Dobrý den, problém jsou vyskakující okna v chromu.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-09-2015
Ran by admin (administrator) on TRT-D02A6EEC194 (13-09-2015 10:22:12)
Running from C:\Documents and Settings\admin\Plocha
Loaded Profiles: admin (Available Profiles: admin)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Apple Inc.) C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
(Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
(Logitech Inc.) C:\Program Files\Logitech\Video\CameraAssistant.exe
(Logitech Inc.) C:\WINDOWS\system32\ElkCtrl.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
(Software602 a.s.) C:\Program Files\Common Files\Soft602\602updsvc\602updsvc.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16844800 2007-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe [417792 2009-10-13] (Apple Inc.)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [Print2PDF Print Monitor] => C:\Program Files\Software602\Print2PDF\Print2PDF.exe [220992 2011-10-04] (Software602)
HKLM\...\Run: [LogitechCameraAssistant] => C:\Program Files\Logitech\Video\CameraAssistant.exe [489472 2005-12-07] (Logitech Inc.)
HKLM\...\Run: [LogitechVideo[inspector]] => C:\Program Files\Logitech\Video\InstallHelper.exe [73728 2005-12-07] (Logitech Inc.)
HKLM\...\Run: [LogitechCameraService(E)] => C:\WINDOWS\system32\ElkCtrl.exe [262144 2004-11-01] (Logitech Inc.)
HKLM\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2569616 2010-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe [222504 2010-09-17] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [223096 2012-04-17] (CyberLink Corp.)
HKU\S-1-5-21-436374069-776561741-682003330-1004\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-05-15] (Hewlett-Packard Company)
HKU\S-1-5-21-436374069-776561741-682003330-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG)
HKU\S-1-5-21-436374069-776561741-682003330-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\admin\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.1.lnk [2008-05-22]
ShortcutTarget: OpenOffice.org 2.1.lnk -> C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{D8083467-C575-475C-8051-432C4C02BE6D}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-436374069-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
HKU\S-1-5-21-436374069-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-436374069-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://www.webhledani.cz/results.aspx?i=39&tp= ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> {0A4D55B6-13FF-431E-9E8E-8B4B01F2BA1C} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://www.webhledani.cz/results.aspx?i=39&tp= ... earchTerms}
Toolbar: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2010-09-09] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237926463250
DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} hxxp://www.cortona3d.com/bin/cortvrml.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} hxxps://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2011-11-24] (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-436374069-776561741-682003330-1004: @kb-ext.cz/PKIComponent -> C:\Documents and Settings\admin\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [2013-09-26] (Komerční banka, a.s.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-08]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.cz/", "hxxps://www.google.cz/"
CHR DefaultSearchURL: Default -> hxxp://www.google.cz/search?hl=cs&source=hp&q= ... q=0&oq=bli
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Plugin: (Shockwave Flash
"path": "C:\\Program Files\\Google\\Chrome\\Application\\40.0.2214.93\\PepperFlash\\pepflashplayer.dll") - "name": "Shockwave Flash",
C:\Program Files\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client
"path": "C:\\Program Files\\Google\\Chrome\\Application\\40.0.2214.93\\ppGoogleNaClPluginChrome.dll") - "name": "Native Client",
C:\Program Files\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer
"path": "C:\\Program Files\\Google\\Chrome\\Application\\40.0.2214.93\\pdf.dll") - "name": "Chrome PDF Viewer",
C:\Program Files\Google\Chrome\Application\40.0.2214.93\pdf.dll => No File
CHR Plugin: (Skype Click to Call
"path": "C:\\Documents and Settings\\admin\\Local Settings\\Data aplikací\\Google\\Chrome\\User Data\\Default\\Extensions\\lifbcibllhkdhoafpjfnlhfpfgnpldfl\\6.6.0.11664_0\\npSkypeChromePlugin.dll") - "name": "Skype Click to Call",
C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat
"path": "C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll") - "name": "Adobe Acrobat",
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U12
"path": "C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll") - "name": "Java(TM) Platform SE 6 U12",
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npdrmv2.dll => No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library
"path": "C:\\Program Files\\Windows Media Player\\npdsplay.dll") - "name": "Windows Media Player Plug-in Dynamic Link Library",
C:\Program Files\Windows Media Player\npdsplay.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npwmsdrm.dll => No File
CHR Plugin: (Google Update
"path": "C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll") - "name": "Google Update",
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Software602 Form Filler
"path": "C:\\Program Files\\Software602\\602XML\\Filler\\npfiller.dll") - "name": "Software602 Form Filler",
C:\Program Files\Software602\602XML\Filler\npfiller.dll => No File
CHR Plugin: (Shockwave Flash
"path": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_11_5_502_149.dll") - "name": "Shockwave Flash",
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21
"path": "C:\\WINDOWS\\system32\\npDeployJava1.dll") - "name": "Java Deployment Toolkit 7.0.110.21",
C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In
"path": "c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll") - "name": "Silverlight Plug-In",
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation
"path": "c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll") - "name": "Windows Presentation Foundation",
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File
CHR Profile: C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-17]
CHR Extension: (YouTube) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-17]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-17]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Gmail) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-12-08] (Macrovision Europe Ltd.) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-10-15] (Motive Communications, Inc.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 602SQL 8 FastCGI Client; c:\Program Files\webgencz\602FSVC8.EXE [X]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AVerPola; C:\WINDOWS\System32\DRIVERS\AVerPola.sys [665984 2012-11-01] (AVerMedia TECHNOLOGIES, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 gdrv; C:\WINDOWS\gdrv.sys [16376 2008-05-22] (Windows (R) 2000 DDK provider)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 cpuz134; \??\C:\WINDOWS\TEMP\cpuz134\cpuz134_x32.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: uioqhbbuz -> no filepath.
NETSVC: ofifxadw -> no filepath.
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-13 10:22 - 2015-09-13 10:22 - 00019615 _____ C:\Documents and Settings\admin\Plocha\FRST.txt
2015-09-04 08:47 - 2015-09-13 10:21 - 00000000 ____D C:\Documents and Settings\admin\Plocha\FRST-OlderVersion
2015-08-23 17:14 - 2015-09-12 10:21 - 00000000 ____D C:\Documents and Settings\admin\Plocha\chrudimka
2015-08-21 09:14 - 2015-09-04 19:30 - 00000000 ____D C:\AdwCleaner
2015-08-21 09:14 - 2015-08-21 09:14 - 01605632 _____ C:\Documents and Settings\admin\Plocha\adwcleaner_5.003.exe
2015-08-21 08:33 - 2015-09-13 10:22 - 00000000 ____D C:\FRST
2015-08-21 08:30 - 2015-09-13 10:21 - 01692160 _____ (Farbar) C:\Documents and Settings\admin\Plocha\FRST.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-13 10:22 - 2008-05-22 20:50 - 00000000 ____D C:\Documents and Settings\admin\Plocha
2015-09-13 10:22 - 2008-05-22 20:50 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Temp
2015-09-13 10:18 - 2015-01-28 13:13 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-13 09:37 - 2008-05-22 20:45 - 01462171 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 09:35 - 2015-01-28 13:13 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-13 09:35 - 2014-03-18 09:50 - 00000222 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-09-13 09:35 - 2008-05-22 22:30 - 00000157 _____ C:\WINDOWS\wiadebug.log
2015-09-13 09:35 - 2008-05-22 22:30 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-09-13 09:35 - 2008-05-22 21:13 - 00000000 ____D C:\Documents and Settings\admin\Data aplikací\OpenOffice.org2
2015-09-13 09:35 - 2008-05-22 20:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-12 10:21 - 2008-05-22 20:50 - 00000178 ___SH C:\Documents and Settings\admin\ntuser.ini
2015-09-12 10:21 - 2008-05-22 20:49 - 00032528 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-12 07:38 - 2015-08-12 07:44 - 00000024 _____ C:\Documents and Settings\admin\Data aplikací\appdataFr25.bin
2015-09-12 07:36 - 2006-03-02 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-11 07:43 - 2014-12-09 13:46 - 00000000 ____D C:\Documents and Settings\admin\Plocha\stahovani TOM
2015-09-09 07:08 - 2008-12-31 15:13 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-09-09 07:06 - 2013-07-17 20:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 17:00 - 2008-05-22 21:13 - 00002573 _____ C:\Documents and Settings\admin\Plocha\OpenOffice.org Writer.lnk
2015-09-08 16:40 - 2008-12-31 15:18 - 00002481 _____ C:\Documents and Settings\admin\Plocha\Microsoft Office PowerPoint 2007.lnk
2015-09-08 07:52 - 2015-02-10 11:20 - 00000000 ____D C:\UCTO2015
2015-09-01 07:49 - 2014-01-07 12:09 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2015-08-31 08:09 - 2015-04-24 14:03 - 00000000 ___RD C:\Documents and Settings\admin\Plocha\FU-podání- certifikat-15
2015-08-31 08:07 - 2008-05-22 20:50 - 00000000 ___RD C:\Documents and Settings\admin\Dokumenty
2015-08-31 07:46 - 2008-05-22 22:27 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-08-31 07:44 - 2009-01-04 21:54 - 00000000 ____D C:\Program Files\DG
2015-08-31 07:44 - 2008-05-22 22:27 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-08-26 18:36 - 2008-05-22 21:36 - 132039072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-26 16:58 - 2013-12-01 13:52 - 00000000 ____D C:\Documents and Settings\admin\Plocha\šmoula
2015-08-24 19:08 - 2014-05-25 09:27 - 00000000 ____D C:\Documents and Settings\admin\Plocha\FU-stažení-potvrzení
2015-08-22 12:27 - 2008-07-09 19:22 - 00000000 ____D C:\Trifid
2015-08-21 21:08 - 2010-07-15 11:58 - 00000000 ____D C:\Documents and Settings\admin\KBCertifikat--15-
2015-08-21 21:08 - 2008-05-22 20:50 - 00000000 ____D C:\Documents and Settings\admin
2015-08-21 09:11 - 2015-06-27 07:22 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-21 09:05 - 2008-05-22 20:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-08-16 09:39 - 2015-05-24 10:16 - 01563223 _____ C:\Documents and Settings\admin\Plocha\světla.odt
==================== Files in the root of some directories =======
2015-08-12 07:44 - 2015-09-12 07:38 - 0000024 _____ () C:\Documents and Settings\admin\Data aplikací\appdataFr25.bin
2009-06-19 19:45 - 2015-03-24 23:06 - 0059904 _____ () C:\Documents and Settings\admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Documents and Settings\admin\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vyskakující okna v chromu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakující okna v chromu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakující okna v chromu
# AdwCleaner v5.003 - Logfile created 13/09/2015 at 16:26:30
# Updated 20/08/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : admin - TRT-D02A6EEC194
# Running from : C:\Documents and Settings\admin\Plocha\adwcleaner_5.003.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files\Yahoo!\Companion
***** [ Files ] *****
[-] File Deleted : C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
***** [ Web browsers ] *****
*************************
:: Proxy settings cleared
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1555 bytes] ##########
# Updated 20/08/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : admin - TRT-D02A6EEC194
# Running from : C:\Documents and Settings\admin\Plocha\adwcleaner_5.003.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files\Yahoo!\Companion
***** [ Files ] *****
[-] File Deleted : C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
***** [ Web browsers ] *****
*************************
:: Proxy settings cleared
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1555 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakující okna v chromu
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakující okna v chromu
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-09-2015
Ran by admin (administrator) on TRT-D02A6EEC194 (13-09-2015 17:41:04)
Running from C:\Documents and Settings\admin\Plocha
Loaded Profiles: admin (Available Profiles: admin)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Apple Inc.) C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
(Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
(Logitech Inc.) C:\Program Files\Logitech\Video\CameraAssistant.exe
(Logitech Inc.) C:\WINDOWS\system32\ElkCtrl.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
(Software602 a.s.) C:\Program Files\Common Files\Soft602\602updsvc\602updsvc.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16844800 2007-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe [417792 2009-10-13] (Apple Inc.)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [Print2PDF Print Monitor] => C:\Program Files\Software602\Print2PDF\Print2PDF.exe [220992 2011-10-04] (Software602)
HKLM\...\Run: [LogitechCameraAssistant] => C:\Program Files\Logitech\Video\CameraAssistant.exe [489472 2005-12-07] (Logitech Inc.)
HKLM\...\Run: [LogitechVideo[inspector]] => C:\Program Files\Logitech\Video\InstallHelper.exe [73728 2005-12-07] (Logitech Inc.)
HKLM\...\Run: [LogitechCameraService(E)] => C:\WINDOWS\system32\ElkCtrl.exe [262144 2004-11-01] (Logitech Inc.)
HKLM\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2569616 2010-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe [222504 2010-09-17] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [223096 2012-04-17] (CyberLink Corp.)
HKU\S-1-5-21-436374069-776561741-682003330-1004\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-05-15] (Hewlett-Packard Company)
HKU\S-1-5-21-436374069-776561741-682003330-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG)
HKU\S-1-5-21-436374069-776561741-682003330-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\admin\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.1.lnk [2008-05-22]
ShortcutTarget: OpenOffice.org 2.1.lnk -> C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{D8083467-C575-475C-8051-432C4C02BE6D}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-436374069-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
HKU\S-1-5-21-436374069-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-436374069-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://www.webhledani.cz/results.aspx?i=39&tp= ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> {0A4D55B6-13FF-431E-9E8E-8B4B01F2BA1C} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://www.webhledani.cz/results.aspx?i=39&tp= ... earchTerms}
Toolbar: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2010-09-09] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237926463250
DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} hxxp://www.cortona3d.com/bin/cortvrml.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} hxxps://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2011-11-24] (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-436374069-776561741-682003330-1004: @kb-ext.cz/PKIComponent -> C:\Documents and Settings\admin\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [2013-09-26] (Komerční banka, a.s.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-08]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.cz/", "hxxps://www.google.cz/"
CHR DefaultSearchURL: Default -> hxxp://www.google.cz/search?hl=cs&source=hp&q= ... q=0&oq=bli
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Plugin: (Shockwave Flash
"path": "C:\\Program Files\\Google\\Chrome\\Application\\40.0.2214.93\\PepperFlash\\pepflashplayer.dll") - "name": "Shockwave Flash",
C:\Program Files\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client
"path": "C:\\Program Files\\Google\\Chrome\\Application\\40.0.2214.93\\ppGoogleNaClPluginChrome.dll") - "name": "Native Client",
C:\Program Files\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer
"path": "C:\\Program Files\\Google\\Chrome\\Application\\40.0.2214.93\\pdf.dll") - "name": "Chrome PDF Viewer",
C:\Program Files\Google\Chrome\Application\40.0.2214.93\pdf.dll => No File
CHR Plugin: (Skype Click to Call
"path": "C:\\Documents and Settings\\admin\\Local Settings\\Data aplikací\\Google\\Chrome\\User Data\\Default\\Extensions\\lifbcibllhkdhoafpjfnlhfpfgnpldfl\\6.6.0.11664_0\\npSkypeChromePlugin.dll") - "name": "Skype Click to Call",
C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat
"path": "C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll") - "name": "Adobe Acrobat",
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U12
"path": "C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll") - "name": "Java(TM) Platform SE 6 U12",
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npdrmv2.dll => No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library
"path": "C:\\Program Files\\Windows Media Player\\npdsplay.dll") - "name": "Windows Media Player Plug-in Dynamic Link Library",
C:\Program Files\Windows Media Player\npdsplay.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npwmsdrm.dll => No File
CHR Plugin: (Google Update
"path": "C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll") - "name": "Google Update",
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Software602 Form Filler
"path": "C:\\Program Files\\Software602\\602XML\\Filler\\npfiller.dll") - "name": "Software602 Form Filler",
C:\Program Files\Software602\602XML\Filler\npfiller.dll => No File
CHR Plugin: (Shockwave Flash
"path": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_11_5_502_149.dll") - "name": "Shockwave Flash",
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21
"path": "C:\\WINDOWS\\system32\\npDeployJava1.dll") - "name": "Java Deployment Toolkit 7.0.110.21",
C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In
"path": "c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll") - "name": "Silverlight Plug-In",
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation
"path": "c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll") - "name": "Windows Presentation Foundation",
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File
CHR Profile: C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-17]
CHR Extension: (YouTube) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-17]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-17]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Gmail) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-12-08] (Macrovision Europe Ltd.) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-10-15] (Motive Communications, Inc.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 602SQL 8 FastCGI Client; c:\Program Files\webgencz\602FSVC8.EXE [X]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AVerPola; C:\WINDOWS\System32\DRIVERS\AVerPola.sys [665984 2012-11-01] (AVerMedia TECHNOLOGIES, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 gdrv; C:\WINDOWS\gdrv.sys [16376 2008-05-22] (Windows (R) 2000 DDK provider)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 cpuz134; \??\C:\WINDOWS\TEMP\cpuz134\cpuz134_x32.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: uioqhbbuz -> no filepath.
NETSVC: ofifxadw -> no filepath.
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-13 10:22 - 2015-09-13 17:41 - 00019615 _____ C:\Documents and Settings\admin\Plocha\FRST.txt
2015-09-04 08:47 - 2015-09-13 10:21 - 00000000 ____D C:\Documents and Settings\admin\Plocha\FRST-OlderVersion
2015-08-23 17:14 - 2015-09-12 10:21 - 00000000 ____D C:\Documents and Settings\admin\Plocha\chrudimka
2015-08-21 09:14 - 2015-09-13 16:26 - 00000000 ____D C:\AdwCleaner
2015-08-21 09:14 - 2015-08-21 09:14 - 01605632 _____ C:\Documents and Settings\admin\Plocha\adwcleaner_5.003.exe
2015-08-21 08:33 - 2015-09-13 17:41 - 00000000 ____D C:\FRST
2015-08-21 08:30 - 2015-09-13 10:21 - 01692160 _____ (Farbar) C:\Documents and Settings\admin\Plocha\FRST.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-13 17:41 - 2008-05-22 20:50 - 00000000 ____D C:\Documents and Settings\admin\Plocha
2015-09-13 17:41 - 2008-05-22 20:50 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Temp
2015-09-13 17:18 - 2015-01-28 13:13 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-13 16:28 - 2008-05-22 20:45 - 01472283 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 16:27 - 2015-01-28 13:13 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-13 16:27 - 2014-03-18 09:50 - 00000222 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-09-13 16:27 - 2008-05-22 22:30 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-13 16:27 - 2008-05-22 22:30 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-09-13 16:27 - 2008-05-22 21:13 - 00000000 ____D C:\Documents and Settings\admin\Data aplikací\OpenOffice.org2
2015-09-13 16:27 - 2008-05-22 20:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-13 16:26 - 2008-05-22 20:56 - 00000000 ____D C:\Program Files\Yahoo!
2015-09-13 16:26 - 2008-05-22 20:50 - 00000178 ___SH C:\Documents and Settings\admin\ntuser.ini
2015-09-13 16:26 - 2008-05-22 20:49 - 00032528 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-12 07:38 - 2015-08-12 07:44 - 00000024 _____ C:\Documents and Settings\admin\Data aplikací\appdataFr25.bin
2015-09-12 07:36 - 2006-03-02 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-11 07:43 - 2014-12-09 13:46 - 00000000 ____D C:\Documents and Settings\admin\Plocha\stahovani TOM
2015-09-09 07:08 - 2008-12-31 15:13 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-09-09 07:06 - 2013-07-17 20:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 17:00 - 2008-05-22 21:13 - 00002573 _____ C:\Documents and Settings\admin\Plocha\OpenOffice.org Writer.lnk
2015-09-08 16:40 - 2008-12-31 15:18 - 00002481 _____ C:\Documents and Settings\admin\Plocha\Microsoft Office PowerPoint 2007.lnk
2015-09-08 07:52 - 2015-02-10 11:20 - 00000000 ____D C:\UCTO2015
2015-09-01 07:49 - 2014-01-07 12:09 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2015-08-31 08:09 - 2015-04-24 14:03 - 00000000 ___RD C:\Documents and Settings\admin\Plocha\FU-podání- certifikat-15
2015-08-31 08:07 - 2008-05-22 20:50 - 00000000 ___RD C:\Documents and Settings\admin\Dokumenty
2015-08-31 07:46 - 2008-05-22 22:27 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-08-31 07:44 - 2009-01-04 21:54 - 00000000 ____D C:\Program Files\DG
2015-08-31 07:44 - 2008-05-22 22:27 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-08-26 18:36 - 2008-05-22 21:36 - 132039072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-26 16:58 - 2013-12-01 13:52 - 00000000 ____D C:\Documents and Settings\admin\Plocha\šmoula
2015-08-24 19:08 - 2014-05-25 09:27 - 00000000 ____D C:\Documents and Settings\admin\Plocha\FU-stažení-potvrzení
2015-08-22 12:27 - 2008-07-09 19:22 - 00000000 ____D C:\Trifid
2015-08-21 21:08 - 2010-07-15 11:58 - 00000000 ____D C:\Documents and Settings\admin\KBCertifikat--15-
2015-08-21 21:08 - 2008-05-22 20:50 - 00000000 ____D C:\Documents and Settings\admin
2015-08-21 09:11 - 2015-06-27 07:22 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-21 09:05 - 2008-05-22 20:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-08-16 09:39 - 2015-05-24 10:16 - 01563223 _____ C:\Documents and Settings\admin\Plocha\světla.odt
==================== Files in the root of some directories =======
2015-08-12 07:44 - 2015-09-12 07:38 - 0000024 _____ () C:\Documents and Settings\admin\Data aplikací\appdataFr25.bin
2009-06-19 19:45 - 2015-03-24 23:06 - 0059904 _____ () C:\Documents and Settings\admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Documents and Settings\admin\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Ran by admin (administrator) on TRT-D02A6EEC194 (13-09-2015 17:41:04)
Running from C:\Documents and Settings\admin\Plocha
Loaded Profiles: admin (Available Profiles: admin)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Apple Inc.) C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
(Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
(Logitech Inc.) C:\Program Files\Logitech\Video\CameraAssistant.exe
(Logitech Inc.) C:\WINDOWS\system32\ElkCtrl.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
(Software602 a.s.) C:\Program Files\Common Files\Soft602\602updsvc\602updsvc.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16844800 2007-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe [417792 2009-10-13] (Apple Inc.)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [Print2PDF Print Monitor] => C:\Program Files\Software602\Print2PDF\Print2PDF.exe [220992 2011-10-04] (Software602)
HKLM\...\Run: [LogitechCameraAssistant] => C:\Program Files\Logitech\Video\CameraAssistant.exe [489472 2005-12-07] (Logitech Inc.)
HKLM\...\Run: [LogitechVideo[inspector]] => C:\Program Files\Logitech\Video\InstallHelper.exe [73728 2005-12-07] (Logitech Inc.)
HKLM\...\Run: [LogitechCameraService(E)] => C:\WINDOWS\system32\ElkCtrl.exe [262144 2004-11-01] (Logitech Inc.)
HKLM\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2569616 2010-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe [222504 2010-09-17] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [223096 2012-04-17] (CyberLink Corp.)
HKU\S-1-5-21-436374069-776561741-682003330-1004\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-05-15] (Hewlett-Packard Company)
HKU\S-1-5-21-436374069-776561741-682003330-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG)
HKU\S-1-5-21-436374069-776561741-682003330-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\admin\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.1.lnk [2008-05-22]
ShortcutTarget: OpenOffice.org 2.1.lnk -> C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{D8083467-C575-475C-8051-432C4C02BE6D}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-436374069-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
HKU\S-1-5-21-436374069-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-436374069-776561741-682003330-1004\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://www.webhledani.cz/results.aspx?i=39&tp= ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> {0A4D55B6-13FF-431E-9E8E-8B4B01F2BA1C} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://www.webhledani.cz/results.aspx?i=39&tp= ... earchTerms}
Toolbar: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2010-09-09] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-436374069-776561741-682003330-1004 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237926463250
DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} hxxp://www.cortona3d.com/bin/cortvrml.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} hxxps://adisepo.mfcr.cz/adistc/adis/idpr_pub/xspa/bin/cryptsignx.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2011-11-24] (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-436374069-776561741-682003330-1004: @kb-ext.cz/PKIComponent -> C:\Documents and Settings\admin\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [2013-09-26] (Komerční banka, a.s.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-08]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.cz/", "hxxps://www.google.cz/"
CHR DefaultSearchURL: Default -> hxxp://www.google.cz/search?hl=cs&source=hp&q= ... q=0&oq=bli
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Plugin: (Shockwave Flash
"path": "C:\\Program Files\\Google\\Chrome\\Application\\40.0.2214.93\\PepperFlash\\pepflashplayer.dll") - "name": "Shockwave Flash",
C:\Program Files\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client
"path": "C:\\Program Files\\Google\\Chrome\\Application\\40.0.2214.93\\ppGoogleNaClPluginChrome.dll") - "name": "Native Client",
C:\Program Files\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer
"path": "C:\\Program Files\\Google\\Chrome\\Application\\40.0.2214.93\\pdf.dll") - "name": "Chrome PDF Viewer",
C:\Program Files\Google\Chrome\Application\40.0.2214.93\pdf.dll => No File
CHR Plugin: (Skype Click to Call
"path": "C:\\Documents and Settings\\admin\\Local Settings\\Data aplikací\\Google\\Chrome\\User Data\\Default\\Extensions\\lifbcibllhkdhoafpjfnlhfpfgnpldfl\\6.6.0.11664_0\\npSkypeChromePlugin.dll") - "name": "Skype Click to Call",
C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat
"path": "C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll") - "name": "Adobe Acrobat",
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U12
"path": "C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll") - "name": "Java(TM) Platform SE 6 U12",
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npdrmv2.dll => No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library
"path": "C:\\Program Files\\Windows Media Player\\npdsplay.dll") - "name": "Windows Media Player Plug-in Dynamic Link Library",
C:\Program Files\Windows Media Player\npdsplay.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npwmsdrm.dll => No File
CHR Plugin: (Google Update
"path": "C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll") - "name": "Google Update",
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Software602 Form Filler
"path": "C:\\Program Files\\Software602\\602XML\\Filler\\npfiller.dll") - "name": "Software602 Form Filler",
C:\Program Files\Software602\602XML\Filler\npfiller.dll => No File
CHR Plugin: (Shockwave Flash
"path": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_11_5_502_149.dll") - "name": "Shockwave Flash",
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21
"path": "C:\\WINDOWS\\system32\\npDeployJava1.dll") - "name": "Java Deployment Toolkit 7.0.110.21",
C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In
"path": "c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll") - "name": "Silverlight Plug-In",
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation
"path": "c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll") - "name": "Windows Presentation Foundation",
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File
CHR Profile: C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-17]
CHR Extension: (YouTube) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-17]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-17]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Gmail) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-12-08] (Macrovision Europe Ltd.) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-10-15] (Motive Communications, Inc.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 602SQL 8 FastCGI Client; c:\Program Files\webgencz\602FSVC8.EXE [X]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AVerPola; C:\WINDOWS\System32\DRIVERS\AVerPola.sys [665984 2012-11-01] (AVerMedia TECHNOLOGIES, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 gdrv; C:\WINDOWS\gdrv.sys [16376 2008-05-22] (Windows (R) 2000 DDK provider)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 cpuz134; \??\C:\WINDOWS\TEMP\cpuz134\cpuz134_x32.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: uioqhbbuz -> no filepath.
NETSVC: ofifxadw -> no filepath.
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-13 10:22 - 2015-09-13 17:41 - 00019615 _____ C:\Documents and Settings\admin\Plocha\FRST.txt
2015-09-04 08:47 - 2015-09-13 10:21 - 00000000 ____D C:\Documents and Settings\admin\Plocha\FRST-OlderVersion
2015-08-23 17:14 - 2015-09-12 10:21 - 00000000 ____D C:\Documents and Settings\admin\Plocha\chrudimka
2015-08-21 09:14 - 2015-09-13 16:26 - 00000000 ____D C:\AdwCleaner
2015-08-21 09:14 - 2015-08-21 09:14 - 01605632 _____ C:\Documents and Settings\admin\Plocha\adwcleaner_5.003.exe
2015-08-21 08:33 - 2015-09-13 17:41 - 00000000 ____D C:\FRST
2015-08-21 08:30 - 2015-09-13 10:21 - 01692160 _____ (Farbar) C:\Documents and Settings\admin\Plocha\FRST.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-13 17:41 - 2008-05-22 20:50 - 00000000 ____D C:\Documents and Settings\admin\Plocha
2015-09-13 17:41 - 2008-05-22 20:50 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Temp
2015-09-13 17:18 - 2015-01-28 13:13 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-13 16:28 - 2008-05-22 20:45 - 01472283 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 16:27 - 2015-01-28 13:13 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-13 16:27 - 2014-03-18 09:50 - 00000222 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-09-13 16:27 - 2008-05-22 22:30 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-13 16:27 - 2008-05-22 22:30 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-09-13 16:27 - 2008-05-22 21:13 - 00000000 ____D C:\Documents and Settings\admin\Data aplikací\OpenOffice.org2
2015-09-13 16:27 - 2008-05-22 20:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-13 16:26 - 2008-05-22 20:56 - 00000000 ____D C:\Program Files\Yahoo!
2015-09-13 16:26 - 2008-05-22 20:50 - 00000178 ___SH C:\Documents and Settings\admin\ntuser.ini
2015-09-13 16:26 - 2008-05-22 20:49 - 00032528 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-12 07:38 - 2015-08-12 07:44 - 00000024 _____ C:\Documents and Settings\admin\Data aplikací\appdataFr25.bin
2015-09-12 07:36 - 2006-03-02 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-11 07:43 - 2014-12-09 13:46 - 00000000 ____D C:\Documents and Settings\admin\Plocha\stahovani TOM
2015-09-09 07:08 - 2008-12-31 15:13 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-09-09 07:06 - 2013-07-17 20:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 17:00 - 2008-05-22 21:13 - 00002573 _____ C:\Documents and Settings\admin\Plocha\OpenOffice.org Writer.lnk
2015-09-08 16:40 - 2008-12-31 15:18 - 00002481 _____ C:\Documents and Settings\admin\Plocha\Microsoft Office PowerPoint 2007.lnk
2015-09-08 07:52 - 2015-02-10 11:20 - 00000000 ____D C:\UCTO2015
2015-09-01 07:49 - 2014-01-07 12:09 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2015-08-31 08:09 - 2015-04-24 14:03 - 00000000 ___RD C:\Documents and Settings\admin\Plocha\FU-podání- certifikat-15
2015-08-31 08:07 - 2008-05-22 20:50 - 00000000 ___RD C:\Documents and Settings\admin\Dokumenty
2015-08-31 07:46 - 2008-05-22 22:27 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-08-31 07:44 - 2009-01-04 21:54 - 00000000 ____D C:\Program Files\DG
2015-08-31 07:44 - 2008-05-22 22:27 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-08-26 18:36 - 2008-05-22 21:36 - 132039072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-26 16:58 - 2013-12-01 13:52 - 00000000 ____D C:\Documents and Settings\admin\Plocha\šmoula
2015-08-24 19:08 - 2014-05-25 09:27 - 00000000 ____D C:\Documents and Settings\admin\Plocha\FU-stažení-potvrzení
2015-08-22 12:27 - 2008-07-09 19:22 - 00000000 ____D C:\Trifid
2015-08-21 21:08 - 2010-07-15 11:58 - 00000000 ____D C:\Documents and Settings\admin\KBCertifikat--15-
2015-08-21 21:08 - 2008-05-22 20:50 - 00000000 ____D C:\Documents and Settings\admin
2015-08-21 09:11 - 2015-06-27 07:22 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-21 09:05 - 2008-05-22 20:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-08-16 09:39 - 2015-05-24 10:16 - 01563223 _____ C:\Documents and Settings\admin\Plocha\světla.odt
==================== Files in the root of some directories =======
2015-08-12 07:44 - 2015-09-12 07:38 - 0000024 _____ () C:\Documents and Settings\admin\Data aplikací\appdataFr25.bin
2009-06-19 19:45 - 2015-03-24 23:06 - 0059904 _____ () C:\Documents and Settings\admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Documents and Settings\admin\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakující okna v chromu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CHR dev: Chrome dev build detected! <======= ATTENTION
C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat
"path": "C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll") - "name": "Adobe Acrobat",
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U12
"path": "C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll") - "name": "Java(TM) Platform SE 6 U12",
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npdrmv2.dll => No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library
"path": "C:\\Program Files\\Windows Media Player\\npdsplay.dll") - "name": "Windows Media Player Plug-in Dynamic Link Library",
C:\Program Files\Windows Media Player\npdsplay.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npwmsdrm.dll => No File
CHR Plugin: (Google Update
"path": "C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll") - "name": "Google Update",
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Software602 Form Filler
"path": "C:\\Program Files\\Software602\\602XML\\Filler\\npfiller.dll") - "name": "Software602 Form Filler",
C:\Program Files\Software602\602XML\Filler\npfiller.dll => No File
CHR Plugin: (Shockwave Flash
"path": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_11_5_502_149.dll") - "name": "Shockwave Flash",
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21
"path": "C:\\WINDOWS\\system32\\npDeployJava1.dll") - "name": "Java Deployment Toolkit 7.0.110.21",
C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In
"path": "c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll") - "name": "Silverlight Plug-In",
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation
"path": "c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll") - "name": "Windows Presentation Foundation",
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
NETSVC: uioqhbbuz -> no filepath.
NETSVC: ofifxadw -> no filepath.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\admin\Local Settings\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakující okna v chromu
Fix result of Farbar Recovery Scan Tool (x86) Version:13-09-2015 01
Ran by admin (2015-09-13 19:00:57) Run:3
Running from C:\Documents and Settings\admin\Plocha
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CHR dev: Chrome dev build detected! <======= ATTENTION
C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat
"path": "C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll") - "name": "Adobe Acrobat",
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U12
"path": "C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll") - "name": "Java(TM) Platform SE 6 U12",
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npdrmv2.dll => No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library
"path": "C:\\Program Files\\Windows Media Player\\npdsplay.dll") - "name": "Windows Media Player Plug-in Dynamic Link Library",
C:\Program Files\Windows Media Player\npdsplay.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npwmsdrm.dll => No File
CHR Plugin: (Google Update
"path": "C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll") - "name": "Google Update",
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Software602 Form Filler
"path": "C:\\Program Files\\Software602\\602XML\\Filler\\npfiller.dll") - "name": "Software602 Form Filler",
C:\Program Files\Software602\602XML\Filler\npfiller.dll => No File
CHR Plugin: (Shockwave Flash
"path": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_11_5_502_149.dll") - "name": "Shockwave Flash",
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21
"path": "C:\\WINDOWS\\system32\\npDeployJava1.dll") - "name": "Java Deployment Toolkit 7.0.110.21",
C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In
"path": "c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll") - "name": "Silverlight Plug-In",
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation
"path": "c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll") - "name": "Windows Presentation Foundation",
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
NETSVC: uioqhbbuz -> no filepath.
NETSVC: ofifxadw -> no filepath.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\admin\Local Settings\Temp
End
*****************
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
"C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\npSkypeChromePlugin.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll") - "name": "Adobe Acrobat", => Error: No automatic fix found for this entry.
"C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll") - "name": "Java(TM) Platform SE 6 U12", => Error: No automatic fix found for this entry.
"C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll") - "name": "Microsoft® DRM", => Error: No automatic fix found for this entry.
"C:\Program Files\Windows Media Player\npdrmv2.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Windows Media Player\\npdsplay.dll") - "name": "Windows Media Player Plug-in Dynamic Link Library", => Error: No automatic fix found for this entry.
"C:\Program Files\Windows Media Player\npdsplay.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll") - "name": "Microsoft® DRM", => Error: No automatic fix found for this entry.
"C:\Program Files\Windows Media Player\npwmsdrm.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll") - "name": "Google Update", => Error: No automatic fix found for this entry.
"C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Software602\\602XML\\Filler\\npfiller.dll") - "name": "Software602 Form Filler", => Error: No automatic fix found for this entry.
"C:\Program Files\Software602\602XML\Filler\npfiller.dll => No File" => File/Folder not found.
"path": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_11_5_502_149.dll") - "name": "Shockwave Flash", => Error: No automatic fix found for this entry.
"C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File" => File/Folder not found.
"path": "C:\\WINDOWS\\system32\\npDeployJava1.dll") - "name": "Java Deployment Toolkit 7.0.110.21", => Error: No automatic fix found for this entry.
"C:\WINDOWS\system32\npDeployJava1.dll => No File" => File/Folder not found.
"path": "c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll") - "name": "Silverlight Plug-In", => Error: No automatic fix found for this entry.
"c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File" => File/Folder not found.
"path": "c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll") - "name": "Windows Presentation Foundation", => Error: No automatic fix found for this entry.
"c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File" => File/Folder not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully.
C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => moved successfully
IntelIde => service removed successfully.
WS2IFSL => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs uioqhbbuz => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ofifxadw => value removed successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Documents and Settings\admin\Local Settings\Temp => moved successfully
==== End of Fixlog 19:00:58 ====
Ran by admin (2015-09-13 19:00:57) Run:3
Running from C:\Documents and Settings\admin\Plocha
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CHR dev: Chrome dev build detected! <======= ATTENTION
C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat
"path": "C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll") - "name": "Adobe Acrobat",
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U12
"path": "C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll") - "name": "Java(TM) Platform SE 6 U12",
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npdrmv2.dll => No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library
"path": "C:\\Program Files\\Windows Media Player\\npdsplay.dll") - "name": "Windows Media Player Plug-in Dynamic Link Library",
C:\Program Files\Windows Media Player\npdsplay.dll => No File
CHR Plugin: (Microsoft® DRM
"path": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll") - "name": "Microsoft® DRM",
C:\Program Files\Windows Media Player\npwmsdrm.dll => No File
CHR Plugin: (Google Update
"path": "C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll") - "name": "Google Update",
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Software602 Form Filler
"path": "C:\\Program Files\\Software602\\602XML\\Filler\\npfiller.dll") - "name": "Software602 Form Filler",
C:\Program Files\Software602\602XML\Filler\npfiller.dll => No File
CHR Plugin: (Shockwave Flash
"path": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_11_5_502_149.dll") - "name": "Shockwave Flash",
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21
"path": "C:\\WINDOWS\\system32\\npDeployJava1.dll") - "name": "Java Deployment Toolkit 7.0.110.21",
C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In
"path": "c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll") - "name": "Silverlight Plug-In",
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation
"path": "c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll") - "name": "Windows Presentation Foundation",
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
NETSVC: uioqhbbuz -> no filepath.
NETSVC: ofifxadw -> no filepath.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\admin\Local Settings\Temp
End
*****************
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
"C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\npSkypeChromePlugin.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll") - "name": "Adobe Acrobat", => Error: No automatic fix found for this entry.
"C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll") - "name": "Java(TM) Platform SE 6 U12", => Error: No automatic fix found for this entry.
"C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll") - "name": "Microsoft® DRM", => Error: No automatic fix found for this entry.
"C:\Program Files\Windows Media Player\npdrmv2.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Windows Media Player\\npdsplay.dll") - "name": "Windows Media Player Plug-in Dynamic Link Library", => Error: No automatic fix found for this entry.
"C:\Program Files\Windows Media Player\npdsplay.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll") - "name": "Microsoft® DRM", => Error: No automatic fix found for this entry.
"C:\Program Files\Windows Media Player\npwmsdrm.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll") - "name": "Google Update", => Error: No automatic fix found for this entry.
"C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File" => File/Folder not found.
"path": "C:\\Program Files\\Software602\\602XML\\Filler\\npfiller.dll") - "name": "Software602 Form Filler", => Error: No automatic fix found for this entry.
"C:\Program Files\Software602\602XML\Filler\npfiller.dll => No File" => File/Folder not found.
"path": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_11_5_502_149.dll") - "name": "Shockwave Flash", => Error: No automatic fix found for this entry.
"C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File" => File/Folder not found.
"path": "C:\\WINDOWS\\system32\\npDeployJava1.dll") - "name": "Java Deployment Toolkit 7.0.110.21", => Error: No automatic fix found for this entry.
"C:\WINDOWS\system32\npDeployJava1.dll => No File" => File/Folder not found.
"path": "c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll") - "name": "Silverlight Plug-In", => Error: No automatic fix found for this entry.
"c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File" => File/Folder not found.
"path": "c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll") - "name": "Windows Presentation Foundation", => Error: No automatic fix found for this entry.
"c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File" => File/Folder not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully.
C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => moved successfully
IntelIde => service removed successfully.
WS2IFSL => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs uioqhbbuz => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ofifxadw => value removed successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Documents and Settings\admin\Local Settings\Temp => moved successfully
==== End of Fixlog 19:00:58 ====
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakující okna v chromu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakující okna v chromu
Bohužel problém stále trvá. Pomůže nějak při identifikaci, když v okně je napsánáno Ads by Max Adblock?
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakující okna v chromu
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakující okna v chromu
Při instalaci se vyskytla chyba a program nelze spustit. Bohužel nejde zřejmě kvůli chybě ani odinstalovat.
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakující okna v chromu
Na XP vám bude fungovat tato verze: http://en.softonic.com/s/malwarebytes-1.5.2 . Přehlédl jsem typ oper. systému. Omlouvám se.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakující okna v chromu
Při instalaci se vyskytla chyba a program nelze spustit. Ve vyhledávání je vezre 1.5.2, ale já tam našel ke stažení 2.1.8 . Možná je tedy chyba na mojí straně, ale jinou jsem nenašel.
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyskakující okna v chromu
Verze 2.x v XP nebude fungovat. Musíte mít verzi 1.5x. Zkuste tedy pohledat, nicméně z tohoto umístění se ta verze stahovala.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyskakující okna v chromu
Ze staršího tématu jsem našel tento odkaz:
http://www.bleepingcomputer.com/downloa ... re/dl/241/Neaktualizoval jsem, zůstala 1.75.x a pouze jsem aktualizoval virovou databázi.
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org
Verze: v2015.09.14.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: TRT-D02A6EEC194 [administrátor]
Ochrana: Zakázána
14.9.2015 18:10:09
MBAM-log-2015-09-14 (18-42-24).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 342134
Uplynulý čas: 11 minut, 46 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 3
HKCR\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77} (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SMARTBAR (PUP.Optional.SmartBar) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 1
HKCU\Software\Smartbar|GlobalUserId (PUP.Optional.SmartBar) -> Data: C584C8F6-15AE-410C-B64F-3D2ED4B97FA4 -> Nebyla provedena žádná instrukce.
Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Špatný: (0) Dobrý: (1) -> Nebyla provedena žádná instrukce.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 6
C:\Program Files\AppendGeneration\AppendGeneration.dll (PUP.Optional.MultiPlug.PLY) -> Nebyla provedena žádná instrukce.
C:\Program Files\Utime\Utime.exe (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\Program Files\Weather Europe Extension\Weather Europe Extension.exe (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\Program Files\Goodness\Goodness.exe (Trojan.Agent) -> Nebyla provedena žádná instrukce.
C:\Program Files\Hover Zoom\Hover Zoom.exe (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\SoftonicDownloader_for_samsung-kies.exe (PUP.Optional.SofTonic) -> Nebyla provedena žádná instrukce.
(konec)
http://www.bleepingcomputer.com/downloa ... re/dl/241/Neaktualizoval jsem, zůstala 1.75.x a pouze jsem aktualizoval virovou databázi.
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org
Verze: v2015.09.14.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: TRT-D02A6EEC194 [administrátor]
Ochrana: Zakázána
14.9.2015 18:10:09
MBAM-log-2015-09-14 (18-42-24).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 342134
Uplynulý čas: 11 minut, 46 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 3
HKCR\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77} (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SMARTBAR (PUP.Optional.SmartBar) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 1
HKCU\Software\Smartbar|GlobalUserId (PUP.Optional.SmartBar) -> Data: C584C8F6-15AE-410C-B64F-3D2ED4B97FA4 -> Nebyla provedena žádná instrukce.
Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Špatný: (0) Dobrý: (1) -> Nebyla provedena žádná instrukce.
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 6
C:\Program Files\AppendGeneration\AppendGeneration.dll (PUP.Optional.MultiPlug.PLY) -> Nebyla provedena žádná instrukce.
C:\Program Files\Utime\Utime.exe (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\Program Files\Weather Europe Extension\Weather Europe Extension.exe (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\Program Files\Goodness\Goodness.exe (Trojan.Agent) -> Nebyla provedena žádná instrukce.
C:\Program Files\Hover Zoom\Hover Zoom.exe (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\SoftonicDownloader_for_samsung-kies.exe (PUP.Optional.SofTonic) -> Nebyla provedena žádná instrukce.
(konec)
Přispějete na provoz fóra?