06] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3086848 2009-07-17] (Dell Inc.) [File not signed]
S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S2 InterBaseGuardian; C:\Program Files\Borland\InterBase\bin\ibguard.exe [X]
S3 InterBaseServer; C:\Program Files\Borland\InterBase\bin\ibserver.exe [X]
S2 MSSQL$UIRADR; F:\MSSQL$UIRADR\Binn\sqlservr.exe -sUIRADR [X]
S3 SQLAgent$UIRADR; F:\MSSQL$UIRADR\Binn\sqlagent.EXE -i UIRADR [X]
S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-07-17] (Broadcom Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [191928 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135296 2014-10-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [176448 2014-10-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37928 2014-10-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [51288 2014-10-10] (ESET)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [112096 2012-02-09] (Power Software Ltd)
S3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [38904 2013-07-09] (Cristalink Ltd)
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [805888 2011-01-26] (Windows (R) Win 7 DDK provider)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2011-12-31] () [File not signed]
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-12-16] (TeamViewer GmbH)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 akw76owc; C:\Windows\system32\Drivers\akw76owc.sys [0 ] (Intel Corporation)
S2 adfs; No ImagePath
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [X]
S3 DrvSnSht; \??\C:\Program Files\R-Drive Image\DrvSnSht.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 R-ImageDisk; \??\C:\Program Files\R-Drive Image\R-ImageDisk.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-31 03:44 - 2014-12-31 03:44 - 00028837 _____ () C:\Users\Pavel\Desktop\FRST.txt
2014-12-31 03:38 - 2014-12-31 03:44 - 00000000 ____D () C:\FRST
2014-12-31 03:38 - 2014-12-31 03:38 - 01114624 _____ (Farbar) C:\Users\Pavel\Desktop\FRST.exe
2014-12-31 03:36 - 2014-12-31 03:36 - 00127178 _____ () C:\Users\Pavel\Downloads\faktura_ESET.rar
2014-12-31 03:14 - 2014-12-31 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-31 03:14 - 2014-12-31 03:14 - 02173952 _____ () C:\Users\Pavel\Desktop\adwcleaner_4.106.exe
2014-12-30 10:16 - 2014-12-30 10:18 - 00000000 ____D () C:\rsit
2014-12-30 10:16 - 2014-12-30 10:16 - 01107968 _____ () C:\Users\Pavel\Downloads\RSIT.exe
2014-12-29 20:17 - 2014-12-29 20:17 - 03699564 _____ () C:\Users\Pavel\Downloads\sis_zk_2014-01-17.zip
2014-12-27 19:20 - 2014-12-27 19:54 - 00011264 ___SH () C:\Users\Pavel\Documents\Thumbs.db
2014-12-27 18:22 - 2014-12-27 18:22 - 35373254 _____ () C:\Users\Pavel\Downloads\MarilynMonroePosCT-081214-MP4_576p.mp4.flv
2014-12-26 20:52 - 2014-12-26 21:19 - 1410842624 _____ () C:\Users\Pavel\Downloads\Vesničko má středisková CZ.avi
2014-12-23 18:35 - 2014-12-23 18:37 - 108924641 _____ () C:\Users\Pavel\Downloads\Classical-Masterpiece-of-Music---Georg-Friedrich-Händel.zip
2014-12-23 17:29 - 2014-12-23 17:43 - 732581888 _____ () C:\Users\Pavel\Downloads\Hon-na-Hitlera.avi
2014-12-23 15:29 - 2014-12-22 11:37 - 04910954 _____ () C:\Users\Pavel\Downloads\1683684-hq.mp4
2014-12-22 20:41 - 2014-12-22 20:41 - 00000000 ____D () C:\Users\Pavel\Downloads\Dastyneček
2014-12-22 13:39 - 2014-12-22 13:47 - 97080376 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\Pavel\Downloads\tb_free.exe
2014-12-21 09:58 - 2014-12-21 10:11 - 59051938 _____ () C:\Users\Pavel\Downloads\video.mp4
2014-12-20 10:50 - 2014-12-20 11:07 - 00000000 ____D () C:\Users\Pavel\Downloads\MATLAB2012aPortable
2014-12-17 20:32 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-13 10:38 - 2014-12-13 10:39 - 42096984 _____ (Apple Inc.) C:\Users\Pavel\Downloads\QuickTimeInstaller.exe
2014-12-11 20:38 - 2014-12-11 20:38 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 19:46 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 19:53 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 19:53 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 19:53 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 19:53 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 19:53 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 19:53 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 19:53 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 19:53 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 19:53 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 19:53 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 19:53 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 19:53 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 19:53 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 19:53 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 19:53 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 19:53 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 19:53 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 19:53 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 19:53 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 19:53 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 19:53 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 19:53 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 19:53 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 19:53 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 19:53 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 19:53 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 19:53 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 19:53 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 19:53 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 19:53 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 19:53 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 19:53 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 19:53 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 19:53 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 19:53 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 19:53 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 19:53 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 19:53 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 19:53 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 19:52 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 19:51 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-08 23:03 - 2014-12-08 23:03 - 00359995 _____ () C:\Users\Pavel\Downloads\EA.ZIP
2014-12-08 23:03 - 2014-11-29 13:29 - 01378304 _____ () C:\Users\Pavel\Documents\Project1.eap
2014-12-07 20:26 - 2014-12-07 20:26 - 00001001 _____ () C:\Users\Pavel\Downloads\Novy1.txt
2014-12-07 14:27 - 2014-12-07 14:27 - 00000000 ____D () C:\Users\Pavel\Downloads\Statistika
2014-12-07 14:27 - 2014-12-07 14:01 - 01717640 _____ () C:\Users\Pavel\Downloads\Statistika.rar
2014-12-07 14:12 - 2014-12-07 14:34 - 32309022 _____ () C:\Users\Pavel\Downloads\House_Lounge_-_Deep_Jazzy_House_Mix_2014_by_DJ_Dimsa_-_Livin.mp4
2014-12-07 13:27 - 2014-12-07 13:27 - 00064967 _____ () C:\Users\Pavel\Downloads\404_ Mixcloud.htm
2014-12-07 13:27 - 2014-12-07 13:27 - 00000000 ____D () C:\Users\Pavel\Downloads\404_ Mixcloud_soubory
2014-12-07 13:19 - 2014-12-07 13:42 - 33076346 _____ () C:\Users\Pavel\Downloads\Lounge_Lizard_-_Jazzy_House_Lounge_by_DJ_Dimsa_-_Living_Loun.mp4
2014-12-05 06:07 - 2014-12-05 06:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-31 03:37 - 2014-06-21 13:20 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d4b3dd83dfd.job
2014-12-31 03:37 - 2012-07-16 12:12 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 03:34 - 2014-03-26 20:44 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552486549-48890951-3667146554-1000UA1cf492bca629b2f.job
2014-12-31 03:33 - 2009-07-14 05:34 - 00025744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 03:33 - 2009-07-14 05:34 - 00025744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 03:29 - 2009-12-23 10:30 - 01960626 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 03:22 - 2014-09-21 21:08 - 00000000 ___RD () C:\Users\Pavel\OneDrive
2014-12-31 03:19 - 2012-07-16 12:08 - 00311864 _____ () C:\Windows\PFRO.log
2014-12-31 03:19 - 2012-07-07 05:36 - 00094546 _____ () C:\Windows\setupact.log
2014-12-31 03:19 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 19:46 - 2009-12-23 11:38 - 02135876 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 19:45 - 2010-03-22 01:00 - 00000000 ____D () C:\Program Files\TeamViewer
2014-12-30 12:21 - 2012-06-05 23:08 - 00000924 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-12-30 10:16 - 2010-08-30 15:50 - 00000000 ____D () C:\Program Files\trend micro
2014-12-29 16:14 - 2014-08-24 11:48 - 00000000 ____D () C:\Users\Pavel\Documents\ConvertXToDVD
2014-12-29 14:35 - 2010-12-10 13:17 - 01159437 _____ () C:\Users\Pavel\AppData\Roaming\vso_ts_preview.xml
2014-12-29 14:35 - 2010-10-06 09:52 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Vso
2014-12-29 12:41 - 2009-12-23 11:37 - 00000000 ____D () C:\Users\Pavel
2014-12-24 15:45 - 2014-10-25 10:51 - 00000054 _____ () C:\Users\Pavel\Desktop\Tracky.txt
2014-12-23 20:40 - 2010-02-28 23:57 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Mp3tag
2014-12-23 09:10 - 2014-09-22 15:45 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-22 13:22 - 2010-10-25 18:19 - 00000000 ____D () C:\Users\Pavel\dwhelper
2014-12-22 07:44 - 2010-12-16 11:58 - 00001155 _____ () C:\Users\Public\Desktop\GOM Player.lnk
2014-12-22 07:44 - 2010-04-28 08:05 - 00001179 _____ () C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2014-12-22 07:44 - 2009-12-24 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2014-12-18 16:39 - 2014-11-08 11:42 - 00002376 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2014-12-18 16:38 - 2014-11-08 11:41 - 00000929 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-18 16:38 - 2014-11-08 11:41 - 00000917 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-17 16:44 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-17 15:25 - 2009-12-24 16:34 - 00179280 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-17 15:25 - 2009-12-24 16:34 - 00179280 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-17 15:21 - 2014-03-09 18:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-14 07:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-14 05:52 - 2009-12-23 13:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 10:58 - 2010-08-12 21:54 - 00000000 ____D () C:\Program Files\QuickTime
2014-12-13 10:57 - 2010-01-08 17:58 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-13 10:53 - 2011-09-25 21:22 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-13 10:34 - 2009-12-24 20:40 - 00000000 ____D () C:\Users\Pavel\AppData\Local\Adobe
2014-12-13 10:33 - 2012-11-08 08:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-13 10:33 - 2012-10-14 11:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-13 10:29 - 2010-06-04 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-11 20:50 - 2014-11-07 07:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 20:38 - 2014-04-23 18:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 20:38 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-09 20:17 - 2013-08-15 07:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 20:01 - 2009-12-23 13:40 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-08 23:01 - 2014-10-22 16:28 - 00000000 ____D () C:\Users\Pavel\Downloads\Mathematicator
2014-12-07 08:29 - 2012-04-29 10:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
Files to move or delete:
====================
C:\Users\Pavel\fbchathistory.dat
Some content of TEMP:
====================
C:\Users\Pavel\AppData\Local\Temp\DivXSetup.exe
C:\Users\Pavel\AppData\Local\Temp\ExPromo.exe
C:\Users\Pavel\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Pavel\AppData\Local\Temp\GomAudDnInstaller.exe
C:\Users\Pavel\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\Pavel\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Pavel\AppData\Local\Temp\GUR8F43.exe
C:\Users\Pavel\AppData\Local\Temp\InstHelper.exe
C:\Users\Pavel\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Pavel\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Pavel\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Pavel\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\Pavel\AppData\Local\Temp\ose00000.exe
C:\Users\Pavel\AppData\Local\Temp\Quarantine.exe
C:\Users\Pavel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Pavel\AppData\Local\Temp\sfareca00001.dll
C:\Users\Pavel\AppData\Local\Temp\sfextra.dll
C:\Users\Pavel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Pavel\AppData\Local\Temp\sqlite3.dll
C:\Users\Pavel\AppData\Local\Temp\utt7F8C.tmp.exe
C:\Users\Pavel\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Pavel\AppData\Local\Temp\_is33E1.exe
C:\Users\Pavel\AppData\Local\Temp\_TinDel.exe
C:\Users\Pavel\AppData\Local\Temp\{17AF834C-2B2F-49C6-B0CB-9F5662758886}-35.0.1916.153_35.0.1916.114_chrome_updater_alt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-26 14:20
==================== End Of Log ============================
- Přílohy
-
- Addition.rar
- (22.84 KiB) Staženo 61 x
Re: Prosím o preventivní kontrolu logu
ESS... oukej, v poradku 
Pokud nepouzivate, odinstalujte Seznam Software - casto byva instalovan jako tzv. adware Tohle znate: C:\Users\Pavel\fbchathistory.dat? Kdyztak otestujte na virustotal.com a smazte. Vypnete trvale Windows Defender - http://windows.microsoft.com/cs-cz/wind ... =windows-7 Odinstalujte starou Javu Java 7 Update 65 a pokud ji potrebujete, ponechte jen tu aktualni.- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi
Kód: Vybrat vše
Start CloseProcesses: CreateRestorePoint: HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [Google Update] => C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.) HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Pavel\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION! HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION! HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2552486549-48890951-3667146554-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-2552486549-48890951-3667146554-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=ocCUAGxK ... rjNBGGU?q={searchTerms} SearchScopes: HKU\S-1-5-21-2552486549-48890951-3667146554-1000 -> {883D3234-E9E3-4B10-923E-6A94D56B7DCD} URL = http://cs.wikipedia.org/w/index.php?tit ... AD&search={searchTerms} FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll No File S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X] S2 InterBaseGuardian; C:\Program Files\Borland\InterBase\bin\ibguard.exe [X] S3 InterBaseServer; C:\Program Files\Borland\InterBase\bin\ibserver.exe [X] S2 MSSQL$UIRADR; F:\MSSQL$UIRADR\Binn\sqlservr.exe -sUIRADR [X] S3 SQLAgent$UIRADR; F:\MSSQL$UIRADR\Binn\sqlagent.EXE -i UIRADR [X] S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [X] S2 adfs; No ImagePath S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X] S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X] S3 BT; system32\DRIVERS\btnetdrv.sys [X] S3 Btcsrusb; System32\Drivers\btcusb.sys [X] S0 BTHidEnum; System32\Drivers\vbtenum.sys [X] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X] S3 DFUBTUSB; System32\Drivers\frmupgr.sys [X] S3 DrvSnSht; \??\C:\Program Files\R-Drive Image\DrvSnSht.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 R-ImageDisk; \??\C:\Program Files\R-Drive Image\R-ImageDisk.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] S3 VComm; system32\DRIVERS\VComm.sys [X] S3 VcommMgr; System32\Drivers\VcommMgr.sys [X] 2014-12-31 03:44 - 2014-12-31 03:44 - 00028837 _____ () C:\Users\Pavel\Desktop\FRST.txt 2014-12-31 03:14 - 2014-12-31 03:18 - 00000000 ____D () C:\AdwCleaner 2014-12-31 03:14 - 2014-12-31 03:14 - 02173952 _____ () C:\Users\Pavel\Desktop\adwcleaner_4.106.exe 2014-12-30 10:16 - 2014-12-30 10:18 - 00000000 ____D () C:\rsit 2014-12-30 10:16 - 2014-12-30 10:16 - 01107968 _____ () C:\Users\Pavel\Downloads\RSIT.exe Task: {83FA607C-C490-4894-A608-0158A501CA93} - System32\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C} => C:\Users\Pavel\AppData\Local\Temp\Srg.exe <==== ATTENTION Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d4b3dd83dfd.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552486549-48890951-3667146554-1000Core.job => C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552486549-48890951-3667146554-1000UA1cf492bca629b2f.job => C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\ProgramData\TEMP:0888F409 AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 AlternateDataStreams: C:\ProgramData\TEMP:408F95E5 AlternateDataStreams: C:\ProgramData\TEMP:66633281 AlternateDataStreams: C:\ProgramData\TEMP:8FF81EB0 AlternateDataStreams: C:\ProgramData\TEMP:96D0C06F Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o preventivní kontrolu logu
Ten se mi vůbec nepodařilo najít. Nemám ho mezi "Přidat/odebrat programy".altrok píše:
Znám, ale už to nepotřebuji, takže smazáno.altrok píše:
Vypnuto.altrok píše:
Java 7 Update 65 odinstalována, aktuální ponechána kvůli aplikacím, které ji občas potřebují. Jsem si vědomý případnýho bezp. rizika spojeného s Javou obecně.altrok píše:
Fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2014
Ran by Pavel at 2014-12-31 16:31:32 Run:1
Running from C:\Users\Pavel\Desktop
Loaded Profile: Pavel (Available profiles: Pavel)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [Google Update] => C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-25] (Google Inc.)
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Pavel\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2552486549-48890951-3667146554-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=ocCUAGxK ... rjNBGGU?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2552486549-48890951-3667146554-1000 -> {883D3234-E9E3-4B10-923E-6A94D56B7DCD} URL = http://cs.wikipedia.org/w/index.php?tit ... AD&search={searchTerms}
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll No File
S2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
S2 InterBaseGuardian; C:\Program Files\Borland\InterBase\bin\ibguard.exe [X]
S3 InterBaseServer; C:\Program Files\Borland\InterBase\bin\ibserver.exe [X]
S2 MSSQL$UIRADR; F:\MSSQL$UIRADR\Binn\sqlservr.exe -sUIRADR [X]
S3 SQLAgent$UIRADR; F:\MSSQL$UIRADR\Binn\sqlagent.EXE -i UIRADR [X]
S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [X]
S2 adfs; No ImagePath
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [X]
S3 DrvSnSht; \??\C:\Program Files\R-Drive Image\DrvSnSht.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 R-ImageDisk; \??\C:\Program Files\R-Drive Image\R-ImageDisk.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
2014-12-31 03:44 - 2014-12-31 03:44 - 00028837 _____ () C:\Users\Pavel\Desktop\FRST.txt
2014-12-31 03:14 - 2014-12-31 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-31 03:14 - 2014-12-31 03:14 - 02173952 _____ () C:\Users\Pavel\Desktop\adwcleaner_4.106.exe
2014-12-30 10:16 - 2014-12-30 10:18 - 00000000 ____D () C:\rsit
2014-12-30 10:16 - 2014-12-30 10:16 - 01107968 _____ () C:\Users\Pavel\Downloads\RSIT.exe
Task: {83FA607C-C490-4894-A608-0158A501CA93} - System32\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C} => C:\Users\Pavel\AppData\Local\Temp\Srg.exe <==== ATTENTION
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d4b3dd83dfd.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552486549-48890951-3667146554-1000Core.job => C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552486549-48890951-3667146554-1000UA1cf492bca629b2f.job => C:\Users\Pavel\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:0888F409
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47
AlternateDataStreams: C:\ProgramData\TEMP:408F95E5
AlternateDataStreams: C:\ProgramData\TEMP:66633281
AlternateDataStreams: C:\ProgramData\TEMP:8FF81EB0
AlternateDataStreams: C:\ProgramData\TEMP:96D0C06F
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => value deleted successfully.
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully.
"HKU\S-1-5-21-2552486549-48890951-3667146554-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.
"HKU\S-1-5-21-2552486549-48890951-3667146554-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
HKU\S-1-5-21-2552486549-48890951-3667146554-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key not found.
"HKU\S-1-5-21-2552486549-48890951-3667146554-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2552486549-48890951-3667146554-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2552486549-48890951-3667146554-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}" => Key deleted successfully.
HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.
"HKU\S-1-5-21-2552486549-48890951-3667146554-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{883D3234-E9E3-4B10-923E-6A94D56B7DCD}" => Key deleted successfully.
HKCR\CLSID\{883D3234-E9E3-4B10-923E-6A94D56B7DCD} => Key not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1" => Key deleted successfully.
ADExchange => Service deleted successfully.
InterBaseGuardian => Service deleted successfully.
InterBaseServer => Service deleted successfully.
MSSQL$UIRADR => Service deleted successfully.
SQLAgent$UIRADR => Service deleted successfully.
StarWindServiceAE => Service deleted successfully.
adfs => Service deleted successfully.
BlueletAudio => Service deleted successfully.
BlueletSCOAudio => Service deleted successfully.
BT => Service deleted successfully.
Btcsrusb => Service deleted successfully.
BTHidEnum => Service deleted successfully.
BTHidMgr => Service deleted successfully.
DFUBTUSB => Service deleted successfully.
DrvSnSht => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
ew_usbenumfilter => Service deleted successfully.
huawei_cdcacm => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
huawei_ext_ctrl => Service deleted successfully.
huawei_wwanecm => Service deleted successfully.
R-ImageDisk => Service deleted successfully.
RtsUIR => Service deleted successfully.
USBCCID => Service deleted successfully.
VComm => Service deleted successfully.
VcommMgr => Service deleted successfully.
C:\Users\Pavel\Desktop\FRST.txt => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Pavel\Desktop\adwcleaner_4.106.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\Pavel\Downloads\RSIT.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83FA607C-C490-4894-A608-0158A501CA93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83FA607C-C490-4894-A608-0158A501CA93}" => Key deleted successfully.
C:\Windows\System32\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}" => Key deleted successfully.
C:\Windows\Tasks\Google Software Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d4b3dd83dfd.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552486549-48890951-3667146554-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552486549-48890951-3667146554-1000UA1cf492bca629b2f.job => Moved successfully.
C:\ProgramData\TEMP => ":0888F409" ADS removed successfully.
C:\ProgramData\TEMP => ":3440EB47" ADS removed successfully.
C:\ProgramData\TEMP => ":408F95E5" ADS removed successfully.
C:\ProgramData\TEMP => ":66633281" ADS removed successfully.
C:\ProgramData\TEMP => ":8FF81EB0" ADS removed successfully.
C:\ProgramData\TEMP => ":96D0C06F" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 8.4 GB temporary data.
The system needed a reboot.
==== End of Fixlog 16:39:39 ====
Re: Prosím o preventivní kontrolu logu
je patrne nainstalovan jen v chromu (doplnky/rozsireni)gully píše:Ten se mi vůbec nepodařilo najít. Nemám ho mezi "Přidat/odebrat programy".altrok píše:
Kód: Vybrat vše
CHR Extension: (Seznam Lištička - Email) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-04-08]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-04-08]vyosek píše:PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe- Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o preventivní kontrolu logu
Odinstalováno z Chrome. Děkuji.altrok píše:
Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 01/02/2015 10:38:11 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\LockStatusTray.exe (PID: 3012) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\.bat "@" exists and is set to !
* HKCU\SOFTWARE\Classes\.bat has been deleted!
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Log z ComboFix se sem bohužel nevejde, tak jej přikládám jako přílohu.
- Přílohy
-
- log.rar
- (16.48 KiB) Staženo 66 x
Re: Prosím o preventivní kontrolu logu
Pokud jeste nemate, presunte ComboFix na plochu.
- Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
- zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)
Kód: Vybrat vše
KillAll:: Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DivXMediaServer"=- File:: c:\windows\Tasks\Google Software Updater.job DDS:: uInternet Settings,ProxyOverride = 127.0.0.1;<local> RegNull:: [HKEY_USERS\S-1-5-21-2552486549-48890951-3667146554-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}*] RegLock:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] ClearJavaCache:: Reboot:: - Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
- Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraciPokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o preventivní kontrolu logu
Dobrý den, omlouvám se za prodlení, musel jsem odcestovat a k počítači jsem neměl přístup. Tady je log z ComboFixu:
ComboFix 15-01-05.01 - Pavel 05.01.2015 21:32:44.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3580.2001 [GMT 1:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavel\Desktop\CFScript.txt
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Google Software Updater.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-05 do 2015-01-05 )))))))))))))))))))))))))))))))
.
.
2014-12-31 17:19 . 2014-12-31 17:19 -------- d-----w- C:\FFOutput
2014-12-31 17:19 . 2014-12-31 17:19 -------- d-----w- c:\programdata\Baidu
2014-12-31 17:18 . 2014-12-31 17:18 -------- d-----w- c:\program files\FreeTime
2014-12-31 02:38 . 2014-12-31 15:39 -------- d-----w- C:\FRST
2014-12-11 19:38 . 2014-12-11 19:38 -------- d-----w- c:\windows\system32\appraiser
2014-12-09 18:51 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 09:33 . 2012-11-08 07:14 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-13 09:33 . 2012-10-14 10:36 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-13 03:33 . 2014-12-17 19:32 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-04 04:38 . 2014-12-09 18:53 610304 ----a-w- c:\windows\system32\invagent.dll
2014-11-24 13:04 . 2009-12-23 10:51 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-23 11:43 . 2014-12-31 15:26 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-22 02:20 . 2014-12-09 18:53 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-09 18:53 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-09 18:53 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-09 18:53 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-09 18:53 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-09 18:53 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-09 18:53 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-09 18:53 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-09 18:53 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-09 18:53 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-09 18:53 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-09 18:53 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-09 18:53 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-09 18:53 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-11 02:44 . 2014-12-09 18:53 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-22 07:12 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-22 07:12 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-08 02:45 . 2014-12-09 18:52 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-06 05:42 . 2014-11-06 05:42 341848 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2014-11-04 09:35 . 2014-09-22 06:48 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-10-25 01:32 . 2014-11-12 10:48 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-12 10:52 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 18:46 3209728 ----a-w- c:\windows\system32\mf.dll
2014-10-14 01:56 . 2014-11-12 10:49 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-12 10:49 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-12 10:51 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-12 10:49 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-12 10:49 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-12 10:49 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 07:59 . 2014-10-10 07:59 51288 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2014-10-10 07:59 . 2014-10-10 07:59 37928 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2014-10-10 07:59 . 2014-10-10 07:59 191928 ----a-w- c:\windows\system32\drivers\eamonm.sys
2014-10-10 07:59 . 2014-10-10 07:59 176448 ----a-w- c:\windows\system32\drivers\epfw.sys
2014-10-10 07:59 . 2014-10-10 07:59 135296 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2014-10-10 00:45 . 2014-11-12 10:51 2379264 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiFM Listener"="c:\program files\DiFM Listener\DiFM.exe" [2009-01-20 797184]
"googletalk"="c:\users\Pavel\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"TrayStatus"="c:\program files\TrayStatus\TrayStatus.exe" [2011-05-18 283032]
"SkyDrive"="c:\users\Pavel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-10-10 277672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 217088]
"LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-06 495708]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-12-11 614400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-05 30192]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5088456]
.
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Radio Wave Jukebox.lnk - c:\program files\Radio Wave Jukebox\Jukebox.exe minimize [2014-5-8 849920]
taskmgr.lnk - c:\windows\System32\taskmgr.exe [2011-3-9 227328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-05 30192]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-10-06 47360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:\windows\system32\Drivers\SmiUsbGrabber3C.sys [2011-01-26 805888]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 94208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-07-12 380064]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2014-10-10 51288]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2014-10-10 191928]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2014-10-10 135296]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2014-10-10 37928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c1f21f27f4c2b301\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Apache2.2;Apache2.2;c:\program files\AppServ\Apache2.2\bin\httpd.exe [2007-01-09 20539]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2014-11-11 1679536]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2014-10-01 1349576]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2014-07-12 224928]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-09-22 1118056]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-21 29472]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 165888]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 09:37 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-10 11:12]
.
.
------- Doplňkový sken -------
.
uStart Page = https://encrypted.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: Od&eslat do OneNotu - c:\progra~1\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.100.1 192.168.3.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\
FF - prefs.js: browser.startup.homepage - hxxps://google.cz/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mysql]
"ImagePath"="\"c:\program files\AppServ\MySQL\bin\mysqld-nt\" --defaults-file=c:\progra~1\AppServ\MySQL\my.ini mysql"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(6612)
c:\program files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
c:\program files\FileZilla FTP Client\libwinpthread-1.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c1f21f27f4c2b301\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\atieclxx.exe
c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
c:\program files\AppServ\MySQL\bin\mysqld-nt.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\TeamViewer\TeamViewer.exe
c:\program files\TeamViewer\tv_w32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Radio Wave Jukebox\Jukebox.exe
c:\program files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\program files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2015-01-05 22:19:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-05 21:19
ComboFix2.txt 2015-01-02 10:22
.
Před spuštěním: Volných bajtů: 111 397 490 688
Po spuštění: Volných bajtů: 111 328 845 824
.
- - End Of File - - 3BCD252053F29A81DB5ACA70C1903FA6
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 15-01-05.01 - Pavel 05.01.2015 21:32:44.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3580.2001 [GMT 1:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavel\Desktop\CFScript.txt
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Google Software Updater.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-05 do 2015-01-05 )))))))))))))))))))))))))))))))
.
.
2014-12-31 17:19 . 2014-12-31 17:19 -------- d-----w- C:\FFOutput
2014-12-31 17:19 . 2014-12-31 17:19 -------- d-----w- c:\programdata\Baidu
2014-12-31 17:18 . 2014-12-31 17:18 -------- d-----w- c:\program files\FreeTime
2014-12-31 02:38 . 2014-12-31 15:39 -------- d-----w- C:\FRST
2014-12-11 19:38 . 2014-12-11 19:38 -------- d-----w- c:\windows\system32\appraiser
2014-12-09 18:51 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 09:33 . 2012-11-08 07:14 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-13 09:33 . 2012-10-14 10:36 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-13 03:33 . 2014-12-17 19:32 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-04 04:38 . 2014-12-09 18:53 610304 ----a-w- c:\windows\system32\invagent.dll
2014-11-24 13:04 . 2009-12-23 10:51 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-23 11:43 . 2014-12-31 15:26 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-22 02:20 . 2014-12-09 18:53 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-09 18:53 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-09 18:53 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-09 18:53 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-09 18:53 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-09 18:53 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-09 18:53 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-09 18:53 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-09 18:53 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-09 18:53 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-09 18:53 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-09 18:53 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-09 18:53 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-09 18:53 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-11 02:44 . 2014-12-09 18:53 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-22 07:12 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-22 07:12 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-08 02:45 . 2014-12-09 18:52 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-06 05:42 . 2014-11-06 05:42 341848 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2014-11-04 09:35 . 2014-09-22 06:48 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-10-25 01:32 . 2014-11-12 10:48 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-12 10:52 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 18:46 3209728 ----a-w- c:\windows\system32\mf.dll
2014-10-14 01:56 . 2014-11-12 10:49 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-12 10:49 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-12 10:51 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-12 10:49 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-12 10:49 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-12 10:49 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-10 07:59 . 2014-10-10 07:59 51288 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2014-10-10 07:59 . 2014-10-10 07:59 37928 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2014-10-10 07:59 . 2014-10-10 07:59 191928 ----a-w- c:\windows\system32\drivers\eamonm.sys
2014-10-10 07:59 . 2014-10-10 07:59 176448 ----a-w- c:\windows\system32\drivers\epfw.sys
2014-10-10 07:59 . 2014-10-10 07:59 135296 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2014-10-10 00:45 . 2014-11-12 10:51 2379264 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiFM Listener"="c:\program files\DiFM Listener\DiFM.exe" [2009-01-20 797184]
"googletalk"="c:\users\Pavel\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"TrayStatus"="c:\program files\TrayStatus\TrayStatus.exe" [2011-05-18 283032]
"SkyDrive"="c:\users\Pavel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-10-10 277672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 217088]
"LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-06 495708]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-12-11 614400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-05 30192]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5088456]
.
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Radio Wave Jukebox.lnk - c:\program files\Radio Wave Jukebox\Jukebox.exe minimize [2014-5-8 849920]
taskmgr.lnk - c:\windows\System32\taskmgr.exe [2011-3-9 227328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-05 30192]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-10-06 47360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:\windows\system32\Drivers\SmiUsbGrabber3C.sys [2011-01-26 805888]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 94208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-07-12 380064]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2014-10-10 51288]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2014-10-10 191928]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2014-10-10 135296]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2014-10-10 37928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c1f21f27f4c2b301\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Apache2.2;Apache2.2;c:\program files\AppServ\Apache2.2\bin\httpd.exe [2007-01-09 20539]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2014-11-11 1679536]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2014-10-01 1349576]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2014-07-12 224928]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-09-22 1118056]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-21 29472]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 165888]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 25088]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 09:37 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-10 11:12]
.
.
------- Doplňkový sken -------
.
uStart Page = https://encrypted.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do Microsoft Excelu - c:\progra~1\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: Od&eslat do OneNotu - c:\progra~1\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.100.1 192.168.3.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\b0o8rkcv.default\
FF - prefs.js: browser.startup.homepage - hxxps://google.cz/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mysql]
"ImagePath"="\"c:\program files\AppServ\MySQL\bin\mysqld-nt\" --defaults-file=c:\progra~1\AppServ\MySQL\my.ini mysql"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(6612)
c:\program files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
c:\program files\FileZilla FTP Client\libwinpthread-1.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c1f21f27f4c2b301\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\atieclxx.exe
c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
c:\program files\AppServ\MySQL\bin\mysqld-nt.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TeamViewer\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\TeamViewer\TeamViewer.exe
c:\program files\TeamViewer\tv_w32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Radio Wave Jukebox\Jukebox.exe
c:\program files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\program files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2015-01-05 22:19:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-05 21:19
ComboFix2.txt 2015-01-02 10:22
.
Před spuštěním: Volných bajtů: 111 397 490 688
Po spuštění: Volných bajtů: 111 328 845 824
.
- - End Of File - - 3BCD252053F29A81DB5ACA70C1903FA6
A36C5E4F47E84449FF07ED3517B43A31
Re: Prosím o preventivní kontrolu logu
Dobry den, omlouvat se nemusite... ja na to nespechamgully píše:Dobrý den, omlouvám se za prodlení, musel jsem odcestovat a k počítači jsem neměl přístup.
Dame si jeste jeden CFScript. Pokud jeste nemate, presunte ComboFix na plochu.
- Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
- zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)
Kód: Vybrat vše
DeQuarantine:: C:\Qoobox\Quarantine\c\users\Pavel\AppData\Roaming\Sublime Text 2-- Quit:: - Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
- Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraciPokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o preventivní kontrolu logu
Po ukončení úlohy CF nedošlo k restartu a otevřely se následující 2 logy: Log.txt: a DeQuarantine.txt:.altrok píše:Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.
Bohužel jsou oba tak velké, že ani jeden nemohu vložit sem jako text a přiložit můžu pouze jeden soubor. Takže přikládám
zabalený Log.txt a odkaz na stažení zabaleného DeQuarantine.txt.
- Přílohy
-
- ComboFix.rar
- (15.36 KiB) Staženo 70 x
Re: Prosím o preventivní kontrolu logu
Soubory v c:\users\Pavel\AppData\Roaming\Sublime Text 2-- ted mate? Sublime Text funguje?Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o preventivní kontrolu logu
Je to v pořádku.altrok píše:
Přispějete na provoz fóra?