Prosím o kontrolu logu Vyřešeno

[OTAS]

V ovládacích panelech odinstalovat ESS vůbec není ani v Revo Uninstaller Pro není. Akorát v program files.když dám ESET ODSTRANIT TAK MĚ TO NAPÍŠE TOTO.

[Reklama]

[OTAS]

[OTAS]

OTL logfile created on: 12.4.2015 11:23:54 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DOMA\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,95 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,76% Memory free
7,90 Gb Paging File | 6,30 Gb Available in Paging File | 79,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,45 Gb Total Space | 322,66 Gb Free Space | 69,32% Space Free | Partition Type: NTFS

Computer Name: DOMA-PC | User Name: DOMA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\DOMA\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe (ZONER software)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
MOD - C:\Program Files\Zoner\Photo Studio 17\Program32\SpiderMonkey.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Garmin Device Interaction Service) -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Garmin Ltd. or its subsidiaries)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (ESETCleanersDriver) -- C:\Windows\SysNative\drivers\ESETCleanersDriver.sys (ESET)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (t_mouse.sys) -- C:\Windows\SysNative\drivers\t_mouse.sys ()
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "https://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3m
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.2.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.12.10 20:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2013.07.17 14:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Extensions
[2015.04.01 13:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\extensions
[2015.03.31 13:17:21 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2014.11.10 10:57:23 | 000,000,000 | ---D | M] (ÄŚeskĂ˝ slovnĂ­k pro kontrolu pravopisu) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\extensions\cs@dictionaries.addons.mozilla.org
[2014.07.02 19:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles3amwd1fg.default\extensions
[2014.07.02 19:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles3amwd1fg.default\extensions\staged
[2014.10.22 17:54:34 | 000,060,307 | ---- | M] () (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\extensions\translator@zoli.bod.xpi
[2015.04.01 13:14:12 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.11.17 21:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015.04.04 11:23:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2014.12.03 08:31:20 | 000,227,048 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2015.04.11 13:50:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKCU..\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE (ZONER software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Od&eslat do aplikace OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: localhost ([]http in Internet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.37 213.46.172.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46CE7C2C-097E-4C61-B2B8-8D48A20850AB}: DhcpNameServer = 213.46.172.37 213.46.172.36
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015.04.11 18:01:01 | 000,170,280 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\ESETCleanersDriver.sys
[2015.04.11 17:27:32 | 011,231,944 | ---- | C] (ESET) -- C:\Users\DOMA\Desktop\avremover_nt64_enu.exe
[2015.04.11 13:54:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015.04.11 13:50:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015.04.11 13:41:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015.04.10 10:07:36 | 005,200,384 | ---- | C] (AVAST Software) -- C:\Users\DOMA\Desktop\aswmbr.exe
[2015.04.10 08:54:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015.04.10 08:54:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015.04.10 08:54:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015.04.10 08:53:30 | 005,617,275 | R--- | C] (Swearware) -- C:\Users\DOMA\Desktop\ComboFix.exe
[2015.04.09 17:59:41 | 000,000,000 | ---D | C] -- C:\Users\DOMA\AppData\Roaming\10620
[2015.04.09 12:08:26 | 000,000,000 | ---D | C] -- C:\Users\DOMA\AppData\Roaming\ESET
[2015.04.09 12:08:26 | 000,000,000 | ---D | C] -- C:\Users\DOMA\AppData\Local\ESET
[2015.04.09 09:02:51 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015.04.09 09:02:51 | 000,957,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015.04.09 09:02:51 | 000,769,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015.04.09 09:02:51 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015.04.09 09:02:51 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015.04.09 09:02:51 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015.04.09 09:02:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015.04.09 09:02:50 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015.04.08 20:00:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2015.04.08 16:53:29 | 000,000,000 | ---D | C] -- C:\Users\DOMA\AppData\Roaming\10415
[2015.04.08 16:25:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DOMA\Desktop\OTL.exe
[2015.04.07 19:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015.04.07 10:07:46 | 000,000,000 | ---D | C] -- C:\Users\DOMA\AppData\Local\Temp
[2015.04.07 08:47:03 | 000,000,000 | ---D | C] -- C:\Users\DOMA\AppData\Local\Adobe
[2015.04.04 18:04:15 | 000,000,000 | ---D | C] -- C:\Users\DOMA\AppData\Local\CrashDumps
[2015.04.04 18:03:31 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015.04.04 18:02:01 | 002,690,981 | ---- | C] (Thisisu) -- C:\Users\DOMA\Desktop\JRT.exe
[2015.04.04 11:52:29 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.04.04 11:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015.04.04 11:52:15 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015.04.04 11:52:15 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015.04.04 11:52:15 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015.04.04 11:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015.04.04 11:47:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.04.03 19:58:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\DOMA\Desktop\HijackThis.exe
[2015.04.03 18:42:13 | 000,000,000 | ---D | C] -- C:\Users\DOMA\AppData\Roaming\TuneUp Software
[2015.04.03 18:39:37 | 000,000,000 | ---D | C] -- C:\Users\DOMA\AppData\Local\MFAData
[2015.04.03 18:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2015.04.02 17:59:36 | 000,000,000 | ---D | C] -- C:\Users\DOMA\Desktop\Nová složka 2
[2015.04.02 17:13:15 | 000,000,000 | ---D | C] -- C:\Users\DOMA\Desktop\Nová složka
[2015.04.01 10:30:05 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX
[2015.04.01 10:30:05 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX
[2015.03.31 15:23:46 | 000,000,000 | ---D | C] -- C:\Users\DOMA\Documents\Ashampoo Burning Studio 2015
[2015.03.30 18:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2015.03.28 17:42:18 | 000,000,000 | ---D | C] -- C:\Users\DOMA\AppData\Local\Garmin_Ltd._or_its_subsid
[2015.03.27 10:51:16 | 000,000,000 | ---D | C] -- C:\Users\DOMA\Desktop\Adéla ještě nevečeřela
[2015.03.24 21:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2015.03.21 19:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2015.03.13 14:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2014.01.06 17:43:35 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\DOMA\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2015.04.12 11:18:28 | 000,039,674 | ---- | M] () -- C:\Users\DOMA\Desktop\Výstřižek.JPG
[2015.04.12 11:18:28 | 000,000,110 | -H-- | M] () -- C:\Users\DOMA\Desktop\Výstřižek.JPG.uid-zps
[2015.04.12 11:00:07 | 000,025,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.04.12 11:00:07 | 000,025,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.04.12 10:51:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.04.12 10:51:13 | 3183,353,856 | -HS- | M] () -- C:\hiberfil.sys
[2015.04.11 20:32:09 | 000,002,392 | ---- | M] () -- C:\Users\DOMA\Documents\cc_20150411_203206.reg
[2015.04.11 18:01:01 | 000,170,280 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\ESETCleanersDriver.sys
[2015.04.11 17:27:45 | 011,231,944 | ---- | M] (ESET) -- C:\Users\DOMA\Desktop\avremover_nt64_enu.exe
[2015.04.11 13:50:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015.04.10 10:07:39 | 005,200,384 | ---- | M] (AVAST Software) -- C:\Users\DOMA\Desktop\aswmbr.exe
[2015.04.10 08:53:39 | 005,617,275 | R--- | M] (Swearware) -- C:\Users\DOMA\Desktop\ComboFix.exe
[2015.04.09 11:54:55 | 001,584,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015.04.09 11:54:55 | 000,668,866 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2015.04.09 11:54:55 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015.04.09 11:54:55 | 000,141,526 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2015.04.09 11:54:55 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015.04.08 16:25:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DOMA\Desktop\OTL.exe
[2015.04.08 07:46:02 | 000,059,611 | ---- | M] () -- C:\Users\DOMA\Documents\Výstřižek.JPG
[2015.04.07 19:58:43 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2015.04.07 15:42:34 | 000,050,390 | ---- | M] () -- C:\Users\DOMA\Desktop\Scooter-20_Years_Of_Hardcore-Front.JPG
[2015.04.07 15:42:30 | 000,037,663 | ---- | M] () -- C:\Users\DOMA\Desktop\Scooter-20_Years_Of_Hardcore-Back.JPG
[2015.04.07 15:13:44 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015.04.07 12:52:36 | 000,410,964 | ---- | M] () -- C:\Users\DOMA\Desktop\e35d6d3195bb.jpg
[2015.04.07 11:33:33 | 002,186,845 | ---- | M] () -- C:\Users\DOMA\Desktop\Within Temptation - Let Us Burn - Cover.jpg
[2015.04.07 10:13:59 | 000,852,607 | ---- | M] () -- C:\Users\DOMA\Desktop\SecurityCheck.exe
[2015.04.07 09:52:28 | 004,317,228 | ---- | M] () -- C:\Users\DOMA\Desktop\zoek.rar
[2015.04.07 09:44:28 | 000,037,624 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015.04.07 09:07:58 | 000,001,128 | ---- | M] () -- C:\Users\DOMA\AppData\Local\MRDownloader.nast
[2015.04.07 07:58:31 | 020,436,568 | ---- | M] () -- C:\Users\DOMA\Desktop\RogueKillerX64.exe
[2015.04.04 18:03:34 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-DOMA-PC-Windows-7-Professional-(64-bit).dat
[2015.04.04 18:02:07 | 002,690,981 | ---- | M] (Thisisu) -- C:\Users\DOMA\Desktop\JRT.exe
[2015.04.04 11:52:18 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.04 11:33:45 | 002,208,768 | ---- | M] () -- C:\Users\DOMA\Desktop\adwcleaner_4.200.exe
[2015.04.03 19:58:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\DOMA\Desktop\HijackThis.exe
[2015.04.03 19:50:05 | 000,007,608 | ---- | M] () -- C:\Users\DOMA\Documents\cc_20150403_194959.reg
[2015.04.03 10:06:03 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.04.02 19:35:18 | 3748,691,490 | ---- | M] () -- C:\Users\DOMA\Desktop\VA.-.Coleccion.De.Musica.Disco.De.Los.Anyos.80.[1-20].MP3.[www.DivxTotaL.com].rar
[2015.03.31 11:58:38 | 000,778,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015.03.31 11:58:38 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015.03.29 22:42:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015.03.26 21:03:06 | 001,094,961 | ---- | M] () -- C:\Users\DOMA\Desktop\Adela_Jeste_Nevecerela_Muzikal-Cover.JPG
[2015.03.24 21:39:56 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\DOMA\AppData\Roaming\pcouffin.sys
[2015.03.24 21:39:56 | 000,007,859 | ---- | M] () -- C:\Users\DOMA\AppData\Roaming\pcouffin.cat
[2015.03.24 21:39:56 | 000,001,167 | ---- | M] () -- C:\Users\DOMA\AppData\Roaming\pcouffin.inf
[2015.03.24 21:39:55 | 000,001,232 | ---- | M] () -- C:\Users\DOMA\Desktop\ConvertXToDVD 5.lnk
[2015.03.24 20:25:29 | 000,002,118 | ---- | M] () -- C:\Users\DOMA\Documents\cc_20150324_192525.reg
[2015.03.23 22:25:03 | 000,000,017 | ---- | M] () -- C:\Users\DOMA\AppData\Local\resmon.resmoncfg
[2015.03.23 05:25:15 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015.03.23 05:25:01 | 000,769,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015.03.23 05:24:56 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015.03.23 05:24:54 | 000,957,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015.03.23 05:24:53 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015.03.23 05:24:53 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015.03.23 05:24:53 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015.03.23 05:17:39 | 001,111,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015.03.17 06:15:38 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015.03.17 06:15:28 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015.03.17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015.03.13 14:26:47 | 000,001,788 | ---- | M] () -- C:\Users\DOMA\Documents\cc_20150313_132642.reg

========== Files Created - No Company Name ==========

[2015.04.12 11:18:28 | 000,000,110 | -H-- | C] () -- C:\Users\DOMA\Desktop\Výstřižek.JPG.uid-zps
[2015.04.12 11:03:16 | 000,039,674 | ---- | C] () -- C:\Users\DOMA\Desktop\Výstřižek.JPG
[2015.04.11 20:32:08 | 000,002,392 | ---- | C] () -- C:\Users\DOMA\Documents\cc_20150411_203206.reg
[2015.04.10 08:54:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015.04.10 08:54:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015.04.10 08:54:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015.04.10 08:54:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015.04.10 08:54:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015.04.08 07:51:14 | 000,059,611 | ---- | C] () -- C:\Users\DOMA\Documents\Výstřižek.JPG
[2015.04.07 15:42:34 | 000,050,390 | ---- | C] () -- C:\Users\DOMA\Desktop\Scooter-20_Years_Of_Hardcore-Front.JPG
[2015.04.07 15:42:29 | 000,037,663 | ---- | C] () -- C:\Users\DOMA\Desktop\Scooter-20_Years_Of_Hardcore-Back.JPG
[2015.04.07 12:52:36 | 000,410,964 | ---- | C] () -- C:\Users\DOMA\Desktop\e35d6d3195bb.jpg
[2015.04.07 11:33:02 | 002,186,845 | ---- | C] () -- C:\Users\DOMA\Desktop\Within Temptation - Let Us Burn - Cover.jpg
[2015.04.07 10:13:56 | 000,852,607 | ---- | C] () -- C:\Users\DOMA\Desktop\SecurityCheck.exe
[2015.04.07 10:07:46 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2015.04.07 09:52:19 | 004,317,228 | ---- | C] () -- C:\Users\DOMA\Desktop\zoek.rar
[2015.04.07 07:58:16 | 020,436,568 | ---- | C] () -- C:\Users\DOMA\Desktop\RogueKillerX64.exe
[2015.04.04 18:03:34 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DOMA-PC-Windows-7-Professional-(64-bit).dat
[2015.04.04 11:52:18 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.04.04 11:33:39 | 002,208,768 | ---- | C] () -- C:\Users\DOMA\Desktop\adwcleaner_4.200.exe
[2015.04.03 19:50:03 | 000,007,608 | ---- | C] () -- C:\Users\DOMA\Documents\cc_20150403_194959.reg
[2015.04.02 19:21:05 | 3748,691,490 | ---- | C] () -- C:\Users\DOMA\Desktop\VA.-.Coleccion.De.Musica.Disco.De.Los.Anyos.80.[1-20].MP3.[www.DivxTotaL.com].rar
[2015.04.02 18:31:15 | 012,649,312 | ---- | C] () -- C:\Users\DOMA\Desktop\25_03_RIGHEIRA - Vamos a la playa.mp3
[2015.03.26 21:03:06 | 001,094,961 | ---- | C] () -- C:\Users\DOMA\Desktop\Adela_Jeste_Nevecerela_Muzikal-Cover.JPG
[2015.03.24 21:25:18 | 000,001,232 | ---- | C] () -- C:\Users\DOMA\Desktop\ConvertXToDVD 5.lnk
[2015.03.24 20:25:28 | 000,002,118 | ---- | C] () -- C:\Users\DOMA\Documents\cc_20150324_192525.reg
[2015.03.23 22:25:03 | 000,000,017 | ---- | C] () -- C:\Users\DOMA\AppData\Local\resmon.resmoncfg
[2015.03.13 14:26:44 | 000,001,788 | ---- | C] () -- C:\Users\DOMA\Documents\cc_20150313_132642.reg
[2014.10.04 21:00:34 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2014.04.04 12:15:26 | 000,011,264 | ---- | C] () -- C:\Users\DOMA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.03.05 18:10:00 | 000,007,199 | ---- | C] () -- C:\Users\DOMA\AppData\Local\MRDownloader.err
[2014.03.05 17:05:25 | 000,001,128 | ---- | C] () -- C:\Users\DOMA\AppData\Local\MRDownloader.nast
[2014.01.06 17:43:35 | 000,007,859 | ---- | C] () -- C:\Users\DOMA\AppData\Roaming\pcouffin.cat
[2014.01.06 17:43:35 | 000,001,167 | ---- | C] () -- C:\Users\DOMA\AppData\Roaming\pcouffin.inf
[2013.07.31 20:19:27 | 000,006,603 | ---- | C] () -- C:\Users\DOMA\AppData\Local\SRDownloader.err
[2013.07.29 20:27:41 | 000,001,120 | ---- | C] () -- C:\Users\DOMA\AppData\Local\SRDownloader.nast
[2013.07.17 20:09:16 | 001,559,268 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.16 11:10:39 | 000,048,077 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013.07.16 11:10:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.07.16 11:09:55 | 000,034,970 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.02.13 07:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.02.13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015.04.08 16:53:29 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\10415
[2015.04.09 17:59:41 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\10620
[2014.10.27 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\Advanced
[2014.12.04 09:24:04 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\Ashampoo
[2013.07.27 19:55:52 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\Ashampoo Cover Studio 2
[2014.03.19 16:38:14 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\Ashampoo Slideshow Studio HD 3
[2014.10.22 17:52:33 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\AVG
[2015.02.11 14:49:56 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\Canon
[2014.10.10 19:11:23 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\DAEMON Tools Lite
[2015.02.06 22:23:39 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\DVDFab9
[2015.04.09 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\ESET
[2015.03.31 13:33:56 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\GARMIN
[2014.08.25 12:26:45 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\InfoTurist
[2014.04.28 17:57:35 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\IObit
[2014.10.27 18:04:35 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\Opera Software
[2014.02.07 17:38:33 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\Seznam.cz
[2014.10.27 19:53:14 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\Shark007
[2013.11.30 22:26:10 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\Topaz Moment
[2015.04.03 18:42:13 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\TuneUp Software
[2015.04.11 20:31:41 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\uTorrent
[2015.03.24 21:39:56 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\Vso
[2014.10.16 16:25:18 | 000,000,000 | ---D | M] -- C:\Users\DOMA\AppData\Roaming\Zoner

========== Purity Check ==========



< End of report >

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
DRV:64bit: - (ESETCleanersDriver) -- C:\Windows\SysNative\drivers\ESETCleanersDriver.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.2.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll File not found
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
[2013.07.17 14:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Extensions
[2015.04.01 13:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\extensions
[2014.07.02 19:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles3amwd1fg.default\extensions
[2014.07.02 19:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles3amwd1fg.default\extensions\staged
[2014.10.22 17:54:34 | 000,060,307 | ---- | M] () (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\extensions\translator@zoli.bod.xpi
[2015.04.01 13:14:12 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.11.17 21:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_1\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysNative\drivers\ESETCleanersDriver.sys
C:\Users\DOMA\AppData\Roaming\ESET
C:\Users\DOMA\AppData\Local\ESET
C:\Users\DOMA\AppData\Roaming\AVG
C:\Program Files\ESET
C:\Windows\SysNative\drivers\eamonm.sys
C:\Windows\SysNative\drivers\epfw.sys
C:\Windows\SysNative\drivers\ehdrv.sys
C:\Windows\SysNative\drivers\epfwwfp.sys
C:\Windows\SysNative\drivers\EpfwLWF.sys

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[OTAS]

Error: Unable to interpret <PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)> in the current context!
All processes killed
Error: Unable to interpret < SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)> in the current context!
Error: Unable to interpret < DRV:64bit: - (ESETCleanersDriver) -- C:\Windows\SysNative\drivers\ESETCleanersDriver.sys (ESET)> in the current context!
Error: Unable to interpret < DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)> in the current context!
Error: Unable to interpret < DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)> in the current context!
Error: Unable to interpret < DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)> in the current context!
Error: Unable to interpret < DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)> in the current context!
Error: Unable to interpret < DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)> in the current context!
Error: Unable to interpret < IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret < IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC> in the current context!
Error: Unable to interpret < FF - prefs.js..browser.search.isUS: false> in the current context!
Error: Unable to interpret < FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.2.0.0> in the current context!
Error: Unable to interpret < FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1> in the current context!
Error: Unable to interpret < FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll File not found> in the current context!
Error: Unable to interpret < 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD> in the current context!
Error: Unable to interpret < [2013.07.17 14:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Extensions> in the current context!
Error: Unable to interpret < [2015.04.01 13:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\extensions> in the current context!
Error: Unable to interpret < [2014.07.02 19:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles3amwd1fg.default\extensions> in the current context!
Error: Unable to interpret < [2014.07.02 19:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles3amwd1fg.default\extensions\staged> in the current context!
Error: Unable to interpret < [2014.10.22 17:54:34 | 000,060,307 | ---- | M] () (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\extensions\translator@zoli.bod.xpi> in the current context!
Error: Unable to interpret < [2015.04.01 13:14:12 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\DOMA\AppData\Roaming\Mozilla\Firefox\Profiles\omtt2d0x.default-1413530589483\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi> in the current context!
Error: Unable to interpret < [2014.11.17 21:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions> in the current context!
Error: Unable to interpret < CHR - plugin: Error reading preferences file> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_1\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_1\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_1\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_1\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_1\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_1\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\> in the current context!
Error: Unable to interpret < CHR - Extension: No name found = C:\Users\DOMA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret < O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)> in the current context!
Error: Unable to interpret < O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret < O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present> in the current context!
Error: Unable to interpret < O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present> in the current context!
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Program Files\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\ESETCleanersDriver.sys not found.
C:\Users\DOMA\AppData\Roaming\ESET\ESET Smart Security folder moved successfully.
C:\Users\DOMA\AppData\Roaming\ESET folder moved successfully.
C:\Users\DOMA\AppData\Local\ESET\ESET Smart Security\Quarantine folder moved successfully.
C:\Users\DOMA\AppData\Local\ESET\ESET Smart Security folder moved successfully.
C:\Users\DOMA\AppData\Local\ESET folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\WinStyler\LogonScreens\Cache folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\WinStyler\LogonScreens folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\WinStyler\LogoAnimations\Cache folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\WinStyler\LogoAnimations folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\WinStyler\BootScreens\Cache folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\WinStyler\BootScreens folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\WinStyler folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\TuningIndex folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\StartUp Manager folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\Speed Optimizer folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\Disk Space Explorer folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\Dashboard folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015\Backups folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2015 folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2014\TuningIndex folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2014\TuneUp Registry Editor folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2014\StartUp Manager\Deaktivované objekty folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2014\StartUp Manager folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2014\Speed Optimizer folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2014\Disk Space Explorer folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2014\Dashboard folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2014\Backups folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL2014 folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL\CrashDumps folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG\AWL folder moved successfully.
C:\Users\DOMA\AppData\Roaming\AVG folder moved successfully.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\x86 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\License scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfwlwf scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfw scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\edevmon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\eamonm scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\eamonm.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\epfw.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\ehdrv.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\epfwwfp.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\EpfwLWF.sys scheduled to be moved on reboot.
File\Folder :Reg not found.
File\Folder :Commands not found.
File\Folder [purity] not found.
File\Folder [emptytemp] not found.
File\Folder [start explorer] not found.
File\Folder [Reboot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 04132015_101148

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files\ESET\ESET Smart Security\x86 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\License scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfwlwf scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfw scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\edevmon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\eamonm scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfwlwf scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfw scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\edevmon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\eamonm scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\x86 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\License scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfwlwf scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfw scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\edevmon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\eamonm scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\x86 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\License scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfwwfp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfwlwf scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\epfw scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\ehdrv scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\edevmon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers\eamonm scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security\Drivers scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET\ESET Smart Security scheduled to be moved on reboot.
Folder move failed. C:\Program Files\ESET scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\eamonm.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\epfw.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\ehdrv.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\epfwwfp.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\EpfwLWF.sys scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Orcus]

Ahoj,

ze skriptu nám neustále mažeš příkaz ":OTL". Bez něj ale oprava neprovede, takže znovu a celý skript. Děkuji.

[OTAS]

Tak se mě povedlo udělat sken jak jste napsal ale po opravě mě nešlo přihlásit na internet tak jsem musel dát obnovu systému abych mohl s váma komunikovat.

[OTAS]

Tady posílám obrázek jestli vám to bude k něčemu dobrý.

[OTAS]

Už je vyřešeno použil jsem přímo ESET_Vzdalena_Pomoc a během minutky odinstalováno.

[jerabina]

Super, jsou tedy teď nějaké problémy?

Pokud ne, vlož sem prosím nový log z HJT

[OTAS]

Tady posílám ještě log přímo od Esetu.>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[04/13/15 18:16:02] C:\Users\DOMA\Desktop\ESETUninstaller.exe 7.0.3.0
[04/13/15 18:16:02] Input arguments:
[04/13/15 18:16:03] Online (PC booted from fixed disk) mode detected.

[04/13/15 18:16:03] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y


[04/13/15 18:16:04] Scanning available operating systems ...

[04/13/15 18:16:04] Available operating systems, which AV product can be removed from:

[04/13/15 18:16:04] [1]
[04/13/15 18:16:04] Product Name: Windows 7 Professional
[04/13/15 18:16:04] Current Version: 6.1.1.7601.WinNT.AMD64
[04/13/15 18:16:04] Volume: C:\
[04/13/15 18:16:04] System Root: C:\Windows
[04/13/15 18:16:04] Program Files: C:\Program Files
[04/13/15 18:16:04] Program Files (x86): C:\Program Files (x86)
[04/13/15 18:16:04] Common files: C:\Program Files\Common Files
[04/13/15 18:16:04] Common files (x86): C:\Program Files (x86)\Common Files
[04/13/15 18:16:04] Common application data folder: C:\ProgramData
[04/13/15 18:16:04] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[04/13/15 18:16:04] Device path folder: C:\Windows\inf
[04/13/15 18:16:04] Drives mapping:
[04/13/15 18:16:04] Current Letter: C Native Letter: C

[04/13/15 18:16:04] Building cache: 64bit COM: AppID -> DllName ...
[04/13/15 18:16:04] Building cache: 64bit COM: Category -> ReferenceCounter ...
[04/13/15 18:16:04] Building cache: 32bit COM: AppID -> DllName ...
[04/13/15 18:16:04] Building cache: 32bit COM: Category -> ReferenceCounter ...
[04/13/15 18:16:04] Scanning installed AV products ...

[04/13/15 18:16:06] Installed AV products:
[04/13/15 18:16:06] 1. ESS/EAV/EMSX

[04/13/15 18:16:06] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[04/13/15 18:16:08] WARNING! Win 7 or newer detected: After running this tool on Win 7+, you may observe network outages each time you start OS. NIC drivers re-installation should fix it. If you want to re-install NIC drivers automatically, please use switch "/reinst". Please be aware that NIC drivers re-installation causes loss of static IP settings or WIFI settings.

Are you sure to uninstall ESS/EAV/EMSX from this OS? (y/n): y


[04/13/15 18:16:08] Product uninstallation: ESS/EAV/EMSX

[04/13/15 18:16:08] Uninstallation in progress, please wait ...

[04/13/15 18:16:08] Current control set ... ControlSet001

[04/13/15 18:16:08] Driver: Realtek PCIe GBE Family Controller ->
[04/13/15 18:16:08] Registry driver path: ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0007
[04/13/15 18:16:08] Filter List: deleted 'NDIS PROT' ID: {46CE7C2C-097E-4C61-B2B8-8D48A20850AB}-{F7A0C547-B619-442B-8E5C-FD7D0E1B069D}-0000

[04/13/15 18:16:08] Network: Config deleted

[04/13/15 18:16:08] Network: NETSERVICE: 'Epfwlwf' protocol INF file: oem13.inf
[04/13/15 18:16:08] Network: NETSERVICE: 'Epfwlwf' protocol deleted: {F7A0C547-B619-442b-8E5C-FD7D0E1B069D}

[04/13/15 18:16:08] Services: 'Epfwlwf' protocol .inf and .pnf file deleted: C:\Windows\inf\oem13.inf

[04/13/15 18:16:08] Services: stop pending: EpfwLWF ...
[04/13/15 18:16:08] Services: stopped: EpfwLWF
[04/13/15 18:16:08] Services: deleted service: 'EpfwLWF' item: 0x00000017 in GroupOrderList: 'NDIS'
[04/13/15 18:16:08] Services: deleted: ControlSet001\Services\EpfwLWF
[04/13/15 18:16:08] Services: deleted: ControlSet001\Enum\Root\LEGACY_EPFWLWF
[04/13/15 18:16:08] Services: Driver's .sys (64-bit) file deleted: EpfwLWF.sys
[04/13/15 18:16:08] Services: deleted service: 'epfw' item: 0x00000002 in GroupOrderList: 'Streams Drivers'
[04/13/15 18:16:08] Services: deleted: ControlSet001\Services\epfw
[04/13/15 18:16:08] Services: deleted: ControlSet001\Enum\Root\LEGACY_EPFW
[04/13/15 18:16:08] Services: Driver's .sys (64-bit) file deleted: epfw.sys
[04/13/15 18:16:08] Services: deleted service: 'eamonm' item: 0x00000002 in GroupOrderList: 'FSFilter Anti-Virus'
[04/13/15 18:16:08] Services: deleted: ControlSet001\Services\eamonm
[04/13/15 18:16:08] Services: deleted: ControlSet001\Enum\Root\LEGACY_EAMONM
[04/13/15 18:16:08] Services: Driver's .sys (64-bit) file deleted: eamonm.sys
[04/13/15 18:16:08] Services: deleted service: 'epfwwfp' item: 0x00000009 in GroupOrderList: 'PNP_TDI'
[04/13/15 18:16:08] Services: deleted: ControlSet001\Services\epfwwfp
[04/13/15 18:16:08] Services: deleted: ControlSet001\Enum\Root\LEGACY_EPFWWFP
[04/13/15 18:16:08] Services: Driver's .sys (64-bit) file deleted: epfwwfp.sys
[04/13/15 18:16:08] Services: deleted service: 'ehdrv' item: 0x00000014 in GroupOrderList: 'Base'
[04/13/15 18:16:08] Services: deleted: ControlSet001\Services\ehdrv
[04/13/15 18:16:08] Services: deleted: ControlSet001\Enum\Root\LEGACY_EHDRV
[04/13/15 18:16:08] Services: Driver's .sys (64-bit) file deleted: ehdrv.sys
[04/13/15 18:16:08] Services: deleted: ControlSet001\Services\edevmon
[04/13/15 18:16:08] Services: Driver's .sys (64-bit) file deleted: edevmon.sys
[04/13/15 18:16:08] Services: deleted: ControlSet001\Services\ekrn

[04/13/15 18:16:08] WSC: ESS/EAV unregistered of Windows Security Center

[04/13/15 18:16:08] WSC: ESS/EAV (WMI) unregistered of Windows Security Center


[04/13/15 18:16:08] Product code of ESET product: {443D1D0A-17E5-4F61-8074-8801BDB430CC}
[04/13/15 18:16:08] Name of ESET product: ESET Smart Security
[04/13/15 18:16:08] Reverse product code: A0D1D3445E7116F408478810DB4B03CC
[04/13/15 18:16:08] Install location: C:\Program Files\ESET\ESET Smart Security\
[04/13/15 18:16:08] Local MSI package:
[04/13/15 18:16:08] Product icon:

[04/13/15 18:16:08] Install directory: deleted: C:\Program Files\ESET\ESET Smart Security\
[04/13/15 18:16:09] ESET folder: deleted: C:\ProgramData\ESET\ESET Smart Security\
[04/13/15 18:16:09] Delete of empty folders ...
[04/13/15 18:16:09] ESET folder: deleted: C:\Program Files\ESET\
[04/13/15 18:16:09] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[04/13/15 18:16:09] deleted: C:\Program Files\ESET\
[04/13/15 18:16:09] ESET folder: deleted: C:\ProgramData\ESET\
[04/13/15 18:16:09] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[04/13/15 18:16:09] deleted: C:\ProgramData\ESET\

[04/13/15 18:16:09] ESET Product (64-bit): deleted: ESET\ESET Security

[04/13/15 18:16:09] ESET Product (64-bit): deleted: ESET\ESET Security
[04/13/15 18:16:09] ESET Product (64-bit): deleted: ESET\Setup
[04/13/15 18:16:09] ESET Product (64-bit): deleted: Policies\ESET
[04/13/15 18:16:09] ESET Product (64-bit): deleted: ESET

[04/13/15 18:16:09] ESET Product (32-bit): deleted: ESET\ESET Security
[04/13/15 18:16:09] ESET Product (32-bit): deleted: ESET\Setup
[04/13/15 18:16:09] ESET Product (32-bit): deleted: ESET\NOD\CurrentVersion\InstalledComponents\V3
[04/13/15 18:16:09] ESET Product (32-bit): deleted value in: ESET\NOD\CurrentVersion\Info ...
[04/13/15 18:16:09] deleted: InstallDir
[04/13/15 18:16:09] ESET Product (32-bit): deleted: ESET\NOD\CurrentVersion\Info
[04/13/15 18:16:09] ESET Product (32-bit): deleted: ESET\NOD\CurrentVersion\InstalledComponents
[04/13/15 18:16:09] ESET Product (32-bit): deleted: ESET\NOD\CurrentVersion
[04/13/15 18:16:09] ESET Product (32-bit): deleted: ESET\NOD


[04/13/15 18:16:09] Startup (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Run ...
[04/13/15 18:16:09] deleted: egui

[04/13/15 18:16:09] Email plugins (64-bit): deleted value in: Mozilla\Thunderbird\Extensions ...
[04/13/15 18:16:09] deleted: eplgTb@eset.com

[04/13/15 18:16:09] Email plugins (32-bit): deleted value in: Mozilla\Thunderbird\Extensions ...
[04/13/15 18:16:09] deleted: eplgTb@eset.com

[04/13/15 18:16:09] Uninstallation ESS/EAV/EMSX finished successfully.


[04/13/15 18:16:09] Log file location: "C:\Users\DOMA\Desktop\~ESETUninstaller.log"

[04/13/15 18:16:09] Uninstallation finished successfully, please restart your PC now.

[04/13/15 18:16:09] Press any key to exit ...

[OTAS]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:59, on 13.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)

FIREFOX: 37.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
C:\Users\DOMA\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8009 bytes