Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by Kryštof (administrator) on STOF-PC on 13-07-2015 16:55:54
Running from C:\Users\Kryštof\Desktop
Loaded Profiles: Kryštof (Available Profiles: Kryštof)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Users\Kryštof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\Kryštof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\Kryštof\AppData\Roaming\Microsoft\Networking\winnet32b.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Processus hôte pour les services Windows) C:\Users\Kryštof\AppData\Local\Temp\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Kryštof\AppData\Roaming\Microsoft\Networking\inet32upd.exe
(forum.viry.cz) C:\Users\Kryštof\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Printsrv] => c:\Windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-06-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-31] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\windows\SysWOW64\qttask.exe [98304 2013-11-20] (Apple Computer, Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe [424496 2009-07-27] (Chicony)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Printsrv] => c:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\driverupd.vbs [559 2013-12-04] ()
HKU\S-1-5-21-3814319900-4190526806-681430808-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3814319900-4190526806-681430808-1000\...\Run: [{6B84E528-9705-4D36-9C97-97B8E23DAB75}] => "C:\Users\Kryštof\LeagueofLegends_EUNE_Installer_9_15_2014.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{6B84E528-9705-4D36-9C97-97B8E23DAB75}"
HKU\S-1-5-21-3814319900-4190526806-681430808-1000\...\Run: [DAEMON Tools Lite] => C:\Users\Kryštof\00\Daemon tool\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3814319900-4190526806-681430808-1000\...\Run: [cb9581693e9ae097d320e64af3403a85] => C:\Users\Kryštof\AppData\Local\Temp\svchost.exe [238080 2015-07-13] (Processus hôte pour les services Windows) <===== ATTENTION
HKU\S-1-5-21-3814319900-4190526806-681430808-1000\...\MountPoints2: {6893c179-6973-11e3-93aa-b870f411f833} - F:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-11-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-08-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-12-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Kryštof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cb9581693e9ae097d320e64af3403a85.exe [2015-07-13] (Processus hôte pour les services Windows)
Startup: C:\Users\Kryštof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost32.exe [2015-07-13] ()
Startup: C:\Users\Kryštof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost64.exe [2015-07-13] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-12-27] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId= ... kId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId= ... kId=255141
HKU\S-1-5-21-3814319900-4190526806-681430808-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://www.lenovo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3814319900-4190526806-681430808-1000 -> {1EF444E8-3F76-40FA-9CC0-77949B2C7F42} URL =
http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKU\S-1-5-21-3814319900-4190526806-681430808-1000 -> {293FD9E7-F03A-4603-88CB-BA6051F4A060} URL =
http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKU\S-1-5-21-3814319900-4190526806-681430808-1000 -> {424569E3-BE18-4BDC-8A47-731797286EA0} URL =
http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKU\S-1-5-21-3814319900-4190526806-681430808-1000 -> {4507C244-6CD7-4D69-BF17-C52A409F33FA} URL =
http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKU\S-1-5-21-3814319900-4190526806-681430808-1000 -> {5951F631-03DF-4669-84DB-7D846C7C4CE7} URL =
http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKU\S-1-5-21-3814319900-4190526806-681430808-1000 -> {8B884BB8-99EE-4678-8B99-726A62ACC8EB} URL =
http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKU\S-1-5-21-3814319900-4190526806-681430808-1000 -> {A192B599-F4B0-4525-ACBA-CF2AC9A0F5D1} URL =
http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKU\S-1-5-21-3814319900-4190526806-681430808-1000 -> {C889BA35-3B71-4679-A9CF-E7EC6A5BB6E4} URL =
http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKU\S-1-5-21-3814319900-4190526806-681430808-1000 -> {FC98E6F9-3FC8-4A1A-9AE6-1E547134E74D} URL =
http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-31] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-27] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-31] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-31] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-27] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-31] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 194.228.41.113 88.103.222.23
Tcpip\..\Interfaces\{3F9423E6-1855-4905-A21B-C39CDCEB6C59}: [DhcpNameServer] 194.228.41.113 88.103.222.23
Tcpip\..\Interfaces\{D884A2BD-F309-4581-8C12-DAC85BEFFE93}: [DhcpNameServer] 172.19.128.1
Tcpip\..\Interfaces\{DA8E73CA-ECA1-4F43-9647-A0DDA5652633}: [DhcpNameServer] 194.228.41.113 88.103.222.23
Tcpip\..\Interfaces\{FD7518C2-DE43-4D71-9A6B-1EEFCEBF24D2}: [DhcpNameServer] 192.168.42.129
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2027 -> C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll No File
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1040 -> C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [
smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-23]
FF HKLM-x32\...\Firefox\Extensions: [
wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-28]
FF HKU\S-1-5-21-3814319900-4190526806-681430808-1000\...\Firefox\Extensions: [
smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR Profile: C:\Users\Kryštof\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Seznam Lištička - Email) - C:\Users\Kryštof\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-09-09]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Kryštof\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-09-09]
CHR Extension: (Adblock Plus) - C:\Users\Kryštof\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-27]
CHR Extension: (FlyOrDie Go) - C:\Users\Kryštof\AppData\Local\Google\Chrome\User Data\Default\Extensions\fffhkcjfldmhhchoefbcgbhkibaioikg [2014-12-14]
CHR Extension: (Reversi) - C:\Users\Kryštof\AppData\Local\Google\Chrome\User Data\Default\Extensions\idmhindgonjchndndoceodfmnficpjdg [2014-12-14]
CHR Extension: (Google Wallet) - C:\Users\Kryštof\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR HKU\S-1-5-21-3814319900-4190526806-681430808-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KRYTOF~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASLDRService; C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-27] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\KRYTOF~1\AppData\Local\Temp\7zS0517\hpslpsvc64.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-27] ()
S3 bthav; C:\Windows\System32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-20] (Disc Soft Ltd)
S3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
S3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
S3 ATICDSDr; \??\C:\Users\KRYTOF~1\AppData\Local\Temp\ATICDSDr.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 16:55 - 2015-07-13 16:56 - 00021163 _____ C:\Users\Kryštof\Desktop\FRST.txt
2015-07-13 16:55 - 2015-07-13 16:55 - 00000000 ____D C:\FRST
2015-07-13 16:54 - 2015-07-13 16:54 - 00112640 _____ (forum.viry.cz) C:\Users\Kryštof\Desktop\FRSTLauncher.exe
2015-07-13 16:53 - 2015-07-13 16:53 - 00112640 _____ (forum.viry.cz) C:\Users\Kryštof\FRSTLauncher.exe
2015-07-13 16:48 - 2015-07-13 16:48 - 02133504 _____ (Farbar) C:\Users\Kryštof\Desktop\FRST64.exe
2015-07-13 16:25 - 2015-07-13 16:25 - 00275312 _____ C:\windows\Minidump\071315-32058-01.dmp
2015-07-13 16:01 - 2015-07-13 16:04 - 00000000 ____D C:\AdwCleaner
2015-07-13 16:00 - 2015-07-13 16:01 - 02248704 _____ C:\Users\Kryštof\Desktop\adwcleaner_4.208.exe
2015-07-13 15:43 - 2013-05-31 16:32 - 00565774 _____ C:\windows\expIorer.exe
2015-07-13 15:42 - 2015-07-13 15:42 - 00000000 ____D C:\Program Files (x86)\ULOZ.TO
2015-07-13 15:09 - 2015-07-13 15:17 - 96226325 _____ C:\Users\Kryštof\Minecraft-Tekkit-1.5.2.rar
2015-07-13 14:54 - 2015-07-13 15:26 - 444742798 _____ C:\Users\Kryštof\minecraft--1.6.4-mods.rar
2015-07-13 13:10 - 2015-07-13 16:25 - 489759018 _____ C:\windows\MEMORY.DMP
2015-07-13 13:10 - 2015-07-13 13:10 - 00275312 _____ C:\windows\Minidump\071315-33446-01.dmp
2015-07-13 12:25 - 2015-07-13 12:26 - 00226581 _____ C:\Users\Kryštof\MC-BP-1.7.exe
2015-07-13 12:02 - 2015-07-13 12:02 - 00037153 _____ C:\Users\Kryštof\záložky_13.07.15.html
2015-07-13 11:38 - 2015-07-13 11:38 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-13 11:10 - 2015-07-13 13:50 - 00000000 __SHD C:\AI_RecycleBin
2015-07-12 16:44 - 2015-07-12 16:44 - 00000000 ____D C:\Users\Kryštof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub
2015-07-12 16:40 - 2015-07-12 16:43 - 00000000 ____D C:\Program Files (x86)\Gabest
2015-07-12 16:40 - 2015-07-12 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
2015-06-27 10:04 - 2015-07-13 16:28 - 00001795 _____ C:\windows\setupact.log
2015-06-27 10:04 - 2015-06-27 10:04 - 00000000 _____ C:\windows\setuperr.log
2015-06-26 17:06 - 2015-06-26 17:06 - 00000000 ____D C:\Users\Kryštof\Desktop\farmakologie
2015-06-19 15:35 - 2015-07-03 16:01 - 00000024 _____ C:\Users\Kryštof\random.dat
2015-06-18 10:40 - 2015-06-18 10:40 - 00000000 ____D C:\Users\Kryštof\AppData\Local\GWX
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 16:53 - 2014-08-03 10:49 - 00000000 __SHD C:\Users\Kryštof\AppData\Local\EmieUserList
2015-07-13 16:53 - 2014-08-03 10:49 - 00000000 __SHD C:\Users\Kryštof\AppData\Local\EmieSiteList
2015-07-13 16:53 - 2013-11-20 21:42 - 00000000 ____D C:\Users\Kryštof
2015-07-13 16:36 - 2013-12-07 11:44 - 01185305 _____ C:\windows\WindowsUpdate.log
2015-07-13 16:31 - 2014-08-28 00:31 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-07-13 16:30 - 2013-11-20 21:52 - 00000948 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 16:28 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-13 16:25 - 2013-11-28 15:47 - 00000000 ____D C:\windows\Minidump
2015-07-13 16:03 - 2009-07-14 06:45 - 00027152 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 16:03 - 2009-07-14 06:45 - 00027152 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 15:42 - 2013-12-23 19:57 - 00000000 ____D C:\windows\bitstreams
2015-07-13 15:26 - 2013-11-20 21:52 - 00000952 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 11:52 - 2011-06-15 11:16 - 00668792 _____ C:\windows\system32\perfh005.dat
2015-07-13 11:52 - 2011-06-15 11:16 - 00141420 _____ C:\windows\system32\perfc005.dat
2015-07-13 11:52 - 2009-07-14 07:13 - 01583226 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-13 11:45 - 2013-11-20 22:33 - 00000000 ____D C:\Users\Kryštof\00
2015-07-13 11:42 - 2013-11-20 21:42 - 00002239 _____ C:\Users\Kryštof\Desktop\OneKey Recovery.lnk
2015-07-13 11:41 - 2013-11-21 12:38 - 00000000 ____D C:\Users\Kryštof\Documents\Youcam
2015-07-13 11:38 - 2014-02-06 14:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-13 11:12 - 2014-08-02 22:51 - 00000000 ____D C:\Users\Kryštof\Hry
2015-07-12 19:15 - 2013-12-12 14:59 - 00000000 ____D C:\Users\Kryštof\AppData\Roaming\uTorrent
2015-07-11 22:13 - 2013-12-20 15:54 - 00000000 ____D C:\Users\Kryštof\AppData\Roaming\DAEMON Tools Lite
2015-07-09 09:54 - 2014-11-25 16:49 - 00000000 ____D C:\ProgramData\ProductData
2015-07-07 22:33 - 2013-11-20 21:52 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-03 14:35 - 2013-12-07 11:55 - 00000024 _____ C:\Users\Kryštof\jagexappletviewer.preferences
2015-07-03 11:09 - 2013-12-07 11:33 - 00000047 _____ C:\Users\Kryštof\jagex_cl_runescape_LIVE.dat
2015-07-02 11:11 - 2013-11-21 12:38 - 00000000 ____D C:\Users\Kryštof\Documents\Easy Macro Recorder
2015-07-01 10:26 - 2009-07-14 07:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-06-24 09:23 - 2013-11-21 12:38 - 00000000 ____D C:\Users\Kryštof\Documents\KBCertifikat
2015-06-23 13:30 - 2013-11-20 21:59 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-06-18 17:31 - 2014-08-24 15:57 - 00064512 ___SH C:\Users\Kryštof\Thumbs.db
==================== Files in the root of some directories =======
2014-08-02 13:00 - 2014-08-02 13:00 - 0590960 _____ (ClickMeIn Limited) C:\Users\Kryštof\AppData\Local\nsa602E.tmp
2013-11-26 21:14 - 2013-11-26 21:14 - 0007605 _____ () C:\Users\Kryštof\AppData\Local\Resmon.ResmonCfg
2013-12-23 14:44 - 2014-06-21 10:01 - 0001341 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\Kryštof\AppData\Local\Temp\svchost.exe
C:\Users\Kryštof\counterstrike-setup.exe
C:\Users\Kryštof\FRSTLauncher.exe
C:\Users\Kryštof\MC-BP-1.7.exe
Some files in TEMP:
====================
C:\Users\Kryštof\AppData\Local\Temp\InstallOptions.dll
C:\Users\Kryštof\AppData\Local\Temp\Quarantine.exe
C:\Users\Kryštof\AppData\Local\Temp\sqlite3.dll
C:\Users\Kryštof\AppData\Local\Temp\svchost.exe
C:\Users\Kryštof\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Kry�tof\Desktop" je 1737 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 8
"C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\Kry�tof\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\Kry�tof\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Users\Kry�tof\00\Daemon tool\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyDriveConnect.exe
C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================