Logfile of random's system information tool 1.08 (written by random/random)
Run by Správce at 2015-01-03 14:52:35
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 72 GB (24%) free of 305 GB
Total RAM: 8190 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:52:38, on 3.1.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16599)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\trend micro\Správce.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-21-3968299894-954384744-379159808-1003\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Pavel')
O4 - HKUS\S-1-5-21-3968299894-954384744-379159808-1003\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User 'Pavel')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49E5700F-D637-48E9-9084-85B5CB4F5FA9}: NameServer = 10.129.153.129
O20 - AppInit_DLLs: {DLL_Str}
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Program Files (x86)\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6863 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {9E0B72BB-DC7F-4D68-8A4A-599D60347077}
C:\Windows\Explorer.EXE
"C:\Windows\RAVCpl64.exe"
"C:\Windows\WindowsMobile\wmdSync.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
"c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_000004e4
"C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\ehome\ehRecvr.exe
taskeng.exe {53696909-0002-4389-A35C-10D6ACC4B3A2}
"C:\users\Pavel\Desktop\NoINST\RSITx64.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 640 644 652 65536 648
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD39}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2007-09-19 5426688]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 225792]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-09-17 2460488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2011-07-07 1242448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2014-03-02 6563608]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2014-12-23 702768]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="{DLL_Str}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2012-08-01 275360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
"NoDriveTypeAutoRun"=153
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2015-01-03 14:52:35 ----D---- C:\rsit
2015-01-03 12:59:41 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2015-01-03 12:59:23 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2015-01-03 11:54:34 ----A---- C:\Windows\SYSWOW64\microsoft.directx.dll
2015-01-03 11:54:34 ----A---- C:\Windows\SYSWOW64\microsoft.directx.directsound.dll
2015-01-03 11:54:34 ----A---- C:\Windows\SYSWOW64\microsoft.directx.directplay.dll
2015-01-03 11:54:34 ----A---- C:\Windows\SYSWOW64\microsoft.directx.directinput.dll
2015-01-03 11:54:34 ----A---- C:\Windows\SYSWOW64\microsoft.directx.directdraw.dll
2015-01-03 11:54:34 ----A---- C:\Windows\SYSWOW64\microsoft.directx.direct3dx.dll
2015-01-03 11:54:34 ----A---- C:\Windows\SYSWOW64\microsoft.directx.direct3d.dll
2015-01-03 11:54:34 ----A---- C:\Windows\SYSWOW64\microsoft.directx.diagnostics.dll
2015-01-03 11:54:34 ----A---- C:\Windows\SYSWOW64\microsoft.directx.audiovideoplayback.dll
2015-01-03 11:54:34 ----A---- C:\Windows\SYSWOW64\dxupdate.dll
2014-12-13 08:44:31 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-12-13 08:44:31 ----A---- C:\Windows\system32\tzres.dll
2014-12-13 08:44:08 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-13 08:44:08 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-12-13 08:43:24 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-12-13 08:43:24 ----A---- C:\Windows\system32\kerberos.dll
2014-12-13 08:42:44 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-12-13 08:42:43 ----A---- C:\Windows\system32\schannel.dll
2014-12-13 08:41:46 ----D---- C:\Program Files (x86)\Microsoft ASP.NET
2014-12-13 08:41:12 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-13 08:41:12 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-12-13 08:41:12 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-13 08:41:12 ----A---- C:\Windows\system32\jscript9.dll
2014-12-13 08:41:11 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-13 08:41:11 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-12-13 08:41:11 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-12-13 08:41:11 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-13 08:41:11 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-13 08:41:11 ----A---- C:\Windows\system32\wininet.dll
2014-12-13 08:41:11 ----A---- C:\Windows\system32\vbscript.dll
2014-12-13 08:41:11 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-13 08:41:11 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-13 08:41:11 ----A---- C:\Windows\system32\jscript.dll
2014-12-13 08:41:11 ----A---- C:\Windows\system32\ieui.dll
2014-12-13 08:41:11 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-13 08:41:09 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-13 08:41:08 ----A---- C:\Windows\system32\mshtml.dll
2014-12-13 08:41:08 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-13 08:41:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-13 08:41:07 ----A---- C:\Windows\SYSWOW64\url.dll
2014-12-13 08:41:07 ----A---- C:\Windows\SYSWOW64\mshta.exe
2014-12-13 08:41:07 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2014-12-13 08:41:07 ----A---- C:\Windows\system32\urlmon.dll
2014-12-13 08:41:07 ----A---- C:\Windows\system32\mshta.exe
2014-12-13 08:41:07 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-12-13 08:41:07 ----A---- C:\Windows\system32\ieUnatt.exe
2014-12-13 08:41:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-13 08:41:06 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-13 08:41:06 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-13 08:41:06 ----A---- C:\Windows\system32\url.dll
2014-12-13 08:41:06 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-13 08:41:06 ----A---- C:\Windows\system32\iertutil.dll
2014-12-13 08:41:06 ----A---- C:\Windows\system32\ieframe.dll
2014-12-13 08:41:05 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-12-13 08:41:04 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2014-12-13 08:41:04 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-13 08:41:04 ----A---- C:\Windows\system32\msfeedssync.exe
======List of files/folders modified in the last 1 months======
2015-01-03 14:52:36 ----D---- C:\Windows\temp
2015-01-03 14:52:36 ----D---- C:\Program Files\trend micro
2015-01-03 14:43:33 ----AD---- C:\Windows
2015-01-03 14:30:06 ----D---- C:\ProgramData
2015-01-03 13:26:58 ----D---- C:\Program Files (x86)\SPlayer
2015-01-03 13:26:36 ----SHD---- C:\System Volume Information
2015-01-03 13:21:03 ----D---- C:\ProgramData\Origin
2015-01-03 13:14:46 ----RSD---- C:\Windows\assembly
2015-01-03 13:03:40 ----D---- C:\Program Files (x86)\Origin
2015-01-03 13:02:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-03 12:59:45 ----D---- C:\Windows\SysWOW64
2015-01-03 11:21:14 ----SHD---- C:\Windows\Installer
2015-01-03 11:21:14 ----RD---- C:\Program Files (x86)
2015-01-03 11:20:39 ----D---- C:\Users\Správce\AppData\Roaming\Sony
2015-01-03 11:14:40 ----RD---- C:\Program Files
2015-01-02 22:18:10 ----D---- C:\Windows\System32
2015-01-02 22:18:10 ----D---- C:\Windows\inf
2015-01-02 22:18:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-27 17:14:17 ----D---- C:\Program Files (x86)\Origin Games
2014-12-15 13:05:07 ----D---- C:\Windows\system32\catroot2
2014-12-13 09:41:08 ----D---- C:\Windows\Microsoft.NET
2014-12-13 09:07:59 ----D---- C:\Windows\rescache
2014-12-13 09:00:14 ----D---- C:\Windows\winsxs
2014-12-13 08:50:03 ----D---- C:\Windows\system32\catroot
2014-12-13 08:49:02 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 08:47:49 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-12-13 08:47:49 ----D---- C:\Windows\system32\cs-CZ
2014-12-13 08:47:48 ----D---- C:\Windows\SYSWOW64\migration
2014-12-13 08:47:48 ----D---- C:\Windows\system32\migration
2014-12-13 08:47:48 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-13 08:47:47 ----D---- C:\Program Files\Internet Explorer
2014-12-13 08:47:08 ----D---- C:\Windows\system32\MRT
2014-12-13 08:45:20 ----A---- C:\Windows\system32\mrt.exe
2014-12-13 08:42:37 ----D---- C:\Windows\Prefetch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2007-09-29 91648]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-18 834544]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2014-10-22 131608]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2013-11-27 28600]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-16 40816]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Users\Pavel\Desktop\NoINST\hwinfo32\HWiNFO64A.SYS [2009-07-16 30080]
R1 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2008-01-02 24848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2014-10-22 119272]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-08-01 113088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2007-09-19 1221912]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-11-06 197408]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-11-04 13207184]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-09-07 82816]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2010-06-23 318568]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 87040]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-12-11 211456]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-12-11 35328]
S3 apqlosyv;apqlosyv; C:\Windows\system32\drivers\apqlosyv.sys []
S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrxusb.sys [2008-07-29 1075712]
S3 ayy6nv9t;ayy6nv9t; C:\Windows\system32\drivers\ayy6nv9t.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 6144]
S3 ET5Drv;ET5Drv; \??\C:\Windows\ET5Drv.sys [2007-10-16 36416]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-01-21 20544]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-12-24 33344]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 275456]
S3 IT9135BDA;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2010-02-03 113280]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 7936]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 RivaTuner64;RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.09\RivaTuner64.sys [2008-04-28 12288]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19456]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 40960]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-12 168960]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-07-17 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 46592]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-12-04 140672]
R2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2014-12-23 805112]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-12-23 431920]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-12-23 431920]
R2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-12-23 992560]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 27648]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-09-17 1148744]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-05-19 73728]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 27648]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-09-17 1795912]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-11-03 935232]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 27648]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-11-16 75136]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2014-11-16 189248]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 27648]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 27648]
S2 BBDemon;Backbone Service; C:\Program Files (x86)\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe -service []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-09-08 85096]
S3 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-27 1903472]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-18 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-07-07 403240]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 1012344]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola-prosím-díky
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: kontrola-prosím-díky
Zdravim 
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola-prosím-díky
# AdwCleaner v4.106 - Report created 03/01/2015 at 16:07:19
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Správce - PC08
# Running from : C:\Users\Pavel\Desktop\adwcleaner_4.106.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\Trymedia
[!] Folder Deleted : C:\Users\Pavel\AppData\Local\CrashRpt
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Mozilla Firefox v10.0.12 (cs)
[1qjdmp13.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "QIP Search");
[1qjdmp13.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "QIP Search");
[1qjdmp13.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.qip.ru/search?from=FF&query=");
*************************
AdwCleaner[R0].txt - [2342 octets] - [03/01/2015 16:03:39]
AdwCleaner[S0].txt - [1981 octets] - [03/01/2015 16:07:19]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2041 octets] ##########
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Správce - PC08
# Running from : C:\Users\Pavel\Desktop\adwcleaner_4.106.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\Trymedia
[!] Folder Deleted : C:\Users\Pavel\AppData\Local\CrashRpt
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Mozilla Firefox v10.0.12 (cs)
[1qjdmp13.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "QIP Search");
[1qjdmp13.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "QIP Search");
[1qjdmp13.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.qip.ru/search?from=FF&query=");
*************************
AdwCleaner[R0].txt - [2342 octets] - [03/01/2015 16:03:39]
AdwCleaner[S0].txt - [1981 octets] - [03/01/2015 16:07:19]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2041 octets] ##########
Re: kontrola-prosím-díky
Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola-prosím-díky
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 3.1.2015
Čas skenování: 17:26:44
Protokol: 123.txt
Správce: Ano
Verze: 2.00.4.1028
Databáze malwaru: v2015.01.03.07
Databáze rootkitů: v2014.12.30.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x64
Souborový systém: NTFS
Uživatel: SprA!vce
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 908833
Uplynulý čas: 2 hod, 59 min, 19 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjištěny položek)
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 0
(Žádné zákerné zjištěny položek)
Hodnoty registru: 0
(Žádné zákerné zjištěny položek)
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 0
(Žádné zákerné zjištěny položek)
Soubory: 14
PUP.Riskware.Keygen, C:\$RECYCLE.BIN\S-1-5-21-3968299894-954384744-379159808-1002\$R3LNOFQ\Sound Forge Pro 10.0\Keygen.exe, , [fc07cb28c0c92c0a475d0c16b84801ff],
PUP.Riskware.Keygen, C:\$RECYCLE.BIN\S-1-5-21-3968299894-954384744-379159808-1002\$RA5N109\Sound Forge Pro 10.0\Keygen.exe, , [4cb71cd77118fc3a01a366bca45cd22e],
PUP.Optional.DownloadSponsor, C:\$RECYCLE.BIN\S-1-5-21-3968299894-954384744-379159808-1003\$RE37KI9.exe, , [44bff3009eeb4bebde9fdc618184c040],
PUP.PDFPasswordRemover, C:\Program Files (x86)\PDF Password Remover v3.0\pdfdecrypt.exe, , [a75ca74cd2b76ec81b89f71859a7f907],
RiskWare.Tool.CK, C:\Users\Pavel\Documents\AutoCAD 2008\A2008\Crack AutoCAD 2008\AutoCAD-2008-keygen.exe, , [8c77cd2635547fb7915ef574a85a6a96],
RiskWare.Tool.CK, C:\Users\SprA!vce\DoctorWeb\Quarantine\EA03205Ad00, , [3bc831c24d3c33030d4793d7758d6e92],
RiskWare.Tool.CK, C:\Users\SprA!vce\Documents\Crack AutoCAD 2008\AutoCAD-2008-keygen.exe, , [ed16aa4995f4989e3bb4ce9be41ee719],
PUP.Optional.OpenCandy, E:\ZA!loha C\GOMPLAYERENSETUP_2.2.64.5211 .EXE, , [1ee5d61d0b7ebc7a22eeb3fab253fe02],
PUP.Optional.OpenCandy, E:\ZA!loha C\Pavel\Desktop\GOMPLAYERENSETUP_2.2.64.5211 .EXE, , [1ae900f3008959dd58b84b6262a3d62a],
PUP.Riskware.Patcher, E:\ZA!loha C\Pavel\Desktop\Replay Media Catcher v5.0.1.54 + Crack\Crack\replay.media.catcher.5.0.1.15-MPT.exe, , [52b12bc8a1e80531ff665bd1e9187d83],
RiskWare.Tool.HCK, E:\ZA!loha C\Pavel\Desktop\SONY.Sound.Forge.Pro.10.0.506+Key [SOURAVFILE]\SONY.Sound.Forge.Pro.10.0.506+Key [SOURAVFILE]\Sony.Products.Multikeygen.v2.1.Keygen.and.Patch.Only.READ.NFO-DI\di-sp210\di-sp21\Keygen.exe, , [e0239a5980092610ba7598e5ee14d62a],
RiskWare.Tool.CK, E:\ZA!loha C\Pavel\Documents\AutoCAD 2008\A2008\Crack AutoCAD 2008\AutoCAD-2008-keygen.exe, , [a75c2bc8d5b4a98dee01d693b25022de],
PUP.Riskware.Patcher, E:\ZA!loha C\Replay Media Catcher v5.0.1.54 + Crack\Crack\replay.media.catcher.5.0.1.15-MPT.exe, , [3ec5698a1f6a1a1c0a5b6cc0b05147b9],
RiskWare.Tool.HCK, E:\ZA!loha C\SONY.Sound.Forge.Pro.10.0.506+Key [SOURAVFILE]\SONY.Sound.Forge.Pro.10.0.506+Key [SOURAVFILE]\Sony.Products.Multikeygen.v2.1.Keygen.and.Patch.Only.READ.NFO-DI\di-sp210\di-sp21\Keygen.exe, , [8d7662918cfd94a2a986a6d7b44e34cc],
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
http://www.malwarebytes.org
Datum skenování: 3.1.2015
Čas skenování: 17:26:44
Protokol: 123.txt
Správce: Ano
Verze: 2.00.4.1028
Databáze malwaru: v2015.01.03.07
Databáze rootkitů: v2014.12.30.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x64
Souborový systém: NTFS
Uživatel: SprA!vce
Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 908833
Uplynulý čas: 2 hod, 59 min, 19 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjištěny položek)
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 0
(Žádné zákerné zjištěny položek)
Hodnoty registru: 0
(Žádné zákerné zjištěny položek)
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 0
(Žádné zákerné zjištěny položek)
Soubory: 14
PUP.Riskware.Keygen, C:\$RECYCLE.BIN\S-1-5-21-3968299894-954384744-379159808-1002\$R3LNOFQ\Sound Forge Pro 10.0\Keygen.exe, , [fc07cb28c0c92c0a475d0c16b84801ff],
PUP.Riskware.Keygen, C:\$RECYCLE.BIN\S-1-5-21-3968299894-954384744-379159808-1002\$RA5N109\Sound Forge Pro 10.0\Keygen.exe, , [4cb71cd77118fc3a01a366bca45cd22e],
PUP.Optional.DownloadSponsor, C:\$RECYCLE.BIN\S-1-5-21-3968299894-954384744-379159808-1003\$RE37KI9.exe, , [44bff3009eeb4bebde9fdc618184c040],
PUP.PDFPasswordRemover, C:\Program Files (x86)\PDF Password Remover v3.0\pdfdecrypt.exe, , [a75ca74cd2b76ec81b89f71859a7f907],
RiskWare.Tool.CK, C:\Users\Pavel\Documents\AutoCAD 2008\A2008\Crack AutoCAD 2008\AutoCAD-2008-keygen.exe, , [8c77cd2635547fb7915ef574a85a6a96],
RiskWare.Tool.CK, C:\Users\SprA!vce\DoctorWeb\Quarantine\EA03205Ad00, , [3bc831c24d3c33030d4793d7758d6e92],
RiskWare.Tool.CK, C:\Users\SprA!vce\Documents\Crack AutoCAD 2008\AutoCAD-2008-keygen.exe, , [ed16aa4995f4989e3bb4ce9be41ee719],
PUP.Optional.OpenCandy, E:\ZA!loha C\GOMPLAYERENSETUP_2.2.64.5211 .EXE, , [1ee5d61d0b7ebc7a22eeb3fab253fe02],
PUP.Optional.OpenCandy, E:\ZA!loha C\Pavel\Desktop\GOMPLAYERENSETUP_2.2.64.5211 .EXE, , [1ae900f3008959dd58b84b6262a3d62a],
PUP.Riskware.Patcher, E:\ZA!loha C\Pavel\Desktop\Replay Media Catcher v5.0.1.54 + Crack\Crack\replay.media.catcher.5.0.1.15-MPT.exe, , [52b12bc8a1e80531ff665bd1e9187d83],
RiskWare.Tool.HCK, E:\ZA!loha C\Pavel\Desktop\SONY.Sound.Forge.Pro.10.0.506+Key [SOURAVFILE]\SONY.Sound.Forge.Pro.10.0.506+Key [SOURAVFILE]\Sony.Products.Multikeygen.v2.1.Keygen.and.Patch.Only.READ.NFO-DI\di-sp210\di-sp21\Keygen.exe, , [e0239a5980092610ba7598e5ee14d62a],
RiskWare.Tool.CK, E:\ZA!loha C\Pavel\Documents\AutoCAD 2008\A2008\Crack AutoCAD 2008\AutoCAD-2008-keygen.exe, , [a75c2bc8d5b4a98dee01d693b25022de],
PUP.Riskware.Patcher, E:\ZA!loha C\Replay Media Catcher v5.0.1.54 + Crack\Crack\replay.media.catcher.5.0.1.15-MPT.exe, , [3ec5698a1f6a1a1c0a5b6cc0b05147b9],
RiskWare.Tool.HCK, E:\ZA!loha C\SONY.Sound.Forge.Pro.10.0.506+Key [SOURAVFILE]\SONY.Sound.Forge.Pro.10.0.506+Key [SOURAVFILE]\Sony.Products.Multikeygen.v2.1.Keygen.and.Patch.Only.READ.NFO-DI\di-sp210\di-sp21\Keygen.exe, , [8d7662918cfd94a2a986a6d7b44e34cc],
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
Re: kontrola-prosím-díky
Prevazne cracky. Jste si jisty, ze jsou vsechny ciste?
Nalezy doporucuji hodit do karanteny.
Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach
Nalezy doporucuji hodit do karanteny.
Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola-prosím-díky
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Správce (administrator) on PC08 on 04-01-2015 09:43:48
Running from C:\Users\Správce\Desktop
Loaded Profiles: Správce & Pavel & (Available profiles: Správce & Pavel & Guest)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(forum.viry.cz) C:\Users\Pavel\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5426688 2007-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-3968299894-954384744-379159808-1002\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3968299894-954384744-379159808-1003\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003\...\MountPoints2: {1bc48cf3-0cd3-11de-bf1c-001d7dace571} - F:\Setup.part01.exe
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bc48cf3-0cd3-11de-bf1c-001d7dace571} - F:\Setup.part01.exe
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {1bc48cf3-0cd3-11de-bf1c-001d7dace571} - F:\Setup.part01.exe
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: {DLL_Str} => {DLL_Str} File Not Found
AppInit_DLLs-x32: {DLL_Str} => "{DLL_Str}" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers-x32: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3968299894-954384744-379159808-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
BHO-x32: No Name -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5-x64 02 C:\Windows\system32\napinsp.dll [62976] (Společnost Microsoft)
Tcpip\..\Interfaces\{49E5700F-D637-48E9-9084-85B5CB4F5FA9}: [NameServer] 10.129.153.129
FireFox:
========
FF ProfilePath: C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\1qjdmp13.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-3968299894-954384744-379159808-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\1qjdmp13.default\searchplugins\qipsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\1qjdmp13.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-01-10]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-07]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-12-04] (SUPERAntiSpyware.com) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [805112 2014-12-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-23] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2008-09-08] (Autodesk)
S3 GEST Service; C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe [47624 2007-12-14] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-27] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-11-16] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-11-16] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S2 BBDemon; "C:\Program Files (x86)\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [113088 2008-08-01] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [113088 2008-08-01] (SlySoft, Inc.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [211456 2008-12-11] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 Beep; No ImagePath
S3 ET5Drv; C:\Windows\ET5Drv.sys [36416 2007-10-16] (Windows (R) Codename Longhorn DDK provider)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [275432 2009-04-10] (Společnost Microsoft)
R1 HWiNFO32; C:\Users\Pavel\Desktop\NoINST\hwinfo32\HWiNFO64A.SYS [30080 2009-07-16] (REALiX(tm))
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE )
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2008-12-11] () [File not signed]
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1513320 2013-03-03] (Společnost Microsoft)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2009-03-19] (Padus, Inc.) [File not signed]
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.09\RivaTuner64.sys [12288 2008-04-28] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-18] () [File not signed]
U0 ydbggv; C:\Windows\System32\drivers\wopxsms.sys [79064 2015-01-04] (Malwarebytes Corporation)
U3 a3lgfo30; C:\Windows\System32\Drivers\a3lgfo30.sys [0 ] (Microsoft Corporation)
U3 a6htre76; C:\Windows\System32\Drivers\a6htre76.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-04 09:43 - 2015-01-04 09:44 - 00027382 _____ () C:\Users\Správce\Desktop\FRST.txt
2015-01-04 09:42 - 2015-01-04 09:43 - 00000000 ____D () C:\FRST
2015-01-04 09:42 - 2015-01-04 09:37 - 02123776 _____ (Farbar) C:\Users\Správce\Desktop\FRST64.exe
2015-01-04 09:40 - 2015-01-04 09:40 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\wopxsms.sys
2015-01-04 09:40 - 2015-01-04 09:40 - 00003346 _____ () C:\Users\Správce\Desktop\1234.txt
2015-01-04 09:37 - 2015-01-04 09:38 - 00112640 _____ (forum.viry.cz) C:\Users\Pavel\Desktop\FRSTLauncher.exe
2015-01-04 09:37 - 2015-01-04 09:37 - 02123776 _____ (Farbar) C:\Users\Pavel\Desktop\FRST64.exe
2015-01-03 21:53 - 2015-01-03 21:53 - 00003345 _____ () C:\Users\Správce\Desktop\123.txt
2015-01-03 21:52 - 2015-01-03 21:52 - 00003350 _____ () C:\Users\Správce\Desktop\mbam-pav.txt
2015-01-03 17:19 - 2015-01-03 17:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 17:19 - 2015-01-03 17:19 - 00000947 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-03 17:19 - 2015-01-03 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-03 17:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-03 17:19 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-03 17:15 - 2015-01-03 17:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Pavel\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-03 16:03 - 2015-01-03 16:07 - 00000000 ____D () C:\AdwCleaner
2015-01-03 16:02 - 2015-01-03 16:02 - 02173952 _____ () C:\Users\Pavel\Desktop\adwcleaner_4.106.exe
2015-01-03 14:52 - 2015-01-03 14:52 - 00000000 ____D () C:\rsit
2015-01-03 14:43 - 2015-01-03 14:43 - 00001905 _____ () C:\Windows\diagwrn.xml
2015-01-03 14:43 - 2015-01-03 14:43 - 00001905 _____ () C:\Windows\diagerr.xml
2015-01-03 12:59 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-03 12:59 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-03 12:40 - 2015-01-03 12:40 - 00000000 ____D () C:\Users\Pavel\AppData\Local\Nvidia Corporation
2015-01-03 12:29 - 2015-01-03 12:29 - 00017140 _____ () C:\Users\Správce\Downloads\[CzT]Windows_8_1_x64_CZ_.torrent
2015-01-03 11:54 - 2011-03-30 04:40 - 00177152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxupdate.dll
2015-01-03 11:54 - 2006-03-31 11:27 - 00578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.direct3dx.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.direct3d.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.directplay.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.directsound.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.directinput.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.directdraw.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.audiovideoplayback.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.diagnostics.dll
2015-01-03 00:14 - 2015-01-03 00:14 - 00000000 ____D () C:\Users\Pavel\Documents\Respawn
2014-12-27 19:00 - 2015-01-03 00:13 - 00001019 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2014-12-13 08:44 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-13 08:44 - 2014-11-07 02:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-13 08:44 - 2014-11-04 01:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-13 08:44 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-13 08:43 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-13 08:43 - 2014-10-24 01:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-13 08:42 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-13 08:42 - 2014-12-03 02:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-13 08:41 - 2014-12-13 08:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-13 08:41 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 08:41 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-13 08:41 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 08:41 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 08:41 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 08:41 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 08:41 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 08:41 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-13 08:41 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-13 08:41 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-13 08:41 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 08:41 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 08:41 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-13 08:41 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 08:41 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-13 08:41 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-13 08:41 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-13 08:41 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-13 08:41 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-13 08:41 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-13 08:41 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-13 08:41 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 08:41 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-13 08:41 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-13 08:41 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-13 08:41 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-13 08:41 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-13 08:41 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-13 08:41 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-13 08:41 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-04 09:40 - 2013-12-10 10:47 - 00000000 ____D () C:\Program Files (x86)\PDF Password Remover v3.0
2015-01-04 09:40 - 2008-09-08 17:00 - 00000000 ____D () C:\Users\Správce\Documents\Crack AutoCAD 2008
2015-01-04 09:40 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\Speech
2015-01-04 09:38 - 2006-11-02 16:27 - 01798062 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 09:03 - 2006-11-02 16:22 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 09:03 - 2006-11-02 16:22 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-03 19:54 - 2012-12-04 18:15 - 00000000 ____D () C:\Program Files (x86)\SPlayer
2015-01-03 19:54 - 2012-12-04 14:58 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\SPlayer
2015-01-03 17:19 - 2010-12-13 13:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-03 16:10 - 2006-11-02 16:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-03 16:09 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-03 16:08 - 2014-06-06 08:57 - 00319158 _____ () C:\Windows\PFRO.log
2015-01-03 16:07 - 2006-11-02 16:42 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-03 14:52 - 2010-12-13 09:19 - 00000000 ____D () C:\Program Files\trend micro
2015-01-03 14:43 - 2014-07-30 07:41 - 00001100 _____ () C:\Windows\setupact.log
2015-01-03 14:43 - 2014-07-30 07:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 13:21 - 2013-12-18 17:29 - 00000000 ____D () C:\ProgramData\Origin
2015-01-03 13:15 - 2014-11-16 19:32 - 00193061 _____ () C:\Windows\DirectX.log
2015-01-03 13:03 - 2013-12-18 17:28 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-03 13:02 - 2009-03-01 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-03 12:03 - 2008-09-07 17:17 - 00000000 ____D () C:\Users\Správce
2015-01-03 11:27 - 2009-08-19 20:42 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Skype
2015-01-03 11:21 - 2014-05-14 09:00 - 00000000 ____D () C:\Users\Správce\AppData\Local\Sony
2015-01-03 11:20 - 2014-05-14 09:00 - 00000000 ____D () C:\Users\Správce\AppData\Roaming\Sony
2015-01-02 23:01 - 2014-03-02 14:43 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\vlc
2015-01-02 22:18 - 2007-01-08 23:10 - 00711248 _____ () C:\Windows\system32\perfh005.dat
2015-01-02 22:18 - 2007-01-08 23:10 - 00163024 _____ () C:\Windows\system32\perfc005.dat
2015-01-02 22:18 - 2006-11-02 13:46 - 01719548 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 17:14 - 2014-06-24 17:28 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-27 17:07 - 2013-12-18 17:38 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Origin
2014-12-23 12:28 - 2008-09-07 21:06 - 00048640 _____ () C:\Users\Pavel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-13 09:07 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache
2014-12-13 08:49 - 2011-05-03 08:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 08:47 - 2013-11-12 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-13 08:45 - 2006-11-02 13:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-13 08:42 - 2011-05-03 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
Some content of TEMP:
====================
C:\Users\Pavel\AppData\Local\temp\avgnt.exe
C:\Users\Pavel\AppData\Local\temp\sfamcc00001.dll
C:\Users\Pavel\AppData\Local\temp\SkypeSetup.exe
C:\Users\Správce\AppData\Local\temp\avgnt.exe
C:\Users\Správce\AppData\Local\temp\nvSCPAPI.dll
C:\Users\Správce\AppData\Local\temp\nvSCPAPI64.dll
C:\Users\Správce\AppData\Local\temp\nvStInst.exe
C:\Users\Správce\AppData\Local\temp\Quarantine.exe
C:\Users\Správce\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-03 16:15
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (System) (Fixed) (Total:298.09 GB) (Free:69.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Disk) (Fixed) (Total:931.51 GB) (Free:503.59 GB) NTFS
Available physical RAM: 6352.82 MB
Total physical RAM: 8189.58 MB
Percentage of memory in use: 22%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 4FC928A5)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: FF682F4F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\Public\Downloads\1.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\2.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\The all-new 2015 Subaru WRX 195 kW.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\Volvo-Trucks---The-Epic-Split-feat.-Van-Damme-(Live-Test-6).mp4:TOC.WMV
==================== Security Center ==================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Spr�vce\Desktop" je 42 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent
"C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"C:\Program Files (x86)\Steam\Steam.exe" -silent [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Správce (administrator) on PC08 on 04-01-2015 09:43:48
Running from C:\Users\Správce\Desktop
Loaded Profiles: Správce & Pavel & (Available profiles: Správce & Pavel & Guest)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(forum.viry.cz) C:\Users\Pavel\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5426688 2007-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-3968299894-954384744-379159808-1002\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3968299894-954384744-379159808-1003\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003\...\MountPoints2: {1bc48cf3-0cd3-11de-bf1c-001d7dace571} - F:\Setup.part01.exe
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bc48cf3-0cd3-11de-bf1c-001d7dace571} - F:\Setup.part01.exe
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {1bc48cf3-0cd3-11de-bf1c-001d7dace571} - F:\Setup.part01.exe
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: {DLL_Str} => {DLL_Str} File Not Found
AppInit_DLLs-x32: {DLL_Str} => "{DLL_Str}" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers-x32: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3968299894-954384744-379159808-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
BHO-x32: No Name -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5-x64 02 C:\Windows\system32\napinsp.dll [62976] (Společnost Microsoft)
Tcpip\..\Interfaces\{49E5700F-D637-48E9-9084-85B5CB4F5FA9}: [NameServer] 10.129.153.129
FireFox:
========
FF ProfilePath: C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\1qjdmp13.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-3968299894-954384744-379159808-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\1qjdmp13.default\searchplugins\qipsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\1qjdmp13.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-01-10]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-07]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-12-04] (SUPERAntiSpyware.com) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [805112 2014-12-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-23] (Avira Operations GmbH & Co. KG)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2008-09-08] (Autodesk)
S3 GEST Service; C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe [47624 2007-12-14] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-27] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-11-16] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-11-16] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S2 BBDemon; "C:\Program Files (x86)\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [113088 2008-08-01] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [113088 2008-08-01] (SlySoft, Inc.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [211456 2008-12-11] () [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 Beep; No ImagePath
S3 ET5Drv; C:\Windows\ET5Drv.sys [36416 2007-10-16] (Windows (R) Codename Longhorn DDK provider)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [275432 2009-04-10] (Společnost Microsoft)
R1 HWiNFO32; C:\Users\Pavel\Desktop\NoINST\hwinfo32\HWiNFO64A.SYS [30080 2009-07-16] (REALiX(tm))
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE )
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2008-12-11] () [File not signed]
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1513320 2013-03-03] (Společnost Microsoft)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2009-03-19] (Padus, Inc.) [File not signed]
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.09\RivaTuner64.sys [12288 2008-04-28] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-18] () [File not signed]
U0 ydbggv; C:\Windows\System32\drivers\wopxsms.sys [79064 2015-01-04] (Malwarebytes Corporation)
U3 a3lgfo30; C:\Windows\System32\Drivers\a3lgfo30.sys [0 ] (Microsoft Corporation)
U3 a6htre76; C:\Windows\System32\Drivers\a6htre76.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-04 09:43 - 2015-01-04 09:44 - 00027382 _____ () C:\Users\Správce\Desktop\FRST.txt
2015-01-04 09:42 - 2015-01-04 09:43 - 00000000 ____D () C:\FRST
2015-01-04 09:42 - 2015-01-04 09:37 - 02123776 _____ (Farbar) C:\Users\Správce\Desktop\FRST64.exe
2015-01-04 09:40 - 2015-01-04 09:40 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\wopxsms.sys
2015-01-04 09:40 - 2015-01-04 09:40 - 00003346 _____ () C:\Users\Správce\Desktop\1234.txt
2015-01-04 09:37 - 2015-01-04 09:38 - 00112640 _____ (forum.viry.cz) C:\Users\Pavel\Desktop\FRSTLauncher.exe
2015-01-04 09:37 - 2015-01-04 09:37 - 02123776 _____ (Farbar) C:\Users\Pavel\Desktop\FRST64.exe
2015-01-03 21:53 - 2015-01-03 21:53 - 00003345 _____ () C:\Users\Správce\Desktop\123.txt
2015-01-03 21:52 - 2015-01-03 21:52 - 00003350 _____ () C:\Users\Správce\Desktop\mbam-pav.txt
2015-01-03 17:19 - 2015-01-03 17:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 17:19 - 2015-01-03 17:19 - 00000947 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-03 17:19 - 2015-01-03 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-03 17:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-03 17:19 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-03 17:15 - 2015-01-03 17:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Pavel\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-03 16:03 - 2015-01-03 16:07 - 00000000 ____D () C:\AdwCleaner
2015-01-03 16:02 - 2015-01-03 16:02 - 02173952 _____ () C:\Users\Pavel\Desktop\adwcleaner_4.106.exe
2015-01-03 14:52 - 2015-01-03 14:52 - 00000000 ____D () C:\rsit
2015-01-03 14:43 - 2015-01-03 14:43 - 00001905 _____ () C:\Windows\diagwrn.xml
2015-01-03 14:43 - 2015-01-03 14:43 - 00001905 _____ () C:\Windows\diagerr.xml
2015-01-03 12:59 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-03 12:59 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-03 12:40 - 2015-01-03 12:40 - 00000000 ____D () C:\Users\Pavel\AppData\Local\Nvidia Corporation
2015-01-03 12:29 - 2015-01-03 12:29 - 00017140 _____ () C:\Users\Správce\Downloads\[CzT]Windows_8_1_x64_CZ_.torrent
2015-01-03 11:54 - 2011-03-30 04:40 - 00177152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxupdate.dll
2015-01-03 11:54 - 2006-03-31 11:27 - 00578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.direct3dx.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.direct3d.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.directplay.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.directsound.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.directinput.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.directdraw.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.audiovideoplayback.dll
2015-01-03 11:54 - 2005-03-18 16:23 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\microsoft.directx.diagnostics.dll
2015-01-03 00:14 - 2015-01-03 00:14 - 00000000 ____D () C:\Users\Pavel\Documents\Respawn
2014-12-27 19:00 - 2015-01-03 00:13 - 00001019 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2014-12-13 08:44 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-13 08:44 - 2014-11-07 02:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-13 08:44 - 2014-11-04 01:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-13 08:44 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-13 08:43 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-13 08:43 - 2014-10-24 01:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-13 08:42 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-13 08:42 - 2014-12-03 02:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-13 08:41 - 2014-12-13 08:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-13 08:41 - 2014-11-24 23:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-13 08:41 - 2014-11-24 22:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-13 08:41 - 2014-11-24 22:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-13 08:41 - 2014-11-24 22:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-13 08:41 - 2014-11-24 22:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-13 08:41 - 2014-11-24 22:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-13 08:41 - 2014-11-24 22:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-13 08:41 - 2014-11-24 22:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-13 08:41 - 2014-11-24 22:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-13 08:41 - 2014-11-24 22:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-13 08:41 - 2014-11-24 22:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-13 08:41 - 2014-11-24 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-13 08:41 - 2014-11-24 22:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-13 08:41 - 2014-11-24 22:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-13 08:41 - 2014-11-24 22:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-13 08:41 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-13 08:41 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-13 08:41 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-13 08:41 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-13 08:41 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-13 08:41 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-13 08:41 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-13 08:41 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 08:41 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-13 08:41 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-13 08:41 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-13 08:41 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-13 08:41 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-13 08:41 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-13 08:41 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-13 08:41 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-13 08:41 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-04 09:40 - 2013-12-10 10:47 - 00000000 ____D () C:\Program Files (x86)\PDF Password Remover v3.0
2015-01-04 09:40 - 2008-09-08 17:00 - 00000000 ____D () C:\Users\Správce\Documents\Crack AutoCAD 2008
2015-01-04 09:40 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\Speech
2015-01-04 09:38 - 2006-11-02 16:27 - 01798062 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 09:03 - 2006-11-02 16:22 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 09:03 - 2006-11-02 16:22 - 00004048 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-03 19:54 - 2012-12-04 18:15 - 00000000 ____D () C:\Program Files (x86)\SPlayer
2015-01-03 19:54 - 2012-12-04 14:58 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\SPlayer
2015-01-03 17:19 - 2010-12-13 13:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-03 16:10 - 2006-11-02 16:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-03 16:09 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-03 16:08 - 2014-06-06 08:57 - 00319158 _____ () C:\Windows\PFRO.log
2015-01-03 16:07 - 2006-11-02 16:42 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-03 14:52 - 2010-12-13 09:19 - 00000000 ____D () C:\Program Files\trend micro
2015-01-03 14:43 - 2014-07-30 07:41 - 00001100 _____ () C:\Windows\setupact.log
2015-01-03 14:43 - 2014-07-30 07:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 13:21 - 2013-12-18 17:29 - 00000000 ____D () C:\ProgramData\Origin
2015-01-03 13:15 - 2014-11-16 19:32 - 00193061 _____ () C:\Windows\DirectX.log
2015-01-03 13:03 - 2013-12-18 17:28 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-03 13:02 - 2009-03-01 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-03 12:03 - 2008-09-07 17:17 - 00000000 ____D () C:\Users\Správce
2015-01-03 11:27 - 2009-08-19 20:42 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Skype
2015-01-03 11:21 - 2014-05-14 09:00 - 00000000 ____D () C:\Users\Správce\AppData\Local\Sony
2015-01-03 11:20 - 2014-05-14 09:00 - 00000000 ____D () C:\Users\Správce\AppData\Roaming\Sony
2015-01-02 23:01 - 2014-03-02 14:43 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\vlc
2015-01-02 22:18 - 2007-01-08 23:10 - 00711248 _____ () C:\Windows\system32\perfh005.dat
2015-01-02 22:18 - 2007-01-08 23:10 - 00163024 _____ () C:\Windows\system32\perfc005.dat
2015-01-02 22:18 - 2006-11-02 13:46 - 01719548 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 17:14 - 2014-06-24 17:28 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-27 17:07 - 2013-12-18 17:38 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Origin
2014-12-23 12:28 - 2008-09-07 21:06 - 00048640 _____ () C:\Users\Pavel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-13 09:07 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\rescache
2014-12-13 08:49 - 2011-05-03 08:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 08:47 - 2013-11-12 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-13 08:45 - 2006-11-02 13:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-13 08:42 - 2011-05-03 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
Some content of TEMP:
====================
C:\Users\Pavel\AppData\Local\temp\avgnt.exe
C:\Users\Pavel\AppData\Local\temp\sfamcc00001.dll
C:\Users\Pavel\AppData\Local\temp\SkypeSetup.exe
C:\Users\Správce\AppData\Local\temp\avgnt.exe
C:\Users\Správce\AppData\Local\temp\nvSCPAPI.dll
C:\Users\Správce\AppData\Local\temp\nvSCPAPI64.dll
C:\Users\Správce\AppData\Local\temp\nvStInst.exe
C:\Users\Správce\AppData\Local\temp\Quarantine.exe
C:\Users\Správce\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-03 16:15
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (System) (Fixed) (Total:298.09 GB) (Free:69.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Disk) (Fixed) (Total:931.51 GB) (Free:503.59 GB) NTFS
Available physical RAM: 6352.82 MB
Total physical RAM: 8189.58 MB
Percentage of memory in use: 22%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 4FC928A5)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: FF682F4F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\Public\Downloads\1.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\2.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\The all-new 2015 Subaru WRX 195 kW.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\Volvo-Trucks---The-Epic-Split-feat.-Van-Damme-(Live-Test-6).mp4:TOC.WMV
==================== Security Center ==================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Spr�vce\Desktop" je 42 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent
"C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"C:\Program Files (x86)\Steam\Steam.exe" -silent [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- Addition.txt
- (7.76 KiB) Staženo 57 x
Re: kontrola-prosím-díky
Otevrete si poznamkovy blok a zkopirujte do nej tento skript
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-3968299894-954384744-379159808-1002\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1003\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
AppInit_DLLs: {DLL_Str} => {DLL_Str} File Not Found
AppInit_DLLs-x32: {DLL_Str} => "{DLL_Str}" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
BHO-x32: No Name -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
FF SearchPlugin: C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\1qjdmp13.default\searchplugins\qipsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
2015-01-03 17:15 - 2015-01-03 17:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Pavel\Desktop\mbam-setup-2.0.4.1028.exe
AlternateDataStreams: C:\Users\Public\Downloads\1.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\2.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\The all-new 2015 Subaru WRX 195 kW.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\Volvo-Trucks---The-Epic-Split-feat.-Van-Damme-(Live-Test-6).mp4:TOC.WMV
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware" /f
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
Hosts:
EmptyTemp:
Reboot:
EndKliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola-prosím-díky
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by Správce at 2015-01-04 15:55:26 Run:1
Running from C:\Users\Správce\Desktop
Loaded Profiles: Správce & Pavel & (Available profiles: Správce & Pavel & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-3968299894-954384744-379159808-1002\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1003\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
AppInit_DLLs: {DLL_Str} => {DLL_Str} File Not Found
AppInit_DLLs-x32: {DLL_Str} => "{DLL_Str}" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
BHO-x32: No Name -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
FF SearchPlugin: C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\1qjdmp13.default\searchplugins\qipsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
2015-01-03 17:15 - 2015-01-03 17:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Pavel\Desktop\mbam-setup-2.0.4.1028.exe
AlternateDataStreams: C:\Users\Public\Downloads\1.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\2.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\The all-new 2015 Subaru WRX 195 kW.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\Volvo-Trucks---The-Epic-Split-feat.-Van-Damme-(Live-Test-6).mp4:TOC.WMV
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware" /f
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount => value deleted successfully.
"{DLL_Str}" => Value Data removed successfully.
"{DLL_Str}" => Value Data removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk => Moved successfully.
C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Value not found.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Value not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Value not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Value not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Value not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD39}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{42DFA04F-0F16-418e-B80C-AB97A5AFAD39} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\1qjdmp13.default\searchplugins\qipsearch.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml => Moved successfully.
C:\Users\Pavel\Desktop\mbam-setup-2.0.4.1028.exe => Moved successfully.
C:\Users\Public\Downloads\1.mp4 => ":TOC.WMV" ADS removed successfully.
C:\Users\Public\Downloads\2.mp4 => ":TOC.WMV" ADS removed successfully.
C:\Users\Public\Downloads\The all-new 2015 Subaru WRX 195 kW.mp4 => ":TOC.WMV" ADS removed successfully.
C:\Users\Public\Downloads\Volvo-Trucks---The-Epic-Split-feat.-Van-Damme-(Live-Test-6).mp4 => ":TOC.WMV" ADS removed successfully.
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
SkypeUpdate => Service deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.1 GB temporary data.
The system needed a reboot.
==== End of Fixlog 15:56:56 ====
Ran by Správce at 2015-01-04 15:55:26 Run:1
Running from C:\Users\Správce\Desktop
Loaded Profiles: Správce & Pavel & (Available profiles: Správce & Pavel & Guest)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-3968299894-954384744-379159808-1002\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [2131 2015-01-03] ()
HKU\S-1-5-21-3968299894-954384744-379159808-1003\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [222592 2007-08-01] (Alcohol Soft Development Team)
AppInit_DLLs: {DLL_Str} => {DLL_Str} File Not Found
AppInit_DLLs-x32: {DLL_Str} => "{DLL_Str}" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3968299894-954384744-379159808-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
BHO-x32: No Name -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
FF SearchPlugin: C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\1qjdmp13.default\searchplugins\qipsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
2015-01-03 17:15 - 2015-01-03 17:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Pavel\Desktop\mbam-setup-2.0.4.1028.exe
AlternateDataStreams: C:\Users\Public\Downloads\1.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\2.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\The all-new 2015 Subaru WRX 195 kW.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Public\Downloads\Volvo-Trucks---The-Epic-Split-feat.-Van-Damme-(Live-Test-6).mp4:TOC.WMV
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware" /f
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount => value deleted successfully.
"{DLL_Str}" => Value Data removed successfully.
"{DLL_Str}" => Value Data removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk => Moved successfully.
C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Value not found.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Value not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Value not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Value not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Value not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD39}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{42DFA04F-0F16-418e-B80C-AB97A5AFAD39} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-1003-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKU\S-1-5-21-3968299894-954384744-379159808-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3968299894-954384744-379159808-501-{{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
C:\Users\Správce\AppData\Roaming\Mozilla\Firefox\Profiles\1qjdmp13.default\searchplugins\qipsearch.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml => Moved successfully.
C:\Users\Pavel\Desktop\mbam-setup-2.0.4.1028.exe => Moved successfully.
C:\Users\Public\Downloads\1.mp4 => ":TOC.WMV" ADS removed successfully.
C:\Users\Public\Downloads\2.mp4 => ":TOC.WMV" ADS removed successfully.
C:\Users\Public\Downloads\The all-new 2015 Subaru WRX 195 kW.mp4 => ":TOC.WMV" ADS removed successfully.
C:\Users\Public\Downloads\Volvo-Trucks---The-Epic-Split-feat.-Van-Damme-(Live-Test-6).mp4 => ":TOC.WMV" ADS removed successfully.
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
SkypeUpdate => Service deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.1 GB temporary data.
The system needed a reboot.
==== End of Fixlog 15:56:56 ====
Re: kontrola-prosím-díky
Zopakujte krok s ADWCleanerem.
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola-prosím-díky
# AdwCleaner v4.106 - Report created 04/01/2015 at 16:20:48
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Správce - PC08
# Running from : C:\Users\Pavel\Desktop\adwcleaner_4.106.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Mozilla Firefox v10.0.12 (cs)
*************************
AdwCleaner[R0].txt - [2342 octets] - [03/01/2015 16:03:39]
AdwCleaner[R1].txt - [876 octets] - [04/01/2015 16:18:51]
AdwCleaner[S0].txt - [2131 octets] - [03/01/2015 16:07:19]
AdwCleaner[S1].txt - [800 octets] - [04/01/2015 16:20:48]
########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [859 octets] ##########
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Správce - PC08
# Running from : C:\Users\Pavel\Desktop\adwcleaner_4.106.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Mozilla Firefox v10.0.12 (cs)
*************************
AdwCleaner[R0].txt - [2342 octets] - [03/01/2015 16:03:39]
AdwCleaner[R1].txt - [876 octets] - [04/01/2015 16:18:51]
AdwCleaner[S0].txt - [2131 octets] - [03/01/2015 16:07:19]
AdwCleaner[S1].txt - [800 octets] - [04/01/2015 16:20:48]
########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [859 octets] ##########
Re: kontrola-prosím-díky
Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce) vyosek píše:
- Stahnete a spustte
- Ponechte zatrzitkou pouze u volby Remote disinfection tools
- Kliknete na Run
Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)
Defragmentujte disk(y) (SSD Disky ne!)Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.
Pak napiste, jak je na tom pc.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola-prosím-díky
Díky moc za pomoc s pročištěním PC. Defragmentaci udělám v noci.Re: kontrola-prosím-díky
Nemate zac!
Jasne, ta je na dyl.
Jinak je tedy pc v poradku?
Jasne, ta je na dyl.
Jinak je tedy pc v poradku?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: kontrola-prosím-díky
Ano, pc je OK. Krásný den
Přispějete na provoz fóra?