Prosím o kontrolu logu, asi VIR Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

tomas_ch
Level 2.5
Level 2.5
Příspěvky: 353
Registrován: srpen 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR

Příspěvekod tomas_ch » 05 říj 2015 10:56

# DelFix v1.011 - Logfile created 01/01/2001 at 00:13:54
# Updated 18/08/2015 by Xplode
# Username : pc - PC-PC
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\32788R22FWJFW
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2015-09-25-103826.log
Deleted : C:\Users\pc\Desktop\AdwCleaner.exe
Deleted : C:\Users\pc\Desktop\aswmbr.exe
Deleted : C:\Users\pc\Desktop\aswMBR.txt
Deleted : C:\Users\pc\Desktop\JRT.exe
Deleted : C:\Users\pc\Desktop\HijackThis.exe
Deleted : C:\Users\pc\Desktop\MBR.dat
Deleted : C:\Users\pc\Desktop\RogueKiller.exe
Deleted : C:\Users\pc\Desktop\TFC.exe
Deleted : C:\Users\pc\Desktop\zoek.exe
Deleted : C:\Users\pc\Downloads\adwcleaner_3.216.exe
Deleted : C:\Users\pc\Downloads\adwcleaner_5.008.exe
Deleted : C:\Users\pc\Downloads\JRT (1).exe
Deleted : C:\Users\pc\Downloads\JRT.exe
Deleted : C:\Users\pc\Downloads\tdsskiller.zip
Deleted : C:\Users\pc\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #509 [JRT Pre-Junkware Removal | 12/31/2000 23:54:03]
Deleted : RP #504 [Windows Update | 01/01/2001 02:00:24]
Deleted : RP #511 [Windows Update | 01/02/2001 00:37:15]
Deleted : RP #506 [JRT Pre-Junkware Removal | 09/25/2015 09:42:20]
Deleted : RP #507 [zoek.exe restore point | 09/25/2015 09:51:01]

New restore point created !

########## - EOF - ##########

Reklama
tomas_ch
Level 2.5
Level 2.5
Příspěvky: 353
Registrován: srpen 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR

Příspěvekod tomas_ch » 05 říj 2015 13:33

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 0:19:49, on 1.1.2001
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16563)


Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\pc\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 10045 bytes

tomas_ch
Level 2.5
Level 2.5
Příspěvky: 353
Registrován: srpen 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR

Příspěvekod tomas_ch » 05 říj 2015 13:48

zdravim, vsechno vypada OK,
az na surfovani v Chromu, ktery me z niceho nic najednou presmerovava na ruzne stranky http://starsunnysetgadget.name, http://cs.reimageplus.com a podobny bordel. Da se s tim neco udelat? Odkud se to bere?
V Exploreru je to OK.

Jeste prosim o odinstalovani programu AVIRA pomoci Combofixu. Nejak mi nejde odinstalovat.

Jeste mi to hlasi, ze v Centru zabezpeceni nemam ochranu Malware. Opravi se to instalaci nejakeho antiviru?

Diky diky moc.

T.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR

Příspěvekod jaro3 » 06 říj 2015 09:42

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

tomas_ch
Level 2.5
Level 2.5
Příspěvky: 353
Registrován: srpen 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR

Příspěvekod tomas_ch » 06 říj 2015 10:50

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by pc (administrator) on PC-PC (06-10-2015 10:31:22)
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\ACER\Mobility Center\MobilityService.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-04-04] (Synaptics, Inc.)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [ZPdtWzdVitaKey MC3000] => C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [3719680 2011-03-11] (Arachnoid Biometrics Identification Group Corp.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-07-18] (Acer Corp.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Printsrv] => c:\Windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs [559 2013-12-04] ()
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [782520 2015-09-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2011-03-11] (Arachnoid Biometrics Identification Group Corp.)
HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2001-01-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\acer.scr [83554304 2007-04-19] ()
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-07-22] (Google)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-07-29] (Egis Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Winsock: Catalog9 01 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-10-05] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-10-05] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-10-05] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-10-05] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-10-05] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-10-05] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-10-05] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-10-05] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 48 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-10-05] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4EB5B243-4C92-4138-943C-1B8EE0B1DCF0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> DefaultScope {00B409F9-12B1-4A91-81EB-078C48B0ABEF} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {00B409F9-12B1-4A91-81EB-078C48B0ABEF} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {07CF137C-BF0B-4F78-8E85-92F1E95DFB3A} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {0E65AD17-19E9-41B6-A4C2-B37A4CE26B38} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {20EFC17B-6739-45C2-ABC3-8E8D5E007C60} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {5D60DF08-43B1-4B4A-B96B-0FECC2974E02} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {A7377303-F571-40F5-A397-5DFCF56521C9} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {F9A51075-98E9-4CCF-9C81-2423E63626D1} URL = hxxp://www.firmy.cz/phr/{searchTerms}?sourceid=QuickSearch_12454
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2001-01-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2001-01-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3280974334-3652872388-2672934827-1000: @kb-ext.cz/PKIComponent -> C:\Users\pc\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [2013-12-09] (Komerční banka, a.s.)
FF Plugin HKU\S-1-5-21-3280974334-3652872388-2672934827-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-07-23]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found

Chrome:
=======
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-05]
CHR Extension: (Dokumenty Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-05]
CHR Extension: (Disk Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-05]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Vyhledávání Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-05]
CHR Extension: (Tabulky Google) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-05]
CHR Extension: (Avira Browser Safety) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-05]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [916968 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [461672 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [461672 2015-09-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1210512 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [815104 2008-04-30] (Intel(R) Corporation) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-07-22] (Google)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1878888 2015-07-14] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3520512 2011-03-11] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-07-14] (LogMeIn, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2012-04-15] ()
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-04-30] (Intel(R) Corporation) [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-07-19] (Acer Incorporated) [File not signed]
S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [43184 2011-03-11] (Alfa Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-09-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-09-01] (Avira Operations GmbH & Co. KG)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] () [File not signed]
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-18] (ITE Tech. Inc. )
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-16] (Cyberlink Corp.) [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\pc\AppData\Local\Temp\CFcatchme.sys [X]
S1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 10:31 - 2015-10-06 10:32 - 00021766 _____ C:\Users\pc\Desktop\FRST.txt
2015-10-06 10:31 - 2015-10-06 10:31 - 00000000 ____D C:\FRST
2015-10-06 10:25 - 2015-10-06 10:26 - 01697792 _____ (Farbar) C:\Users\pc\Desktop\FRST.exe
2015-10-05 14:31 - 2015-10-05 14:31 - 00001975 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-05 14:31 - 2015-10-05 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-05 14:27 - 2015-10-06 10:32 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770.job
2015-10-05 14:27 - 2001-01-01 00:01 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1.job
2015-10-05 14:16 - 2015-10-05 14:16 - 00000000 ____D C:\Users\pc\AppData\Roaming\Avira
2015-10-05 14:07 - 2015-09-01 17:10 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-10-05 14:07 - 2015-09-01 17:09 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-10-05 14:07 - 2015-09-01 17:09 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-10-05 14:07 - 2015-09-01 17:09 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-10-05 13:40 - 2015-10-05 13:40 - 00000000 ____D C:\Users\pc\AppData\Local\CrashDumps
2015-10-05 13:16 - 2015-07-18 15:14 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-05 13:16 - 2015-07-18 15:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-05 12:56 - 2015-10-05 12:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-05 12:06 - 2015-08-05 17:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-10-05 12:05 - 2014-10-03 03:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-10-05 12:05 - 2014-10-03 03:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-10-05 12:05 - 2014-10-03 03:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-10-05 12:05 - 2014-10-03 03:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-10-05 12:04 - 2014-12-06 05:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-10-05 12:04 - 2014-12-06 05:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-10-05 12:04 - 2014-12-06 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-10-05 12:02 - 2015-05-31 10:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-10-05 11:41 - 2015-05-09 01:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-05 11:41 - 2014-09-05 01:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-10-05 11:36 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-10-05 11:36 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-10-05 11:36 - 2015-07-01 17:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-10-05 11:36 - 2014-12-08 03:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-10-05 11:35 - 2015-05-05 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-10-05 11:35 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-10-05 11:35 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-10-05 11:35 - 2015-05-04 23:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-10-05 11:34 - 2015-08-17 19:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-05 11:34 - 2015-08-17 19:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-05 11:34 - 2015-08-17 19:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-05 11:34 - 2015-08-17 19:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-05 11:34 - 2015-08-17 19:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-05 11:34 - 2015-08-17 19:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-05 11:34 - 2015-08-17 19:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-05 11:34 - 2015-08-17 19:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-05 11:34 - 2015-08-17 19:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-05 11:34 - 2015-08-17 19:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-05 11:34 - 2015-08-17 19:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-05 11:34 - 2015-08-17 19:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-05 11:34 - 2015-08-17 19:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-10-05 11:34 - 2015-08-17 19:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-05 11:34 - 2015-08-17 19:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-05 11:34 - 2015-08-17 19:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-05 11:34 - 2015-08-17 19:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-05 11:34 - 2015-08-17 19:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-05 11:34 - 2015-08-17 19:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-10-05 11:34 - 2015-08-17 19:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-10-05 11:34 - 2015-08-17 19:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-10-05 11:34 - 2015-08-17 19:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-05 11:34 - 2015-05-05 00:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-10-05 11:02 - 2001-01-01 00:00 - 00187924 _____ C:\Windows\PFRO.log
2015-09-25 13:42 - 2015-09-25 13:42 - 01132704 _____ (ESET spol. s r.o.) C:\Users\pc\Desktop\eset_av_remover.exe
2015-09-25 13:29 - 2015-09-25 13:29 - 01087448 _____ (Avira Operations GmbH & Co. KG) C:\Users\pc\Downloads\avira_registry_cleaner_en.exe
2015-09-25 13:17 - 2001-01-01 01:06 - 00000000 ____D C:\Windows\erdnt
2015-09-25 11:43 - 2015-09-25 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-09-25 11:43 - 2015-09-25 11:43 - 00000000 ____D C:\Program Files\LogMeIn Hamachi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2028-01-04 16:46 - 2001-01-02 11:19 - 00000000 ____D C:\Users\pc\Documents\versions
2015-10-06 10:32 - 2001-01-01 00:12 - 01427888 _____ C:\Windows\WindowsUpdate.log
2015-10-06 10:27 - 2008-01-21 08:47 - 01603480 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-06 10:26 - 2013-03-19 15:50 - 00000000 ____D C:\Users\pc\AppData\Local\LogMeIn Hamachi
2015-10-05 14:49 - 2012-02-20 20:33 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-10-05 14:49 - 2006-11-02 15:01 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-05 14:46 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-05 14:31 - 2011-03-23 14:28 - 00000000 ____D C:\Users\pc\AppData\Local\Google
2015-10-05 14:30 - 2009-01-20 06:59 - 00000000 ____D C:\Program Files\Google
2015-10-05 14:09 - 2014-07-25 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-10-05 14:08 - 2014-07-25 13:58 - 00000000 ____D C:\ProgramData\Avira
2015-10-05 14:07 - 2014-07-25 13:58 - 00000000 ____D C:\Program Files\Avira
2015-10-05 12:55 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2015-10-05 12:00 - 2013-08-18 13:57 - 00000000 ____D C:\Windows\system32\MRT
2015-10-05 11:21 - 2001-01-01 02:08 - 00000024 _____ C:\Users\pc\AppData\Roaming\appdataFr25.bin
2015-09-25 15:09 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2015-09-25 15:09 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2015-09-25 14:28 - 2006-11-02 12:22 - 52690944 _____ C:\Windows\system32\config\software.bak
2015-09-25 14:28 - 2006-11-02 12:22 - 41680896 _____ C:\Windows\system32\config\COMPON~3.bak
2015-09-25 14:28 - 2006-11-02 12:22 - 26476544 _____ C:\Windows\system32\config\system.bak
2015-09-25 14:28 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-09-25 14:28 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam.bak
2015-09-25 14:28 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\default.bak
2015-09-25 12:57 - 2001-01-01 05:51 - 00000000 ____D C:\ProgramData\EPSON
2015-09-25 12:57 - 2001-01-01 05:32 - 00000000 ____D C:\Users\pc\AppData\Roaming\Epson
2015-09-25 12:40 - 2001-01-01 04:53 - 00000000 ____D C:\Fraps
2015-09-25 12:31 - 2011-03-23 14:24 - 00000000 ____D C:\Users\pc

==================== Files in the root of some directories =======

2001-01-01 02:08 - 2015-10-05 11:21 - 0000024 _____ () C:\Users\pc\AppData\Roaming\appdataFr25.bin
2001-01-01 03:46 - 2001-01-01 03:46 - 0050600 _____ () C:\Users\pc\AppData\Roaming\Debut.dmp
2011-07-25 17:38 - 2001-01-01 00:54 - 0000097 _____ () C:\Users\pc\AppData\Roaming\default.pls
2012-04-15 20:38 - 2012-04-15 20:38 - 0022328 _____ () C:\Users\pc\AppData\Roaming\PnkBstrK.sys
2011-07-21 21:00 - 2001-01-01 12:20 - 0237568 _____ () C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-11 16:36 - 2011-03-11 16:43 - 0006077 _____ () C:\ProgramData\ArcadeDeluxe2.log
2011-07-21 15:59 - 2001-01-01 00:02 - 0031586 _____ () C:\ProgramData\nvModes.001
2011-07-21 15:59 - 2001-01-01 00:01 - 0031586 _____ () C:\ProgramData\nvModes.dat

Some files in TEMP:
====================
C:\Users\pc\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-06 10:34

==================== End of FRST.txt ============================

tomas_ch
Level 2.5
Level 2.5
Příspěvky: 353
Registrován: srpen 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR

Příspěvekod tomas_ch » 06 říj 2015 10:54

Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by pc (2015-10-06 10:33:16)
Running from C:\Users\pc\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2011-03-11 14:08:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3280974334-3652872388-2672934827-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3280974334-3652872388-2672934827-1003 - Limited - Enabled)
Guest (S-1-5-21-3280974334-3652872388-2672934827-501 - Limited - Disabled)
pc (S-1-5-21-3280974334-3652872388-2672934827-1000 - Administrator - Enabled) => C:\Users\pc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


AAV 6.0.00.15 (HKLM\...\Acer Acer Bio Protection 6.0.00.15) (Version: - )
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.1.5529 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.1.5529 - CyberLink Corp.) Hidden
Acer Bio Protection
Acer Crystal Eye Webcam 3.0.6.3 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 3.0.6.3 - SuYin)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3008 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3009 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3014 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.13.1301 - Acer Inc.)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 3.2.3002 - Acer Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Reader 9 - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Agatha Christie Peril at End House (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}) (Version: - Oberon Media)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
ARMY MEN (HKLM\...\ARMY MEN_is1) (Version: 1.0 - US-ACTION, s.r.o.)
Asistent pro přihlášení ke službě Windows Live (HKLM\...\{1E779810-ACCA-4483-BC76-12DFE055B452}) (Version: 5.000.817.1 - Microsoft Corporation)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.30 - Atheros Communications Inc.)
AVG PC TuneUp 2014 (cs-CZ) (Version: 14.0.1001.206 - AVG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.13.202 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Bob Budowniczy – Budujemy lunapark (HKLM\...\{B8DAC2F9-D1C4-4BE9-9E30-AB18B95CF197}) (Version: - )
Bookworm Adventures (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}) (Version: - Oberon Media)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.64.1073 - AB Team, d.o.o.)
C:\Program Files\Acer GameZone\GameConsole (HKLM\...\{71C2828F-2678-4675-BDEC-895424861262}_is1) (Version: 2.0.1.4 - Oberon Media, Inc.)
Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Classic Car Racing (HKLM\...\{50F1F18A-3053-47B0-9974-E980B2DE9B69}) (Version: 1.00.0000 - 1C)
Commandos 3 - Destination Berlin (HKLM\...\{C270BC04-1540-4673-960F-A546B2C860CD}) (Version: - )
Crysis(R) (HKLM\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023d - CyberLink Corp.)
Dream Day First Home (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Epson Easy Photo Print 2 (HKLM\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX235 Series Printer Uninstall (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000223 - Název společnosti:)
eSobi v2 (Version: 2.0.3.000223 - Název společnosti:) Hidden
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
Fraps 3.4.7 Pln Verze - Leskli version for Windows (HKLM\...\{280F1141-F118-BC52-29D5-63FBD7FE5539}_is1) (Version: for Windows - )
Fraps-3.4.7---Pln-verze version for Windows (HKLM\...\{934848F7-E19C-F361-06F6-6F490DC5E318}_is1) (Version: for Windows - )
Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Gameforge Live 2.0.4 (HKLM\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version: - Oberon Media)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Heroes of Hellas (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Chicken Invaders 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
ITECIR (HKLM\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.6 - ITE)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.12.07 - JMicron Technology Corp.)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
Magic Farm (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}) (Version: - Oberon Media)
MC Titan Minecraft Custom Tekkit (HKLM\...\MC Titan Minecraft Custom Tekkit) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 pro studenty a domácnosti (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}) (Version: 08.05.0822 - Microsoft Corporation)
Minecraft (HKLM\...\{472436F6-1933-4152-906C-6E0B03C18E00}) (Version: 1.1.0.0 - MINECRAFTinstall.net)
Minecraft 1.4.6 + Optifine a xray i na multiplayer!!! version for Windows (HKLM\...\{0C37C68C-09A5-062D-A29E-5ACA5382B162}_is1) (Version: for Windows - )
MINECRAFT 1.7.2 (HKLM\...\MINECRAFT 1.7.2) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)
Mythic Mahjong (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}) (Version: - Oberon Media)
Nástroj pro odesílání služby Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Nero 8 (HKLM\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1029}) (Version: 8.3.465 - Nero AG)
NHL07 Demo (HKLM\...\{52419193-3A1B-4264-00BF-44BE0646F189}) (Version: - )
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - Název společnosti:)
NTI Media Maker 8 (Version: 8.0.2.6329 - Název společnosti:) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
Příručka pro síť EPSON SX235 Series (HKLM\...\EPSON SX235 Series Netg) (Version: - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Snagit 11 (HKLM\...\{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}) (Version: 11.0.0 - TechSmith Corporation)
Software Intel(R) PROSet/Wireless WiFi (HKLM\...\{26921B2E-3E62-47F9-A514-1FC4A83BD738}) (Version: 12.00.0004 - Intel(R) Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.1 - Synaptics)
Tekkit Tweaker, ver. 3.1.3_1.2 (HKLM\...\{A1B20375-B751-404F-A2B3-AC1C181C6F43}_is1) (Version: - dog.big's production)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
Uživatelská příručka EPSON SX235 Series (HKLM\...\EPSON SX235 Series Useg) (Version: - )
Validity Sensors software (HKLM\...\{567E8236-C414-4888-8211-3D61608D57AE}) (Version: 2.7.44 - Validity Sensors, Inc.)
WIDCOMM Bluetooth Software 6.0.1.5000 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.5000 - Broadcom Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{4B4451CE-D1E6-4BDE-B4B2-59F03BB83B7C}) (Version: 14.0.8050.1202 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
winrar version for Windows (HKLM\...\{4BE924CF-2724-FA45-76B7- 2153CA4AEC6}_is1) (Version: for Windows - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Users\pc\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Users\pc\AppData\Local\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000_Classes\CLSID\{293600C7-E7B6-4f06-9329-D8522A33C7E8}\InprocServer32 -> C:\Users\pc\AppData\Local\TechSmith\SnagIt\Accessories\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\CamtasiaOutput.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Users\pc\AppData\Local\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Users\pc\AppData\Local\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000_Classes\CLSID\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\InprocServer32 -> C:\Users\pc\AppData\Local\TechSmith\SnagIt\Accessories\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\CamtasiaOutput.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000_Classes\CLSID\{be328dbe-9f5b-407f-BAFF-827fc6db1aa4}\InprocServer32 -> C:\Users\pc\AppData\Roaming\KB-ext\lib\x86\PKIComponentAX-kbext.dll (Komerční banka, a.s.)

==================== Restore Points =========================

01-01-2001 01:14:35 End of disinfection
05-10-2015 11:34:48 Windows Update
05-10-2015 12:55:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2001-01-01 01:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Společnost Microsoft)
Task: {3096DDE0-2B61-4636-B253-4091AC9CFB48} - System32\Tasks\{C018A0C4-EB45-4799-9E72-8F25408BC42E} => Iexplore.exe http://ui.skype.com/ui/0/6.3.60.107/cs/ ... rogressBar
Task: {3F042D58-38B0-4C41-81F1-E1CFFECA57DC} - \TuneUpUtilities_Task_BkGndMaintenance2013 -> No File <==== ATTENTION
Task: {40D90371-B3AF-4155-AF36-4C15131E42AB} - System32\Tasks\{C0541392-3677-4DDF-8E86-CD73B6FCEE64} => Iexplore.exe http://ui.skype.com/ui/0/6.3.60.107/cs/ ... rogressBar
Task: {487D57AD-0E98-4A9C-9EFB-76672B32B3CB} - System32\Tasks\{FE40A61C-B4C0-4D63-9897-5E7A41BBF03C} => pcalua.exe -a C:\Users\pc\AppData\Roaming\.minecraft\Minecraft.exe -d C:\Users\pc\AppData\Roaming\.minecraft\
Task: {517D746A-DF61-417F-8708-071B31D322F1} - System32\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {58988AEF-AE10-42D4-90ED-3A089AB2F0A9} - System32\Tasks\{34779CC0-7249-4AF2-96AA-CBACDE90B045} => Iexplore.exe http://ui.skype.com/ui/0/6.3.60.107/cs/ ... rogressBar
Task: {A3048D6B-0B89-4BD7-BD76-4786F800F186} - System32\Tasks\{01CC3E5D-46DD-474D-B9EA-A02F7F25027E} => Iexplore.exe http://ui.skype.com/ui/0/6.3.60.107/cs/ ... rogressBar
Task: {A8800DFD-43D7-4959-A154-5D19E38427D1} - \SUPERAntiSpyware Scheduled Task 78132ec3-0e3b-42d9-9332-9dff366e5fd0 -> No File <==== ATTENTION
Task: {B16260EC-FBF0-4409-A9DB-885279C9859A} - System32\Tasks\{51B767B9-FA3A-4DB7-BCF0-F6F02E9A1101} => Iexplore.exe http://ui.skype.com/ui/0/6.3.60.105/cs/ ... age=tsMain
Task: {B4A30A9A-27F0-4D5A-8178-47730AB36271} - System32\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {BE5A23F8-2380-42EE-AF95-194F6D1E7F18} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {C48C53DC-20E7-426A-AA86-1776BC8D2C94} - \SUPERAntiSpyware Scheduled Task ac0f788d-ddbf-4618-b27e-1e7e171430d5 -> No File <==== ATTENTION
Task: {C656639A-C340-4259-9175-30ABB1ED51BA} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2008-04-30 20:13 - 2008-04-30 20:13 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-01-20 06:53 - 2009-01-20 06:53 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2009-01-20 06:53 - 2009-01-20 06:53 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-01-20 06:53 - 2009-01-20 06:53 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-07-29 18:52 - 2008-07-29 18:52 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2011-03-11 16:42 - 2008-01-16 19:35 - 00081504 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2009-01-20 06:53 - 2008-06-02 10:25 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-01-20 06:53 - 2009-01-20 06:53 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-01-20 06:53 - 2009-01-20 06:53 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-01-20 06:53 - 2009-01-20 06:53 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-01-20 07:07 - 2008-05-30 13:22 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2009-01-20 07:05 - 2008-05-26 15:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2009-01-20 07:05 - 2008-05-26 15:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2009-01-20 07:05 - 2008-05-26 15:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2009-01-20 07:05 - 2008-05-26 15:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2011-03-11 16:16 - 2011-03-11 16:16 - 03520512 _____ () C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
2009-01-20 07:31 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2009-01-20 07:31 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2012-04-15 20:38 - 2012-04-15 20:38 - 00066872 _____ () C:\Windows\system32\PnkBstrA.exe
2009-01-20 07:30 - 2007-01-09 19:25 - 00272024 _____ () C:\Program Files\Cyberlink\Shared files\RichVideo.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:793F316E
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:7CACEF61
AlternateDataStreams: C:\ProgramData\Temp:A42A9F39
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:C99F6ECA
AlternateDataStreams: C:\ProgramData\Temp:F3176E45

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\...\mojeplatba.cz -> hxxps://www.mojeplatba.cz


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: ProductReg => "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{29CD75D9-585E-4A49-87C6-A242FE143D75}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{80CB416D-61B0-404C-A31C-7D704F0A5C2C}] => (Allow) svchost.exe
FirewallRules: [{81E82D9E-96F0-4BC3-9669-23D267F90366}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{9FEA282E-169A-41B7-B9BC-E69837F9F52F}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{EE1D520F-3DCC-46BA-8273-2671F7940F42}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{ABD94190-5D32-4167-88A4-A69B3CD16862}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{4FF23259-A158-47CF-B5CE-8B76DBDFB3E8}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{DDDA18A4-4138-4406-A75C-517E7FC683B6}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{C7752A2B-86B9-4164-95EF-87130BCAADC5}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{A86139B4-3C95-4D0D-A8E7-1E3C0E977452}] => (Allow) C:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{FB7CA399-71E2-443C-9323-F9ECA5C29743}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{15A1CD96-F186-470D-8702-2659BE61D050}] => (Allow) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{E5C7FBE7-6E4A-4133-8670-554EE83E9244}] => (Allow) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{E0C8F1F3-DF42-446D-8963-AAD81B67154D}] => (Allow) C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{A960FD69-0E1C-45EF-89D9-3E461025F2B2}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [TCP Query User{AAF6DE69-ACED-4467-9023-586C2F75CE84}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{D702F3C8-2C84-48F3-8FB0-E47FA71D8243}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{18322612-F809-4F5B-B37A-1FF0DD63B655}] => (Allow) LPort=80
FirewallRules: [{86EB3374-DB86-43D9-B0D3-95F5A8E39B21}] => (Allow) LPort=80
FirewallRules: [{15E1CDD8-5BA6-4955-A08D-9E7FAE2BC204}] => (Allow) LPort=80
FirewallRules: [TCP Query User{EA87B155-DBEC-4415-B53A-F5FCE5F3BBD1}C:\program files\topcd\army men\army men rts\amrts.exe] => (Block) C:\program files\topcd\army men\army men rts\amrts.exe
FirewallRules: [UDP Query User{6D1966DD-6482-4377-992D-3A74388F5340}C:\program files\topcd\army men\army men rts\amrts.exe] => (Block) C:\program files\topcd\army men\army men rts\amrts.exe
FirewallRules: [{DEF44B31-B54A-491D-B35D-4E92EC454C17}] => (Allow) C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
FirewallRules: [{62D3064D-0F2F-483E-892D-01859F4C4B13}] => (Allow) C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
FirewallRules: [{0E2EA41A-1E84-4635-8AB0-0D1F057BF0D7}] => (Allow) C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{5B23A2EA-6915-4337-9301-8C1357350711}] => (Allow) C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{88731842-A8FF-4B89-B368-103D520B68B2}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{B2C53174-3EA7-42DF-8957-A0E5517478EC}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{BF398E23-C3EF-4021-9E77-E7214713D568}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{AFDC0631-C69D-4B65-BD96-845132FEBF86}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [TCP Query User{378D99D0-527F-436B-BFCE-3ECCF51E1168}C:\program files\eidos\pyro studios\commandos 3 - destination berlin\commandos3.exe] => (Block) C:\program files\eidos\pyro studios\commandos 3 - destination berlin\commandos3.exe
FirewallRules: [UDP Query User{5031E02C-1B4E-420F-9ED1-8A94D73F0616}C:\program files\eidos\pyro studios\commandos 3 - destination berlin\commandos3.exe] => (Block) C:\program files\eidos\pyro studios\commandos 3 - destination berlin\commandos3.exe
FirewallRules: [TCP Query User{46861E2C-3823-4BE1-AA7C-45212B327E20}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{F30E73D1-0434-4D8A-96E7-0556F0D12BDE}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{D5256C57-067F-47BF-BE59-EC522123EA52}C:\program files\java\jre7\bin\java.exe] => (Block) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{C79C6DD2-4DBA-43DD-89FF-F75413DBCD2F}C:\program files\java\jre7\bin\java.exe] => (Block) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{8768E63F-939F-4644-B8AC-87846E146B22}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F1AA677D-8263-4083-9920-57B9800D9B60}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3CE33C70-ACAD-4AE4-BB88-8742C7782669}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{AC0301AA-ADF9-47A6-83DC-97F9D4EE7962}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{83622738-ADE9-49D6-9384-88B6FACDFF73}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{6F3091A6-B4E2-46E8-A983-E857B19BE01C}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{99D8FE0A-13C7-4D17-9800-BC05F193893F}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{7D4935BB-E8C4-48E0-857B-DC4555DA46B8}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{634E8E58-6DF1-4CA3-B1B2-0105EA0061FE}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{66D1DA4F-C1E8-403F-860D-7B7783EE2802}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{DF544316-B2BE-4D7C-9604-EC79CB3A56A0}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{7ED698D6-0CEF-460D-927D-C3F705FD67B4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{5B5AA455-D31B-4379-9B24-2EFFCA29F35A}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{1E2FAB05-883C-410A-BABC-D8B0CBCE6494}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{383079CE-FDD3-43D3-AFFA-108DCB87078D}C:\program files\java\jre7\bin\java.exe] => (Block) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{D21DC53A-4C63-48D9-BFE4-311215C99E11}C:\program files\java\jre7\bin\java.exe] => (Block) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{93043414-7DEB-4692-A547-5D59B03D5EC3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2015 10:26:48 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Avira.ServiceHost.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentOutOfRangeException
Zásobník:
na System.Threading.Timer..ctor(System.Threading.TimerCallback, System.Object, Int32, Int32)
na System.Timers.Timer.set_Enabled(Boolean)
na System.Timers.Timer.Start()
na Avira.OE.WinCore.SystemTimersBasedTimer.Start(System.TimeSpan)
na Avira.OE.WinCore.DelayedTimer.Start(System.TimeSpan, System.TimeSpan)
na Avira.OE.WinCore.RecurrentUserProfileUpdater.StartRecurrentCheck(System.TimeSpan)
na Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
na System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
na System.Threading.ThreadPoolWorkQueue.Dispatch()
na System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (01/01/2001 12:06:07 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Avira.ServiceHost.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentOutOfRangeException
Zásobník:
na System.Threading.Timer..ctor(System.Threading.TimerCallback, System.Object, Int32, Int32)
na System.Timers.Timer.set_Enabled(Boolean)
na System.Timers.Timer.Start()
na Avira.OE.WinCore.SystemTimersBasedTimer.Start(System.TimeSpan)
na Avira.OE.WinCore.DelayedTimer.Start(System.TimeSpan, System.TimeSpan)
na Avira.OE.WinCore.RecurrentUserProfileUpdater.StartRecurrentCheck(System.TimeSpan)
na Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
na System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
na System.Threading.ThreadPoolWorkQueue.Dispatch()
na System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (10/05/2015 01:40:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace SynTPEnh.exe, verze 10.2.4.1, časové razítko 0x47f6c0c1, chybující modul SynTPEnh.exe, verze 10.2.4.1, časové razítko 0x47f6c0c1, kód výjimky 0xc0000409, posun chyby 0x0002988c,
ID procesu 0x474, čas spuštění aplikace 0xSynTPEnh.exe0.

Error: (10/05/2015 12:55:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Přístup byl odepřen.

Error: (10/05/2015 12:55:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Přístup byl odepřen.

Error: (10/05/2015 11:58:59 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: PolicyAgent

Error: (10/05/2015 11:58:59 AM) (Source: Perflib) (EventID: 1005) (User: )
Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent4

Error: (10/05/2015 11:58:59 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (10/05/2015 11:58:57 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (10/05/2015 11:34:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Přístup byl odepřen.


System errors:
=============
Error: (10/06/2015 10:26:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Avira Service Host1100001Restartovat službu

Error: (01/01/2001 12:06:10 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba KTMRM pro koordinátor DTC2147942438 (0x80070026)

Error: (01/01/2001 12:06:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Avira Service Host1100001Restartovat službu

Error: (01/01/2001 12:01:55 AM) (Source: W32Time) (EventID: 34) (User: )
Description: Služba Systémový čas zjistila, že je nutné změnit systémový čas o +465819583 sekund. Služba Systémový čas nemění systémový čas o více než +54000 sekund. Ověřte správnost času a časového pásma, a zda zdroj času time-b.nist.gov,0x9 (ntp.m|0x9|0.0.0.0:123->129.6.15.29:123) pracuje správně.

Error: (10/05/2015 02:05:02 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba KTMRM pro koordinátor DTC2147942438 (0x80070026)

Error: (10/05/2015 02:03:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: LogMeIn Hamachi Tunneling Engine%%1053

Error: (10/05/2015 02:03:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000LogMeIn Hamachi Tunneling Engine

Error: (10/05/2015 01:32:08 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba KTMRM pro koordinátor DTC2147942438 (0x80070026)

Error: (10/05/2015 01:26:29 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Klient zásad skupiny

Error: (10/05/2015 12:36:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba KTMRM pro koordinátor DTC2147942438 (0x80070026)


CodeIntegrity:
===================================
Date: 2001-01-01 01:13:33.323
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2001-01-01 01:13:32.668
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2001-01-01 01:13:31.919
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2001-01-01 01:13:31.154
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2001-01-01 01:13:30.406
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2001-01-01 00:33:05.929
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2001-01-01 00:33:05.242
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2001-01-01 00:33:04.571
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2001-01-01 00:33:03.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2001-01-01 00:33:02.497
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 60%
Total physical RAM: 3068.04 MB
Available physical RAM: 1199.3 MB
Total Virtual: 6340.34 MB
Available Virtual: 4338.34 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:142.69 GB) (Free:52.59 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:137.7 GB) (Free:137.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 08A1049C)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=142.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=137.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=12)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR

Příspěvekod jaro3 » 07 říj 2015 09:55

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> DefaultScope {00B409F9-12B1-4A91-81EB-078C48B0ABEF} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {00B409F9-12B1-4A91-81EB-078C48B0ABEF} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {07CF137C-BF0B-4F78-8E85-92F1E95DFB3A} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {0E65AD17-19E9-41B6-A4C2-B37A4CE26B38} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {20EFC17B-6739-45C2-ABC3-8E8D5E007C60} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {5D60DF08-43B1-4B4A-B96B-0FECC2974E02} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {A7377303-F571-40F5-A397-5DFCF56521C9} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {F9A51075-98E9-4CCF-9C81-2423E63626D1} URL = hxxp://www.firmy.cz/phr/{searchTerms}?sourceid=QuickSearch_12454
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\pc\AppData\Local\Temp\CFcatchme.sys [X]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1.job
C:\ProgramData\nvModes.001
C:\ProgramData\nvModes.dat
C:\Users\pc\AppData\Local\temp\avgnt.exe
Task: {3F042D58-38B0-4C41-81F1-E1CFFECA57DC} - \TuneUpUtilities_Task_BkGndMaintenance2013 -> No File <==== ATTENTION
Task: {517D746A-DF61-417F-8708-071B31D322F1} - System32\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {A8800DFD-43D7-4959-A154-5D19E38427D1} - \SUPERAntiSpyware Scheduled Task 78132ec3-0e3b-42d9-9332-9dff366e5fd0 -> No File <==== ATTENTION
Task: {B4A30A9A-27F0-4D5A-8178-47730AB36271} - System32\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {C48C53DC-20E7-426A-AA86-1776BC8D2C94} - \SUPERAntiSpyware Scheduled Task ac0f788d-ddbf-4618-b27e-1e7e171430d5 -> No File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770.job => C:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:793F316E
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:7CACEF61
AlternateDataStreams: C:\ProgramData\Temp:A42A9F39
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:C99F6ECA
AlternateDataStreams: C:\ProgramData\Temp:F3176E45

EmptyTemp:

End
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Aktualizuj javu:
[url= http://www.oracle.com/technetwork/java/ ... 33155.html
]Java SE Runtime Environment 8[/url]

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-8-windows-i586-p.exe nebo
jre-8-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

tomas_ch
Level 2.5
Level 2.5
Příspěvky: 353
Registrován: srpen 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR

Příspěvekod tomas_ch » 07 říj 2015 20:13

Zdravim,
k tomu pocitaci se dostanu az v patek dopoledne.

Diky

T.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR

Příspěvekod jaro3 » 07 říj 2015 21:31

OK.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

tomas_ch
Level 2.5
Level 2.5
Příspěvky: 353
Registrován: srpen 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR

Příspěvekod tomas_ch » 09 říj 2015 11:44

Fix result of Farbar Recovery Scan Tool (x86) Version:08-10-2015
Ran by pc (2000-12-31 23:07:13) Run:1
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> DefaultScope {00B409F9-12B1-4A91-81EB-078C48B0ABEF} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {00B409F9-12B1-4A91-81EB-078C48B0ABEF} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {07CF137C-BF0B-4F78-8E85-92F1E95DFB3A} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {0E65AD17-19E9-41B6-A4C2-B37A4CE26B38} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {20EFC17B-6739-45C2-ABC3-8E8D5E007C60} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {5D60DF08-43B1-4B4A-B96B-0FECC2974E02} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {A7377303-F571-40F5-A397-5DFCF56521C9} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3280974334-3652872388-2672934827-1000 -> {F9A51075-98E9-4CCF-9C81-2423E63626D1} URL = hxxp://www.firmy.cz/phr/{searchTerms}?sourceid=QuickSearch_12454
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\pc\AppData\Local\Temp\CFcatchme.sys [X]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1.job
C:\ProgramData\nvModes.001
C:\ProgramData\nvModes.dat
C:\Users\pc\AppData\Local\temp\avgnt.exe
Task: {3F042D58-38B0-4C41-81F1-E1CFFECA57DC} - \TuneUpUtilities_Task_BkGndMaintenance2013 -> No File <==== ATTENTION
Task: {517D746A-DF61-417F-8708-071B31D322F1} - System32\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {A8800DFD-43D7-4959-A154-5D19E38427D1} - \SUPERAntiSpyware Scheduled Task 78132ec3-0e3b-42d9-9332-9dff366e5fd0 -> No File <==== ATTENTION
Task: {B4A30A9A-27F0-4D5A-8178-47730AB36271} - System32\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {C48C53DC-20E7-426A-AA86-1776BC8D2C94} - \SUPERAntiSpyware Scheduled Task ac0f788d-ddbf-4618-b27e-1e7e171430d5 -> No File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770.job => C:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:793F316E
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:7CACEF61
AlternateDataStreams: C:\ProgramData\Temp:A42A9F39
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:C99F6ECA
AlternateDataStreams: C:\ProgramData\Temp:F3176E45

EmptyTemp:
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{00B409F9-12B1-4A91-81EB-078C48B0ABEF}" => key removed successfully.
HKCR\CLSID\{00B409F9-12B1-4A91-81EB-078C48B0ABEF} => key not found.
"HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07CF137C-BF0B-4F78-8E85-92F1E95DFB3A}" => key removed successfully.
HKCR\CLSID\{07CF137C-BF0B-4F78-8E85-92F1E95DFB3A} => key not found.
"HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0E65AD17-19E9-41B6-A4C2-B37A4CE26B38}" => key removed successfully.
HKCR\CLSID\{0E65AD17-19E9-41B6-A4C2-B37A4CE26B38} => key not found.
"HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20EFC17B-6739-45C2-ABC3-8E8D5E007C60}" => key removed successfully.
HKCR\CLSID\{20EFC17B-6739-45C2-ABC3-8E8D5E007C60} => key not found.
"HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5D60DF08-43B1-4B4A-B96B-0FECC2974E02}" => key removed successfully.
HKCR\CLSID\{5D60DF08-43B1-4B4A-B96B-0FECC2974E02} => key not found.
"HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
"HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A7377303-F571-40F5-A397-5DFCF56521C9}" => key removed successfully.
HKCR\CLSID\{A7377303-F571-40F5-A397-5DFCF56521C9} => key not found.
"HKU\S-1-5-21-3280974334-3652872388-2672934827-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F9A51075-98E9-4CCF-9C81-2423E63626D1}" => key removed successfully.
HKCR\CLSID\{F9A51075-98E9-4CCF-9C81-2423E63626D1} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully.
catchme => service removed successfully.
CFcatchme => service removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1.job => moved successfully
C:\ProgramData\nvModes.001 => moved successfully
C:\ProgramData\nvModes.dat => moved successfully
C:\Users\pc\AppData\Local\temp\avgnt.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F042D58-38B0-4C41-81F1-E1CFFECA57DC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F042D58-38B0-4C41-81F1-E1CFFECA57DC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance2013" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{517D746A-DF61-417F-8708-071B31D322F1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{517D746A-DF61-417F-8708-071B31D322F1}" => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1c0737e395436a1" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{561375CB-FF5A-417B-B297-BA73DE149581}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561375CB-FF5A-417B-B297-BA73DE149581}" => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired\GatherWiredInfo" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8800DFD-43D7-4959-A154-5D19E38427D1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8800DFD-43D7-4959-A154-5D19E38427D1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 78132ec3-0e3b-42d9-9332-9dff366e5fd0" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4A30A9A-27F0-4D5A-8178-47730AB36271}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4A30A9A-27F0-4D5A-8178-47730AB36271}" => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1c0744c99e4f770" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C48C53DC-20E7-426A-AA86-1776BC8D2C94}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C48C53DC-20E7-426A-AA86-1776BC8D2C94}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task ac0f788d-ddbf-4618-b27e-1e7e171430d5" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}" => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo" => key removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1c0737e395436a1.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1c0744c99e4f770.job => not found.
C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully..
C:\ProgramData\Temp => ":793F316E" ADS removed successfully..
C:\ProgramData\Temp => ":798A3728" ADS removed successfully..
C:\ProgramData\Temp => ":7CACEF61" ADS removed successfully..
C:\ProgramData\Temp => ":A42A9F39" ADS removed successfully..
C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully..
C:\ProgramData\Temp => ":C99F6ECA" ADS removed successfully..
C:\ProgramData\Temp => ":F3176E45" ADS removed successfully..
EmptyTemp: => 100 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:08:04 ====

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR

Příspěvekod Orcus » 09 říj 2015 11:54

Jak to vypadá nyní?
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

tomas_ch
Level 2.5
Level 2.5
Příspěvky: 353
Registrován: srpen 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu, asi VIR  Vyřešeno

Příspěvekod tomas_ch » 10 říj 2015 10:33

Zdravim,
ja myslim, ze uz to je v pohode.
Oznacuji jako vyresene.
Poprosim majitele notebooku, aby Vam prispel nejakou castkou.

Dekuji za pomoc

T.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 95 hostů