Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
BSOD při spuštěném Skypu a prohlížení webu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
BSOD při spuštěném Skypu a prohlížení webu
Po googlení chyby 0x0000008E a 0x00000050 obojí win32k.sys jsem došel asi k závěru že tam bude vir HaxDoor ale návody na ostranění co jsou na microsoftu jsou na Win XP a pc na kterým to je Win Vista. u pc fyzicky sice nejsem ale můžu nechat udělat logy. V odkazech jsou vyfocený BSOD. https://www.dropbox.com/s/9emsmd8epfxr4 ... 3.jpg?dl=0 a https://www.dropbox.com/s/mod0n18saku3h ... 6.jpg?dl=0
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: BSOD při spuštěném Skypu a prohlížení webu
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: BSOD při spuštěném Skypu a prohlížení webu
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Veronika (administrator) on VERONIKA-PC (15-11-2015 18:51:34)
Running from C:\Users\Veronika\Desktop
Loaded Profiles: Veronika (Available Profiles: Veronika)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Veronika\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Driver Genius] => [X]
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1728512 2009-12-04] (VIA)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {9ecad75d-6b64-11e2-8c4f-bc5ff4029a5f} - I:\LaunchU3.exe -a
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {a79deda3-1249-11e2-bbf8-fcdb338069b2} - H:\
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {f20d600d-17cc-11e4-8aef-bc5ff4029a5f} - H:\Startme.exe
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-11-09] (AVAST Software)
Startup: C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\Veronika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9058BB64-87DD-41A3-876D-4148545488F4}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121112135918091&tb_oid=12-11-2012&tb_mrud=12-11-2012
SearchScopes: HKLM -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121112135918091&tb_oid=12-11-2012&tb_mrud=12-11-2012
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> DefaultScope {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121112135918091&tb_oid=12-11-2012&tb_mrud=12-11-2012
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-09] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-08] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-14] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: Adobe Reader -> D:\Desktop\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4187957554-3859541109-928336849-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Veronika\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-13] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-12] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-28] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (AdBlock) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-06]
CHR Extension: (Avast Online Security) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-09]
CHR HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-09] (AVAST Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-09] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-09] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-09] (DT Soft Ltd)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-21] (Společnost Microsoft)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1081912 2008-01-21] (Společnost Microsoft)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1108480 2009-11-25] (VIA Technologies, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 18:51 - 2015-11-15 18:52 - 00014051 _____ C:\Users\Veronika\Desktop\FRST.txt
2015-11-15 18:50 - 2015-11-15 18:51 - 00000000 ____D C:\FRST
2015-11-15 18:48 - 2015-11-15 18:48 - 01702400 _____ (Farbar) C:\Users\Veronika\Desktop\FRST.exe
2015-11-15 12:22 - 2015-11-15 12:22 - 00140592 _____ C:\Windows\Minidump\Mini111515-01.dmp
2015-11-13 19:29 - 2015-11-13 19:30 - 00140592 _____ C:\Windows\Minidump\Mini111315-01.dmp
2015-11-13 19:17 - 2015-11-13 19:18 - 00007003 _____ C:\Users\Veronika\Desktop\ABSTRAKT.odt
2015-11-10 12:21 - 2015-11-10 12:21 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-09 07:47 - 2015-11-12 15:17 - 00002084 _____ C:\Windows\PFRO.log
2015-11-08 18:51 - 2015-11-08 18:51 - 00000000 ____D C:\Users\Veronika\Desktop\Nová složka
2015-11-08 18:10 - 2015-11-08 18:10 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-08 09:56 - 2015-11-08 09:56 - 00140592 _____ C:\Windows\Minidump\Mini110815-01.dmp
2015-11-08 09:55 - 2015-11-15 12:21 - 313698318 _____ C:\Windows\MEMORY.DMP
2015-11-06 20:34 - 2015-11-06 20:34 - 00000000 ___RD C:\Users\Veronika\Documents\Notes
2015-11-06 18:34 - 2015-11-08 18:10 - 00000000 ____D C:\Users\Veronika\.oracle_jre_usage
2015-11-06 18:34 - 2015-11-06 18:34 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Sun
2015-11-06 18:29 - 2015-11-06 18:29 - 00000000 ____D C:\Users\Veronika\AppData\LocalLow\Oracle
2015-10-29 19:15 - 2015-10-29 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-29 19:15 - 2015-10-29 19:15 - 00001896 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-29 19:15 - 2015-10-29 19:15 - 00000000 ____D C:\Program Files\Common Files\Skype
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 18:48 - 2006-11-02 13:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 18:48 - 2006-11-02 13:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 18:47 - 2012-10-09 16:45 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Skype
2015-11-15 15:10 - 2012-10-10 16:58 - 00002635 _____ C:\Users\Veronika\Desktop\Microsoft Office Word 2007.lnk
2015-11-15 13:25 - 2008-01-21 02:35 - 01586017 _____ C:\Windows\WindowsUpdate.log
2015-11-15 12:24 - 2015-09-24 15:45 - 00000000 ___RD C:\Users\Veronika\Dropbox
2015-11-15 12:24 - 2015-09-24 15:33 - 00000000 ____D C:\Users\Veronika\AppData\Local\Dropbox
2015-11-15 12:22 - 2013-06-03 15:58 - 00000000 ____D C:\Windows\Minidump
2015-11-15 12:22 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 10:41 - 2012-11-05 19:11 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-14 20:47 - 2006-11-02 14:01 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-14 16:48 - 2012-11-05 19:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-14 16:48 - 2012-11-05 19:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-13 18:33 - 2012-10-10 17:46 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\TeamViewer
2015-11-12 19:40 - 2012-11-15 16:34 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Media Player Classic
2015-11-12 12:03 - 2012-10-09 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 12:02 - 2013-08-16 09:20 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 11:54 - 2006-11-02 11:24 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-10 12:21 - 2015-09-24 15:37 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Dropbox
2015-11-08 19:18 - 2015-10-11 18:56 - 00000000 ____D C:\Users\Veronika\Desktop\Přebrat
2015-11-08 18:09 - 2015-05-01 14:21 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-11-08 18:09 - 2015-05-01 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-08 18:09 - 2015-05-01 14:20 - 00000000 ____D C:\Program Files\Java
2015-11-08 13:05 - 2008-01-21 07:47 - 01445094 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 09:18 - 2015-09-24 15:34 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4187957554-3859541109-928336849-1000UA.job
2015-11-07 09:18 - 2015-09-24 15:34 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4187957554-3859541109-928336849-1000Core.job
2015-11-07 09:18 - 2012-10-09 16:32 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 09:18 - 2012-10-09 16:32 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 09:18 - 2006-11-02 13:47 - 00372640 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-06 20:33 - 2012-10-09 15:49 - 00100432 _____ C:\Users\Veronika\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-06 20:21 - 2013-01-23 18:25 - 00000000 ___RD C:\Program Files\Skype
2015-11-06 20:21 - 2012-10-09 16:45 - 00000000 ____D C:\ProgramData\Skype
2015-11-06 20:18 - 2012-10-09 16:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-06 20:02 - 2012-10-19 13:36 - 00000000 ____D C:\Program Files\ProWorks
2015-11-06 19:06 - 2014-08-01 16:08 - 00000000 ____D C:\ProgramData\Oracle
2015-11-06 18:34 - 2012-10-09 15:49 - 00000000 ____D C:\Users\Veronika
2015-11-06 18:33 - 2015-05-01 14:21 - 00278624 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-11-06 17:46 - 2013-10-11 17:01 - 00000000 ____D C:\Users\Veronika\Desktop\Tapety
==================== Files in the root of some directories =======
2013-12-03 06:22 - 2013-12-03 06:22 - 49940480 _____ () C:\Program Files\GUT7784.tmp
2012-10-09 15:49 - 2012-11-24 10:44 - 0000680 _____ () C:\Users\Veronika\AppData\Local\d3d9caps.dat
2012-10-09 16:53 - 2015-06-27 12:24 - 0032768 _____ () C:\Users\Veronika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-19 11:50 - 2013-05-19 11:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-10-09 17:19 - 2012-10-10 18:05 - 0004480 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Veronika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9sw_gq.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-15 12:29
==================== End of FRST.txt ============================
Ran by Veronika (administrator) on VERONIKA-PC (15-11-2015 18:51:34)
Running from C:\Users\Veronika\Desktop
Loaded Profiles: Veronika (Available Profiles: Veronika)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Veronika\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Driver Genius] => [X]
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1728512 2009-12-04] (VIA)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {9ecad75d-6b64-11e2-8c4f-bc5ff4029a5f} - I:\LaunchU3.exe -a
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {a79deda3-1249-11e2-bbf8-fcdb338069b2} - H:\
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {f20d600d-17cc-11e4-8aef-bc5ff4029a5f} - H:\Startme.exe
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-11-09] (AVAST Software)
Startup: C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\Veronika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9058BB64-87DD-41A3-876D-4148545488F4}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121112135918091&tb_oid=12-11-2012&tb_mrud=12-11-2012
SearchScopes: HKLM -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121112135918091&tb_oid=12-11-2012&tb_mrud=12-11-2012
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> DefaultScope {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20121112135918091&tb_oid=12-11-2012&tb_mrud=12-11-2012
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-09] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-08] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-14] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: Adobe Reader -> D:\Desktop\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4187957554-3859541109-928336849-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Veronika\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-13] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-12] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-28] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (AdBlock) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-06]
CHR Extension: (Avast Online Security) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-09]
CHR HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-09] (AVAST Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-09] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-09] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-09] (DT Soft Ltd)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-21] (Společnost Microsoft)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1081912 2008-01-21] (Společnost Microsoft)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1108480 2009-11-25] (VIA Technologies, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 18:51 - 2015-11-15 18:52 - 00014051 _____ C:\Users\Veronika\Desktop\FRST.txt
2015-11-15 18:50 - 2015-11-15 18:51 - 00000000 ____D C:\FRST
2015-11-15 18:48 - 2015-11-15 18:48 - 01702400 _____ (Farbar) C:\Users\Veronika\Desktop\FRST.exe
2015-11-15 12:22 - 2015-11-15 12:22 - 00140592 _____ C:\Windows\Minidump\Mini111515-01.dmp
2015-11-13 19:29 - 2015-11-13 19:30 - 00140592 _____ C:\Windows\Minidump\Mini111315-01.dmp
2015-11-13 19:17 - 2015-11-13 19:18 - 00007003 _____ C:\Users\Veronika\Desktop\ABSTRAKT.odt
2015-11-10 12:21 - 2015-11-10 12:21 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-09 07:47 - 2015-11-12 15:17 - 00002084 _____ C:\Windows\PFRO.log
2015-11-08 18:51 - 2015-11-08 18:51 - 00000000 ____D C:\Users\Veronika\Desktop\Nová složka
2015-11-08 18:10 - 2015-11-08 18:10 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-08 09:56 - 2015-11-08 09:56 - 00140592 _____ C:\Windows\Minidump\Mini110815-01.dmp
2015-11-08 09:55 - 2015-11-15 12:21 - 313698318 _____ C:\Windows\MEMORY.DMP
2015-11-06 20:34 - 2015-11-06 20:34 - 00000000 ___RD C:\Users\Veronika\Documents\Notes
2015-11-06 18:34 - 2015-11-08 18:10 - 00000000 ____D C:\Users\Veronika\.oracle_jre_usage
2015-11-06 18:34 - 2015-11-06 18:34 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Sun
2015-11-06 18:29 - 2015-11-06 18:29 - 00000000 ____D C:\Users\Veronika\AppData\LocalLow\Oracle
2015-10-29 19:15 - 2015-10-29 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-29 19:15 - 2015-10-29 19:15 - 00001896 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-29 19:15 - 2015-10-29 19:15 - 00000000 ____D C:\Program Files\Common Files\Skype
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 18:48 - 2006-11-02 13:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 18:48 - 2006-11-02 13:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 18:47 - 2012-10-09 16:45 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Skype
2015-11-15 15:10 - 2012-10-10 16:58 - 00002635 _____ C:\Users\Veronika\Desktop\Microsoft Office Word 2007.lnk
2015-11-15 13:25 - 2008-01-21 02:35 - 01586017 _____ C:\Windows\WindowsUpdate.log
2015-11-15 12:24 - 2015-09-24 15:45 - 00000000 ___RD C:\Users\Veronika\Dropbox
2015-11-15 12:24 - 2015-09-24 15:33 - 00000000 ____D C:\Users\Veronika\AppData\Local\Dropbox
2015-11-15 12:22 - 2013-06-03 15:58 - 00000000 ____D C:\Windows\Minidump
2015-11-15 12:22 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 10:41 - 2012-11-05 19:11 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-14 20:47 - 2006-11-02 14:01 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-14 16:48 - 2012-11-05 19:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-14 16:48 - 2012-11-05 19:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-13 18:33 - 2012-10-10 17:46 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\TeamViewer
2015-11-12 19:40 - 2012-11-15 16:34 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Media Player Classic
2015-11-12 12:03 - 2012-10-09 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 12:02 - 2013-08-16 09:20 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 11:54 - 2006-11-02 11:24 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-10 12:21 - 2015-09-24 15:37 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Dropbox
2015-11-08 19:18 - 2015-10-11 18:56 - 00000000 ____D C:\Users\Veronika\Desktop\Přebrat
2015-11-08 18:09 - 2015-05-01 14:21 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-11-08 18:09 - 2015-05-01 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-08 18:09 - 2015-05-01 14:20 - 00000000 ____D C:\Program Files\Java
2015-11-08 13:05 - 2008-01-21 07:47 - 01445094 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 09:18 - 2015-09-24 15:34 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4187957554-3859541109-928336849-1000UA.job
2015-11-07 09:18 - 2015-09-24 15:34 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4187957554-3859541109-928336849-1000Core.job
2015-11-07 09:18 - 2012-10-09 16:32 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 09:18 - 2012-10-09 16:32 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 09:18 - 2006-11-02 13:47 - 00372640 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-06 20:33 - 2012-10-09 15:49 - 00100432 _____ C:\Users\Veronika\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-06 20:21 - 2013-01-23 18:25 - 00000000 ___RD C:\Program Files\Skype
2015-11-06 20:21 - 2012-10-09 16:45 - 00000000 ____D C:\ProgramData\Skype
2015-11-06 20:18 - 2012-10-09 16:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-06 20:02 - 2012-10-19 13:36 - 00000000 ____D C:\Program Files\ProWorks
2015-11-06 19:06 - 2014-08-01 16:08 - 00000000 ____D C:\ProgramData\Oracle
2015-11-06 18:34 - 2012-10-09 15:49 - 00000000 ____D C:\Users\Veronika
2015-11-06 18:33 - 2015-05-01 14:21 - 00278624 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-11-06 17:46 - 2013-10-11 17:01 - 00000000 ____D C:\Users\Veronika\Desktop\Tapety
==================== Files in the root of some directories =======
2013-12-03 06:22 - 2013-12-03 06:22 - 49940480 _____ () C:\Program Files\GUT7784.tmp
2012-10-09 15:49 - 2012-11-24 10:44 - 0000680 _____ () C:\Users\Veronika\AppData\Local\d3d9caps.dat
2012-10-09 16:53 - 2015-06-27 12:24 - 0032768 _____ () C:\Users\Veronika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-19 11:50 - 2013-05-19 11:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-10-09 17:19 - 2012-10-10 18:05 - 0004480 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Veronika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9sw_gq.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-15 12:29
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.zip
- (7.73 KiB) Staženo 29 x
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: BSOD při spuštěném Skypu a prohlížení webu
Teď spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: BSOD při spuštěném Skypu a prohlížení webu
# AdwCleaner v5.021 - Logfile created 15/11/2015 at 19:06:19
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (x86)
# Username : Veronika - VERONIKA-PC
# Running from : C:\Users\Veronika\Desktop\adwcleaner_5.021.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files\Mobogenie
[-] Folder Deleted : C:\Users\Veronika\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Veronika\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Veronika\AppData\Roaming\newnext.me
[-] Folder Deleted : C:\Users\Veronika\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[-] Folder Deleted : C:\Users\Veronika\Documents\Mobogenie
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Veronika\daemonprocess.txt
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
[-] Key Deleted : HKLM\SOFTWARE\Driver-Soft
[-] Key Deleted : HKLM\SOFTWARE\Speedchecker Limited
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Driver Genius Professional Edition_is1
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
***** [ Web browsers ] *****
[-] [C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2779 bytes] ##########
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (x86)
# Username : Veronika - VERONIKA-PC
# Running from : C:\Users\Veronika\Desktop\adwcleaner_5.021.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files\Mobogenie
[-] Folder Deleted : C:\Users\Veronika\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Veronika\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Veronika\AppData\Roaming\newnext.me
[-] Folder Deleted : C:\Users\Veronika\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[-] Folder Deleted : C:\Users\Veronika\Documents\Mobogenie
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Veronika\daemonprocess.txt
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
[-] Key Deleted : HKLM\SOFTWARE\Driver-Soft
[-] Key Deleted : HKLM\SOFTWARE\Speedchecker Limited
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Driver Genius Professional Edition_is1
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
***** [ Web browsers ] *****
[-] [C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2779 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: BSOD při spuštěném Skypu a prohlížení webu
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: BSOD při spuštěném Skypu a prohlížení webu
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Veronika (administrator) on VERONIKA-PC (16-11-2015 18:40:14)
Running from C:\Users\Veronika\Desktop
Loaded Profiles: Veronika (Available Profiles: Veronika)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Veronika\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_Desktop.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Driver Genius] => [X]
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1728512 2009-12-04] (VIA)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {9ecad75d-6b64-11e2-8c4f-bc5ff4029a5f} - I:\LaunchU3.exe -a
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {a79deda3-1249-11e2-bbf8-fcdb338069b2} - H:\
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {f20d600d-17cc-11e4-8aef-bc5ff4029a5f} - H:\Startme.exe
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-11-09] (AVAST Software)
Startup: C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\Veronika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9058BB64-87DD-41A3-876D-4148545488F4}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> DefaultScope {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-09] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-08] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-14] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: Adobe Reader -> D:\Desktop\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4187957554-3859541109-928336849-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Veronika\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-13] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-12] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-28] [not signed]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Bing) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-11-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (AdBlock) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-06]
CHR Extension: (Avast Online Security) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-09]
CHR HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-09] (AVAST Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 TeamViewer; c:\users\veronika\appdata\local\temp\teamviewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-09] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-09] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-09] (DT Soft Ltd)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-21] (Společnost Microsoft)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1081912 2008-01-21] (Společnost Microsoft)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1108480 2009-11-25] (VIA Technologies, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 19:04 - 2015-11-15 19:06 - 00000000 ____D C:\AdwCleaner
2015-11-15 19:02 - 2015-11-15 19:02 - 01732096 _____ C:\Users\Veronika\Desktop\adwcleaner_5.021.exe
2015-11-15 18:54 - 2015-11-15 18:54 - 00007918 _____ C:\Users\Veronika\Desktop\Addition.zip
2015-11-15 18:52 - 2015-11-15 18:53 - 00032597 _____ C:\Users\Veronika\Desktop\Addition.txt
2015-11-15 18:51 - 2015-11-16 18:40 - 00013523 _____ C:\Users\Veronika\Desktop\FRST.txt
2015-11-15 18:50 - 2015-11-16 18:40 - 00000000 ____D C:\FRST
2015-11-15 18:48 - 2015-11-15 18:48 - 01702400 _____ (Farbar) C:\Users\Veronika\Desktop\FRST.exe
2015-11-13 19:17 - 2015-11-13 19:18 - 00007003 _____ C:\Users\Veronika\Desktop\ABSTRAKT.odt
2015-11-10 12:21 - 2015-11-10 12:21 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-08 18:51 - 2015-11-08 18:51 - 00000000 ____D C:\Users\Veronika\Desktop\Nová složka
2015-11-08 18:10 - 2015-11-08 18:10 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-06 20:34 - 2015-11-06 20:34 - 00000000 ___RD C:\Users\Veronika\Documents\Notes
2015-11-06 18:34 - 2015-11-08 18:10 - 00000000 ____D C:\Users\Veronika\.oracle_jre_usage
2015-11-06 18:34 - 2015-11-06 18:34 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Sun
2015-11-06 18:29 - 2015-11-06 18:29 - 00000000 ____D C:\Users\Veronika\AppData\LocalLow\Oracle
2015-10-29 19:15 - 2015-10-29 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-29 19:15 - 2015-10-29 19:15 - 00001896 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-29 19:15 - 2015-10-29 19:15 - 00000000 ____D C:\Program Files\Common Files\Skype
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-16 18:39 - 2012-10-09 16:45 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Skype
2015-11-16 18:29 - 2006-11-02 13:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-16 18:29 - 2006-11-02 13:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-16 15:27 - 2008-01-21 02:35 - 01604417 _____ C:\Windows\WindowsUpdate.log
2015-11-16 15:26 - 2015-09-24 15:45 - 00000000 ___RD C:\Users\Veronika\Dropbox
2015-11-16 15:26 - 2015-09-24 15:33 - 00000000 ____D C:\Users\Veronika\AppData\Local\Dropbox
2015-11-16 15:24 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 20:50 - 2006-11-02 14:01 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-15 20:36 - 2013-06-03 15:58 - 00000000 ____D C:\Windows\Minidump
2015-11-15 20:36 - 2012-11-15 16:34 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Media Player Classic
2015-11-15 19:06 - 2012-10-09 15:49 - 00000000 ____D C:\Users\Veronika
2015-11-15 15:10 - 2012-10-10 16:58 - 00002635 _____ C:\Users\Veronika\Desktop\Microsoft Office Word 2007.lnk
2015-11-15 10:41 - 2012-11-05 19:11 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-14 16:48 - 2012-11-05 19:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-14 16:48 - 2012-11-05 19:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-13 18:33 - 2012-10-10 17:46 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\TeamViewer
2015-11-12 12:03 - 2012-10-09 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 12:02 - 2013-08-16 09:20 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 11:54 - 2006-11-02 11:24 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-10 12:21 - 2015-09-24 15:37 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Dropbox
2015-11-08 19:18 - 2015-10-11 18:56 - 00000000 ____D C:\Users\Veronika\Desktop\Přebrat
2015-11-08 18:09 - 2015-05-01 14:21 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-11-08 18:09 - 2015-05-01 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-08 18:09 - 2015-05-01 14:20 - 00000000 ____D C:\Program Files\Java
2015-11-08 13:05 - 2008-01-21 07:47 - 01445094 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 09:18 - 2015-09-24 15:34 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4187957554-3859541109-928336849-1000UA.job
2015-11-07 09:18 - 2015-09-24 15:34 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4187957554-3859541109-928336849-1000Core.job
2015-11-07 09:18 - 2012-10-09 16:32 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 09:18 - 2012-10-09 16:32 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 09:18 - 2006-11-02 13:47 - 00372640 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-06 20:33 - 2012-10-09 15:49 - 00100432 _____ C:\Users\Veronika\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-06 20:21 - 2013-01-23 18:25 - 00000000 ___RD C:\Program Files\Skype
2015-11-06 20:21 - 2012-10-09 16:45 - 00000000 ____D C:\ProgramData\Skype
2015-11-06 20:18 - 2012-10-09 16:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-06 20:02 - 2012-10-19 13:36 - 00000000 ____D C:\Program Files\ProWorks
2015-11-06 19:06 - 2014-08-01 16:08 - 00000000 ____D C:\ProgramData\Oracle
2015-11-06 18:33 - 2015-05-01 14:21 - 00278624 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-11-06 17:46 - 2013-10-11 17:01 - 00000000 ____D C:\Users\Veronika\Desktop\Tapety
==================== Files in the root of some directories =======
2013-12-03 06:22 - 2013-12-03 06:22 - 49940480 _____ () C:\Program Files\GUT7784.tmp
2012-10-09 15:49 - 2012-11-24 10:44 - 0000680 _____ () C:\Users\Veronika\AppData\Local\d3d9caps.dat
2012-10-09 16:53 - 2015-06-27 12:24 - 0032768 _____ () C:\Users\Veronika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-19 11:50 - 2013-05-19 11:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-10-09 17:19 - 2012-10-10 18:05 - 0004480 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Veronika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz6przq.dll
C:\Users\Veronika\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-16 15:30
==================== End of FRST.txt ============================
Ran by Veronika (administrator) on VERONIKA-PC (16-11-2015 18:40:14)
Running from C:\Users\Veronika\Desktop
Loaded Profiles: Veronika (Available Profiles: Veronika)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Veronika\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Users\Veronika\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_Desktop.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Driver Genius] => [X]
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1728512 2009-12-04] (VIA)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {9ecad75d-6b64-11e2-8c4f-bc5ff4029a5f} - I:\LaunchU3.exe -a
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {a79deda3-1249-11e2-bbf8-fcdb338069b2} - H:\
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {f20d600d-17cc-11e4-8aef-bc5ff4029a5f} - H:\Startme.exe
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-11-09] (AVAST Software)
Startup: C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\Veronika\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9058BB64-87DD-41A3-876D-4148545488F4}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> DefaultScope {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-09] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-08] (Oracle Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-14] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: Adobe Reader -> D:\Desktop\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4187957554-3859541109-928336849-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Veronika\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-13] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-12] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-28] [not signed]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC ... earchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Disk Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Bing) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-11-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (AdBlock) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-06]
CHR Extension: (Avast Online Security) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-09]
CHR HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-09] (AVAST Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 TeamViewer; c:\users\veronika\appdata\local\temp\teamviewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-09] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-09] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-09] (DT Soft Ltd)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-21] (Společnost Microsoft)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1081912 2008-01-21] (Společnost Microsoft)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1108480 2009-11-25] (VIA Technologies, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 19:04 - 2015-11-15 19:06 - 00000000 ____D C:\AdwCleaner
2015-11-15 19:02 - 2015-11-15 19:02 - 01732096 _____ C:\Users\Veronika\Desktop\adwcleaner_5.021.exe
2015-11-15 18:54 - 2015-11-15 18:54 - 00007918 _____ C:\Users\Veronika\Desktop\Addition.zip
2015-11-15 18:52 - 2015-11-15 18:53 - 00032597 _____ C:\Users\Veronika\Desktop\Addition.txt
2015-11-15 18:51 - 2015-11-16 18:40 - 00013523 _____ C:\Users\Veronika\Desktop\FRST.txt
2015-11-15 18:50 - 2015-11-16 18:40 - 00000000 ____D C:\FRST
2015-11-15 18:48 - 2015-11-15 18:48 - 01702400 _____ (Farbar) C:\Users\Veronika\Desktop\FRST.exe
2015-11-13 19:17 - 2015-11-13 19:18 - 00007003 _____ C:\Users\Veronika\Desktop\ABSTRAKT.odt
2015-11-10 12:21 - 2015-11-10 12:21 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-08 18:51 - 2015-11-08 18:51 - 00000000 ____D C:\Users\Veronika\Desktop\Nová složka
2015-11-08 18:10 - 2015-11-08 18:10 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-06 20:34 - 2015-11-06 20:34 - 00000000 ___RD C:\Users\Veronika\Documents\Notes
2015-11-06 18:34 - 2015-11-08 18:10 - 00000000 ____D C:\Users\Veronika\.oracle_jre_usage
2015-11-06 18:34 - 2015-11-06 18:34 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Sun
2015-11-06 18:29 - 2015-11-06 18:29 - 00000000 ____D C:\Users\Veronika\AppData\LocalLow\Oracle
2015-10-29 19:15 - 2015-10-29 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-29 19:15 - 2015-10-29 19:15 - 00001896 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-29 19:15 - 2015-10-29 19:15 - 00000000 ____D C:\Program Files\Common Files\Skype
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-16 18:39 - 2012-10-09 16:45 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Skype
2015-11-16 18:29 - 2006-11-02 13:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-16 18:29 - 2006-11-02 13:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-16 15:27 - 2008-01-21 02:35 - 01604417 _____ C:\Windows\WindowsUpdate.log
2015-11-16 15:26 - 2015-09-24 15:45 - 00000000 ___RD C:\Users\Veronika\Dropbox
2015-11-16 15:26 - 2015-09-24 15:33 - 00000000 ____D C:\Users\Veronika\AppData\Local\Dropbox
2015-11-16 15:24 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 20:50 - 2006-11-02 14:01 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-15 20:36 - 2013-06-03 15:58 - 00000000 ____D C:\Windows\Minidump
2015-11-15 20:36 - 2012-11-15 16:34 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Media Player Classic
2015-11-15 19:06 - 2012-10-09 15:49 - 00000000 ____D C:\Users\Veronika
2015-11-15 15:10 - 2012-10-10 16:58 - 00002635 _____ C:\Users\Veronika\Desktop\Microsoft Office Word 2007.lnk
2015-11-15 10:41 - 2012-11-05 19:11 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-14 16:48 - 2012-11-05 19:11 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-14 16:48 - 2012-11-05 19:11 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-13 18:33 - 2012-10-10 17:46 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\TeamViewer
2015-11-12 12:03 - 2012-10-09 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 12:02 - 2013-08-16 09:20 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 11:54 - 2006-11-02 11:24 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-10 12:21 - 2015-09-24 15:37 - 00000000 ____D C:\Users\Veronika\AppData\Roaming\Dropbox
2015-11-08 19:18 - 2015-10-11 18:56 - 00000000 ____D C:\Users\Veronika\Desktop\Přebrat
2015-11-08 18:09 - 2015-05-01 14:21 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-11-08 18:09 - 2015-05-01 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-08 18:09 - 2015-05-01 14:20 - 00000000 ____D C:\Program Files\Java
2015-11-08 13:05 - 2008-01-21 07:47 - 01445094 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 09:18 - 2015-09-24 15:34 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4187957554-3859541109-928336849-1000UA.job
2015-11-07 09:18 - 2015-09-24 15:34 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4187957554-3859541109-928336849-1000Core.job
2015-11-07 09:18 - 2012-10-09 16:32 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 09:18 - 2012-10-09 16:32 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 09:18 - 2006-11-02 13:47 - 00372640 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-06 20:33 - 2012-10-09 15:49 - 00100432 _____ C:\Users\Veronika\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-06 20:21 - 2013-01-23 18:25 - 00000000 ___RD C:\Program Files\Skype
2015-11-06 20:21 - 2012-10-09 16:45 - 00000000 ____D C:\ProgramData\Skype
2015-11-06 20:18 - 2012-10-09 16:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-06 20:02 - 2012-10-19 13:36 - 00000000 ____D C:\Program Files\ProWorks
2015-11-06 19:06 - 2014-08-01 16:08 - 00000000 ____D C:\ProgramData\Oracle
2015-11-06 18:33 - 2015-05-01 14:21 - 00278624 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-11-06 17:46 - 2013-10-11 17:01 - 00000000 ____D C:\Users\Veronika\Desktop\Tapety
==================== Files in the root of some directories =======
2013-12-03 06:22 - 2013-12-03 06:22 - 49940480 _____ () C:\Program Files\GUT7784.tmp
2012-10-09 15:49 - 2012-11-24 10:44 - 0000680 _____ () C:\Users\Veronika\AppData\Local\d3d9caps.dat
2012-10-09 16:53 - 2015-06-27 12:24 - 0032768 _____ () C:\Users\Veronika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-19 11:50 - 2013-05-19 11:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-10-09 17:19 - 2012-10-10 18:05 - 0004480 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Veronika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz6przq.dll
C:\Users\Veronika\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-16 15:30
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.zip
- (7.65 KiB) Staženo 28 x
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: BSOD při spuštěném Skypu a prohlížení webu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\...\Run: [Driver Genius] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {9ecad75d-6b64-11e2-8c4f-bc5ff4029a5f} - I:\LaunchU3.exe -a
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {a79deda3-1249-11e2-bbf8-fcdb338069b2} - H:\
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {f20d600d-17cc-11e4-8aef-bc5ff4029a5f} - H:\Startme.exe
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
CHR DefaultSearchKeyword: Default -> bing.com
CHR Extension: (Bing) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-11-15]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Program Files\GUT7784.tmp
C:\Users\Veronika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Veronika\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-4187957554-3859541109-928336849-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Veronika\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: BSOD při spuštěném Skypu a prohlížení webu
Fix result of Farbar Recovery Scan Tool (x86) Version:17-11-2015
Ran by Veronika (2015-11-17 18:44:46) Run:1
Running from C:\Users\Veronika\Desktop
Loaded Profiles: Veronika (Available Profiles: Veronika)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [Driver Genius] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {9ecad75d-6b64-11e2-8c4f-bc5ff4029a5f} - I:\LaunchU3.exe -a
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {a79deda3-1249-11e2-bbf8-fcdb338069b2} - H:\
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {f20d600d-17cc-11e4-8aef-bc5ff4029a5f} - H:\Startme.exe
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
CHR DefaultSearchKeyword: Default -> bing.com
CHR Extension: (Bing) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-11-15]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Program Files\GUT7784.tmp
C:\Users\Veronika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Veronika\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-4187957554-3859541109-928336849-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Veronika\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Genius => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
"HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ecad75d-6b64-11e2-8c4f-bc5ff4029a5f}" => key removed successfully.
HKCR\CLSID\{9ecad75d-6b64-11e2-8c4f-bc5ff4029a5f} => key not found.
"HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a79deda3-1249-11e2-bbf8-fcdb338069b2}" => key removed successfully.
HKCR\CLSID\{a79deda3-1249-11e2-bbf8-fcdb338069b2} => key not found.
"HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f20d600d-17cc-11e4-8aef-bc5ff4029a5f}" => key removed successfully.
HKCR\CLSID\{f20d600d-17cc-11e4-8aef-bc5ff4029a5f} => key not found.
"HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}" => key removed successfully.
HKCR\CLSID\{105E99FF-8B9A-4492-B155-06194B9056D2} => key not found.
Chrome DefaultSearchKeyword => removed successfully.
C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Program Files\GUT7784.tmp => moved successfully
C:\Users\Veronika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\Veronika\AppData\Local\Temp" folder move:
Could not move "C:\Users\Veronika\AppData\Local\Temp" => Scheduled to move on reboot.
"HKU\S-1-5-21-4187957554-3859541109-928336849-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}" => key removed successfully.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-11-17 18:47:05)
C:\Users\Veronika\AppData\Local\Temp => moved successfully
==== End of Fixlog 18:47:05 ====
Ran by Veronika (2015-11-17 18:44:46) Run:1
Running from C:\Users\Veronika\Desktop
Loaded Profiles: Veronika (Available Profiles: Veronika)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [Driver Genius] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {9ecad75d-6b64-11e2-8c4f-bc5ff4029a5f} - I:\LaunchU3.exe -a
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {a79deda3-1249-11e2-bbf8-fcdb338069b2} - H:\
HKU\S-1-5-21-4187957554-3859541109-928336849-1000\...\MountPoints2: {f20d600d-17cc-11e4-8aef-bc5ff4029a5f} - H:\Startme.exe
SearchScopes: HKU\S-1-5-21-4187957554-3859541109-928336849-1000 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
CHR DefaultSearchKeyword: Default -> bing.com
CHR Extension: (Bing) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-11-15]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Program Files\GUT7784.tmp
C:\Users\Veronika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Veronika\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-4187957554-3859541109-928336849-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Veronika\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Genius => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
"HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ecad75d-6b64-11e2-8c4f-bc5ff4029a5f}" => key removed successfully.
HKCR\CLSID\{9ecad75d-6b64-11e2-8c4f-bc5ff4029a5f} => key not found.
"HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a79deda3-1249-11e2-bbf8-fcdb338069b2}" => key removed successfully.
HKCR\CLSID\{a79deda3-1249-11e2-bbf8-fcdb338069b2} => key not found.
"HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f20d600d-17cc-11e4-8aef-bc5ff4029a5f}" => key removed successfully.
HKCR\CLSID\{f20d600d-17cc-11e4-8aef-bc5ff4029a5f} => key not found.
"HKU\S-1-5-21-4187957554-3859541109-928336849-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}" => key removed successfully.
HKCR\CLSID\{105E99FF-8B9A-4492-B155-06194B9056D2} => key not found.
Chrome DefaultSearchKeyword => removed successfully.
C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Program Files\GUT7784.tmp => moved successfully
C:\Users\Veronika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\Veronika\AppData\Local\Temp" folder move:
Could not move "C:\Users\Veronika\AppData\Local\Temp" => Scheduled to move on reboot.
"HKU\S-1-5-21-4187957554-3859541109-928336849-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}" => key removed successfully.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-11-17 18:47:05)
C:\Users\Veronika\AppData\Local\Temp => moved successfully
==== End of Fixlog 18:47:05 ====
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: BSOD při spuštěném Skypu a prohlížení webu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?
