Ping mi lita od 20 do 100 pri online hrani
Napsal: 30 pro 2015 19:51
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-12-2015
Ran by Pierre (administrator) on NERO (30-12-2015 19:47:11)
Running from C:\Documents and Settings\Pierre\Plocha
Loaded Profiles: Pierre (Available Profiles: Pierre)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
() C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe
() C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MiPhoneManager\main\MiPhoneHelper.exe
(GoPro) C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_31\bin\java.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG Smart Share\Update\SmartShareTray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AppWork GmbH) C:\Documents and Settings\Pierre\Local Settings\Data aplikací\JDownloader v2.0\JDownloader2.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\Pierre\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1687824 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2094352 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [LG Smart Share] => C:\Program Files\LG Software\LG Smart Share\SmartShareStartXP.exe [134744 2013-03-25] (LG Electronics Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-07-23] (Power Software Ltd)
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM\...\Run: [EaseUS TB Tray Agent] => C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2591888 2015-09-14] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4556048 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [GoogleChromeAutoLaunch_BD17503A2D8EC1E93944F64D6130C39D] => "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [MiPhoneManager] => C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MiPhoneManager\main\MiPhoneHelper.exe [146224 2015-07-03] ()
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\CineForm Status.lnk [2015-09-15]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
GroupPolicy: Restriction - Chrome <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{95358A7A-F515-4188-B822-D6E5B12114F4}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Toolbar: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2014-02-25] (Společnost Microsoft)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1454471165-1326574676-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-05] [not signed]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxps://www.google.cz/
CHR Profile: C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-18]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Disk Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-18]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-27] (Disc Soft Ltd)
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25104 2015-06-21] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [52008 2014-12-14] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40744 2014-12-14] ()
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14888 2014-12-14] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [188328 2014-12-14] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2014-11-18] ()
R3 ip100xp; C:\WINDOWS\System32\DRIVERS\ipfnd51.sys [26752 2010-11-23] (IC Plus Corp. ) [File not signed]
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [56280 2013-09-16] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [136624 2015-09-14] (NVIDIA Corporation)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114304 2015-07-23] (Power Software Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 MSICDSetup; \??\D:\CDriver.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-30 19:47 - 2015-12-30 19:47 - 00016985 _____ C:\Documents and Settings\Pierre\Plocha\FRST.txt
2015-12-30 19:47 - 2015-12-30 19:47 - 00000000 ____D C:\FRST
2015-12-30 19:39 - 2015-12-30 19:39 - 01721856 _____ (Farbar) C:\Documents and Settings\Pierre\Plocha\FRST.exe
2015-12-30 19:39 - 2015-12-30 19:39 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pierre\Plocha\FRSTLauncher.exe
2015-12-30 17:08 - 2015-12-30 17:08 - 00090112 _____ C:\WINDOWS\Minidump\Mini123015-01.dmp
2015-12-30 17:05 - 2015-12-30 17:05 - 01743360 _____ C:\Documents and Settings\Pierre\Plocha\adwcleaner_5.026.exe
2015-12-25 23:44 - 2015-12-25 23:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini122515-01.dmp
2015-12-23 13:47 - 2015-12-29 12:53 - 00000000 ____D C:\Documents and Settings\Pierre\Plocha\jaxte
2015-12-16 23:26 - 2015-12-16 23:26 - 15385887 _____ C:\Documents and Settings\Pierre\Plocha\2015-09-zpravodaj-baska.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-30 19:47 - 2015-07-12 23:36 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\temp
2015-12-30 19:47 - 2015-02-25 21:09 - 00000000 ____D C:\WINDOWS
2015-12-30 19:47 - 2015-02-25 20:47 - 00000000 ____D C:\Documents and Settings\Pierre\Plocha
2015-12-30 19:46 - 2015-02-25 20:47 - 00000000 ___HD C:\Documents and Settings\Pierre\Local Settings\Data aplikací
2015-12-30 19:20 - 2015-09-17 19:10 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-30 19:03 - 2015-06-18 23:32 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-30 18:15 - 2015-09-15 22:28 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\JDownloader v2.0
2015-12-30 17:22 - 2015-03-01 09:42 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz
2015-12-30 17:22 - 2015-02-25 23:41 - 00007682 _____ C:\WINDOWS\system32\nvAppTimestamps
2015-12-30 17:18 - 2015-02-25 23:54 - 00000000 ____D C:\Program Files\Counter Strike 1.6
2015-12-30 17:18 - 2015-02-25 23:51 - 00000000 ____D C:\Documents and Settings\Pierre\GSplay
2015-12-30 17:18 - 2015-02-25 23:32 - 01579824 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2015-12-30 17:18 - 2015-02-25 23:32 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2015-12-30 17:17 - 2015-09-17 19:09 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-30 17:17 - 2015-09-04 11:06 - 00001054 _____ C:\WINDOWS\Tasks\ExObslI9P8NNjD3RrGI0HIktb.job
2015-12-30 17:17 - 2015-02-25 20:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-30 17:17 - 2004-08-18 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-30 17:16 - 2015-03-01 10:51 - 00211366 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2015-12-30 17:16 - 2015-02-25 20:47 - 00000178 ___SH C:\Documents and Settings\Pierre\ntuser.ini
2015-12-30 17:16 - 2015-02-25 20:40 - 00032614 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-30 17:15 - 2015-07-12 22:12 - 00000000 ____D C:\AdwCleaner
2015-12-30 17:15 - 2015-02-25 21:15 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-12-30 17:11 - 2015-09-04 11:12 - 00001813 _____ C:\Documents and Settings\Default User\Plocha\Google Chrome.lnk
2015-12-30 17:10 - 2015-02-25 23:32 - 01579824 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2015-12-29 16:03 - 2015-06-18 23:32 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-29 16:03 - 2015-06-18 23:32 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-28 21:00 - 2015-02-28 21:27 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\vlc
2015-12-25 23:44 - 2015-09-04 11:10 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-23 15:05 - 2015-02-25 21:13 - 00000000 ____D C:\Pierre
2015-12-17 00:10 - 2015-11-19 17:00 - 00000000 ____D C:\Documents and Settings\Pierre\Plocha\Euronics
2015-12-09 20:41 - 2015-02-26 13:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 20:36 - 2015-02-26 13:25 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 10:12 - 2015-02-25 21:16 - 01184620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-08 10:12 - 2004-08-18 13:00 - 00489962 _____ C:\WINDOWS\system32\perfh005.dat
2015-12-08 10:12 - 2004-08-18 13:00 - 00098506 _____ C:\WINDOWS\system32\perfc005.dat
2015-11-30 00:15 - 2015-03-01 10:51 - 01262454 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1454471165-1326574676-839522115-1003-0.dat
==================== Files in the root of some directories =======
2015-08-17 14:56 - 2015-08-17 14:56 - 0000245 _____ () C:\Documents and Settings\Pierre\Data aplikací\del.bat
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb
2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb.exe
2015-06-25 18:59 - 2015-10-04 07:22 - 0009216 _____ () C:\Documents and Settings\Pierre\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-04 10:48 - 2015-09-04 10:48 - 0004105 _____ () C:\Documents and Settings\All Users\Data aplikací\wmzddnmb.cix
Some files in TEMP:
====================
C:\Documents and Settings\Pierre\Local Settings\temp\130868260149721582.exe
C:\Documents and Settings\Pierre\Local Settings\temp\13086826016440908203.exe
C:\Documents and Settings\Pierre\Local Settings\temp\3098.exe
C:\Documents and Settings\Pierre\Local Settings\temp\8115.exe
C:\Documents and Settings\Pierre\Local Settings\temp\8333.exe
C:\Documents and Settings\Pierre\Local Settings\temp\geeplayersetup_unfix.exe
C:\Documents and Settings\Pierre\Local Settings\temp\IQIYIsetup_l_huayukeji@kb006.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u51-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u65-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\listicka-partner-16194-1.1.8-offline.exe
C:\Documents and Settings\Pierre\Local Settings\temp\pps104.exe
C:\Documents and Settings\Pierre\Local Settings\temp\proxy_vole5842462818500444452.dll
C:\Documents and Settings\Pierre\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Pierre\Local Settings\temp\setup.exe
C:\Documents and Settings\Pierre\Local Settings\temp\setup3.exe
C:\Documents and Settings\Pierre\Local Settings\temp\sqlite-3.8.2-x86-sqlitejdbc.dll
C:\Documents and Settings\Pierre\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\Pierre\Local Settings\temp\{94DF23C8-D11B-4097-914C-20448C9B66C9}.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:800.75 GB) (Free:189.98 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Nohejbal) (CDROM) (Total:4.18 GB) (Free:0 GB) CDFS
Drive z: (Win 7) (Fixed) (Total:130.76 GB) (Free:130.7 GB) NTFS
Available physical RAM: 2266.05 MB
Total physical RAM: 3565.84 MB
Percentage of memory in use: 36%
==================== MBR and Partition Table ==================
2015-08-18 22:04 - 2014-12-14 23:53 - 00193064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
Disk: 0 (Size: 931.5 GB) (Disk ID: 9CBF33C3)
Partition 1: (Active) - (Size=800.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=130.8 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\ExObslI9P8NNjD3RrGI0HIktb.job => C:\Documents and Settings\Pierre\Data aplikac\ExObslI9P8NNjD3RrGI0HIktb.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:054203E4
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Pierre\Plocha" je 832 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Counter Strike 1.6\\hl.exe"="C:\\Program Files\\Counter Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\LG Software\\LG Smart Share\\DMS\\SmartShareDMS.exe"="C:\\Program Files\\LG Software\\LG Smart Share\\DMS\\SmartShareDMS.exe:*:Enabled:SmartShare DMS"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\LG Software\\LG Smart Share\\DMR\\SmartShareDMR.exe"="C:\\Program Files\\LG Software\\LG Smart Share\\DMR\\SmartShareDMR.exe:*:Enabled:SmartShare DMR"
"C:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"="C:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe:*:Enabled:Split/Second"
"C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"="C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe:*:Enabled:TbService.exe"
"C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"="C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe:*:Enabled:Local TBConsoleUI.exe"
"C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TodoBackupService.exe"="C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TodoBackupService.exe:*:Enabled:Local TodoBackupService.exe"
"C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\LStyle\\GpUpdate.exe"="C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\LStyle\\GpUpdate.exe:*:Enabled:???????"
"C:\\Program Files\\IQIYI Video\\GeePlayer\\GeePlayer.exe"="C:\\Program Files\\IQIYI Video\\GeePlayer\\GeePlayer.exe:*:Enabled:????????"
"C:\\Program Files\\IQIYI Video\\LStyle\\QyClient.exe"="C:\\Program Files\\IQIYI Video\\LStyle\\QyClient.exe:*:Enabled:???PPS??"
"C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\LStyle\\QyUpdate.exe"="C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\LStyle\\QyUpdate.exe:*:Enabled:???????"
"C:\\Program Files\\IQIYI Video\\LStyle\\QyWebPlayer.exe"="C:\\Program Files\\IQIYI Video\\LStyle\\QyWebPlayer.exe:*:Enabled:???PPS??"
"C:\\Program Files\\IQIYI Video\\Common\\QyKernel.exe"="C:\\Program Files\\IQIYI Video\\Common\\QyKernel.exe:*:Enabled:???HCDN????????"
"C:\\Program Files\\IQIYI Video\\LStyle\\QyPlayer.exe"="C:\\Program Files\\IQIYI Video\\LStyle\\QyPlayer.exe:*:Enabled:????????"
"C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\GeePlayer\\GpUpdate.exe"="C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\GeePlayer\\GpUpdate.exe:*:Enabled:???????"
"C:\\Program Files\\IQIYI Video\\GeePlayer\\GeePlayer\\GeePlayer.exe"="C:\\Program Files\\IQIYI Video\\GeePlayer\\GeePlayer\\GeePlayer.exe:*:Enabled:????????"
"C:\\Program Files\\Crossbrowse\\Crossbrowse\\Application\\crossbrowse.exe"="C:\\Program Files\\Crossbrowse\\Crossbrowse\\Application\\crossbrowse.exe:*:Enabled:Crossbrowse"
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"="C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\\Documents and Settings\\Pierre\\Local Settings\\Data aplikac\\MiPhoneManager\\main\\MiPCSuite.exe"="C:\\Documents and Settings\\Pierre\\Local Settings\\Data aplikac\\MiPhoneManager\\main\\MiPCSuite.exe:*:Enabled:MiPhoneManager"
"C:\\Documents and Settings\\Pierre\\Data aplikac\\Xiaomi\\MiPhoneManager\\Plugin\\xunlei\\download\\MiniThunderPlatform.exe"="C:\\Documents and Settings\\Pierre\\Data aplikac\\Xiaomi\\MiPhoneManager\\Plugin\\xunlei\\download\\MiniThunderPlatform.exe:*:Enabled:?????????"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
==================== End Of Log ==============================
Ran by Pierre (administrator) on NERO (30-12-2015 19:47:11)
Running from C:\Documents and Settings\Pierre\Plocha
Loaded Profiles: Pierre (Available Profiles: Pierre)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
() C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe
() C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MiPhoneManager\main\MiPhoneHelper.exe
(GoPro) C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_31\bin\java.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG Smart Share\Update\SmartShareTray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AppWork GmbH) C:\Documents and Settings\Pierre\Local Settings\Data aplikací\JDownloader v2.0\JDownloader2.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\Pierre\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1687824 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2094352 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [LG Smart Share] => C:\Program Files\LG Software\LG Smart Share\SmartShareStartXP.exe [134744 2013-03-25] (LG Electronics Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-07-23] (Power Software Ltd)
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM\...\Run: [EaseUS TB Tray Agent] => C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2591888 2015-09-14] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4556048 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [GoogleChromeAutoLaunch_BD17503A2D8EC1E93944F64D6130C39D] => "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [MiPhoneManager] => C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MiPhoneManager\main\MiPhoneHelper.exe [146224 2015-07-03] ()
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\CineForm Status.lnk [2015-09-15]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
GroupPolicy: Restriction - Chrome <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{95358A7A-F515-4188-B822-D6E5B12114F4}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Toolbar: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2014-02-25] (Společnost Microsoft)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1454471165-1326574676-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-05] [not signed]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxps://www.google.cz/
CHR Profile: C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-18]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Disk Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-18]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-27] (Disc Soft Ltd)
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25104 2015-06-21] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [52008 2014-12-14] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40744 2014-12-14] ()
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14888 2014-12-14] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [188328 2014-12-14] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2014-11-18] ()
R3 ip100xp; C:\WINDOWS\System32\DRIVERS\ipfnd51.sys [26752 2010-11-23] (IC Plus Corp. ) [File not signed]
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [56280 2013-09-16] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [136624 2015-09-14] (NVIDIA Corporation)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114304 2015-07-23] (Power Software Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 MSICDSetup; \??\D:\CDriver.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-30 19:47 - 2015-12-30 19:47 - 00016985 _____ C:\Documents and Settings\Pierre\Plocha\FRST.txt
2015-12-30 19:47 - 2015-12-30 19:47 - 00000000 ____D C:\FRST
2015-12-30 19:39 - 2015-12-30 19:39 - 01721856 _____ (Farbar) C:\Documents and Settings\Pierre\Plocha\FRST.exe
2015-12-30 19:39 - 2015-12-30 19:39 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pierre\Plocha\FRSTLauncher.exe
2015-12-30 17:08 - 2015-12-30 17:08 - 00090112 _____ C:\WINDOWS\Minidump\Mini123015-01.dmp
2015-12-30 17:05 - 2015-12-30 17:05 - 01743360 _____ C:\Documents and Settings\Pierre\Plocha\adwcleaner_5.026.exe
2015-12-25 23:44 - 2015-12-25 23:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini122515-01.dmp
2015-12-23 13:47 - 2015-12-29 12:53 - 00000000 ____D C:\Documents and Settings\Pierre\Plocha\jaxte
2015-12-16 23:26 - 2015-12-16 23:26 - 15385887 _____ C:\Documents and Settings\Pierre\Plocha\2015-09-zpravodaj-baska.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-30 19:47 - 2015-07-12 23:36 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\temp
2015-12-30 19:47 - 2015-02-25 21:09 - 00000000 ____D C:\WINDOWS
2015-12-30 19:47 - 2015-02-25 20:47 - 00000000 ____D C:\Documents and Settings\Pierre\Plocha
2015-12-30 19:46 - 2015-02-25 20:47 - 00000000 ___HD C:\Documents and Settings\Pierre\Local Settings\Data aplikací
2015-12-30 19:20 - 2015-09-17 19:10 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-30 19:03 - 2015-06-18 23:32 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-30 18:15 - 2015-09-15 22:28 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\JDownloader v2.0
2015-12-30 17:22 - 2015-03-01 09:42 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz
2015-12-30 17:22 - 2015-02-25 23:41 - 00007682 _____ C:\WINDOWS\system32\nvAppTimestamps
2015-12-30 17:18 - 2015-02-25 23:54 - 00000000 ____D C:\Program Files\Counter Strike 1.6
2015-12-30 17:18 - 2015-02-25 23:51 - 00000000 ____D C:\Documents and Settings\Pierre\GSplay
2015-12-30 17:18 - 2015-02-25 23:32 - 01579824 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2015-12-30 17:18 - 2015-02-25 23:32 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2015-12-30 17:17 - 2015-09-17 19:09 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-30 17:17 - 2015-09-04 11:06 - 00001054 _____ C:\WINDOWS\Tasks\ExObslI9P8NNjD3RrGI0HIktb.job
2015-12-30 17:17 - 2015-02-25 20:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-30 17:17 - 2004-08-18 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-12-30 17:16 - 2015-03-01 10:51 - 00211366 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2015-12-30 17:16 - 2015-02-25 20:47 - 00000178 ___SH C:\Documents and Settings\Pierre\ntuser.ini
2015-12-30 17:16 - 2015-02-25 20:40 - 00032614 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-30 17:15 - 2015-07-12 22:12 - 00000000 ____D C:\AdwCleaner
2015-12-30 17:15 - 2015-02-25 21:15 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-12-30 17:11 - 2015-09-04 11:12 - 00001813 _____ C:\Documents and Settings\Default User\Plocha\Google Chrome.lnk
2015-12-30 17:10 - 2015-02-25 23:32 - 01579824 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2015-12-29 16:03 - 2015-06-18 23:32 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-29 16:03 - 2015-06-18 23:32 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-28 21:00 - 2015-02-28 21:27 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\vlc
2015-12-25 23:44 - 2015-09-04 11:10 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-23 15:05 - 2015-02-25 21:13 - 00000000 ____D C:\Pierre
2015-12-17 00:10 - 2015-11-19 17:00 - 00000000 ____D C:\Documents and Settings\Pierre\Plocha\Euronics
2015-12-09 20:41 - 2015-02-26 13:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 20:36 - 2015-02-26 13:25 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 10:12 - 2015-02-25 21:16 - 01184620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-08 10:12 - 2004-08-18 13:00 - 00489962 _____ C:\WINDOWS\system32\perfh005.dat
2015-12-08 10:12 - 2004-08-18 13:00 - 00098506 _____ C:\WINDOWS\system32\perfc005.dat
2015-11-30 00:15 - 2015-03-01 10:51 - 01262454 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1454471165-1326574676-839522115-1003-0.dat
==================== Files in the root of some directories =======
2015-08-17 14:56 - 2015-08-17 14:56 - 0000245 _____ () C:\Documents and Settings\Pierre\Data aplikací\del.bat
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb
2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb.exe
2015-06-25 18:59 - 2015-10-04 07:22 - 0009216 _____ () C:\Documents and Settings\Pierre\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-04 10:48 - 2015-09-04 10:48 - 0004105 _____ () C:\Documents and Settings\All Users\Data aplikací\wmzddnmb.cix
Some files in TEMP:
====================
C:\Documents and Settings\Pierre\Local Settings\temp\130868260149721582.exe
C:\Documents and Settings\Pierre\Local Settings\temp\13086826016440908203.exe
C:\Documents and Settings\Pierre\Local Settings\temp\3098.exe
C:\Documents and Settings\Pierre\Local Settings\temp\8115.exe
C:\Documents and Settings\Pierre\Local Settings\temp\8333.exe
C:\Documents and Settings\Pierre\Local Settings\temp\geeplayersetup_unfix.exe
C:\Documents and Settings\Pierre\Local Settings\temp\IQIYIsetup_l_huayukeji@kb006.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u51-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u65-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\listicka-partner-16194-1.1.8-offline.exe
C:\Documents and Settings\Pierre\Local Settings\temp\pps104.exe
C:\Documents and Settings\Pierre\Local Settings\temp\proxy_vole5842462818500444452.dll
C:\Documents and Settings\Pierre\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Pierre\Local Settings\temp\setup.exe
C:\Documents and Settings\Pierre\Local Settings\temp\setup3.exe
C:\Documents and Settings\Pierre\Local Settings\temp\sqlite-3.8.2-x86-sqlitejdbc.dll
C:\Documents and Settings\Pierre\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\Pierre\Local Settings\temp\{94DF23C8-D11B-4097-914C-20448C9B66C9}.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:800.75 GB) (Free:189.98 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Nohejbal) (CDROM) (Total:4.18 GB) (Free:0 GB) CDFS
Drive z: (Win 7) (Fixed) (Total:130.76 GB) (Free:130.7 GB) NTFS
Available physical RAM: 2266.05 MB
Total physical RAM: 3565.84 MB
Percentage of memory in use: 36%
==================== MBR and Partition Table ==================
2015-08-18 22:04 - 2014-12-14 23:53 - 00193064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
Disk: 0 (Size: 931.5 GB) (Disk ID: 9CBF33C3)
Partition 1: (Active) - (Size=800.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=130.8 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\ExObslI9P8NNjD3RrGI0HIktb.job => C:\Documents and Settings\Pierre\Data aplikac\ExObslI9P8NNjD3RrGI0HIktb.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:054203E4
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Pierre\Plocha" je 832 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Counter Strike 1.6\\hl.exe"="C:\\Program Files\\Counter Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\LG Software\\LG Smart Share\\DMS\\SmartShareDMS.exe"="C:\\Program Files\\LG Software\\LG Smart Share\\DMS\\SmartShareDMS.exe:*:Enabled:SmartShare DMS"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\LG Software\\LG Smart Share\\DMR\\SmartShareDMR.exe"="C:\\Program Files\\LG Software\\LG Smart Share\\DMR\\SmartShareDMR.exe:*:Enabled:SmartShare DMR"
"C:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"="C:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe:*:Enabled:Split/Second"
"C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"="C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe:*:Enabled:TbService.exe"
"C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"="C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe:*:Enabled:Local TBConsoleUI.exe"
"C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TodoBackupService.exe"="C:\\Program Files\\EaseUS\\Todo Backup\\bin\\TodoBackupService.exe:*:Enabled:Local TodoBackupService.exe"
"C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\LStyle\\GpUpdate.exe"="C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\LStyle\\GpUpdate.exe:*:Enabled:???????"
"C:\\Program Files\\IQIYI Video\\GeePlayer\\GeePlayer.exe"="C:\\Program Files\\IQIYI Video\\GeePlayer\\GeePlayer.exe:*:Enabled:????????"
"C:\\Program Files\\IQIYI Video\\LStyle\\QyClient.exe"="C:\\Program Files\\IQIYI Video\\LStyle\\QyClient.exe:*:Enabled:???PPS??"
"C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\LStyle\\QyUpdate.exe"="C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\LStyle\\QyUpdate.exe:*:Enabled:???????"
"C:\\Program Files\\IQIYI Video\\LStyle\\QyWebPlayer.exe"="C:\\Program Files\\IQIYI Video\\LStyle\\QyWebPlayer.exe:*:Enabled:???PPS??"
"C:\\Program Files\\IQIYI Video\\Common\\QyKernel.exe"="C:\\Program Files\\IQIYI Video\\Common\\QyKernel.exe:*:Enabled:???HCDN????????"
"C:\\Program Files\\IQIYI Video\\LStyle\\QyPlayer.exe"="C:\\Program Files\\IQIYI Video\\LStyle\\QyPlayer.exe:*:Enabled:????????"
"C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\GeePlayer\\GpUpdate.exe"="C:\\Documents and Settings\\Pierre\\Data aplikac\\IQIYI Video\\GeePlayer\\GpUpdate.exe:*:Enabled:???????"
"C:\\Program Files\\IQIYI Video\\GeePlayer\\GeePlayer\\GeePlayer.exe"="C:\\Program Files\\IQIYI Video\\GeePlayer\\GeePlayer\\GeePlayer.exe:*:Enabled:????????"
"C:\\Program Files\\Crossbrowse\\Crossbrowse\\Application\\crossbrowse.exe"="C:\\Program Files\\Crossbrowse\\Crossbrowse\\Application\\crossbrowse.exe:*:Enabled:Crossbrowse"
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"="C:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS)"
"C:\\Documents and Settings\\Pierre\\Local Settings\\Data aplikac\\MiPhoneManager\\main\\MiPCSuite.exe"="C:\\Documents and Settings\\Pierre\\Local Settings\\Data aplikac\\MiPhoneManager\\main\\MiPCSuite.exe:*:Enabled:MiPhoneManager"
"C:\\Documents and Settings\\Pierre\\Data aplikac\\Xiaomi\\MiPhoneManager\\Plugin\\xunlei\\download\\MiniThunderPlatform.exe"="C:\\Documents and Settings\\Pierre\\Data aplikac\\Xiaomi\\MiPhoneManager\\Plugin\\xunlei\\download\\MiniThunderPlatform.exe:*:Enabled:?????????"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
==================== End Of Log ==============================