VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

.Thor

https://forum.viry.cz:443/viewtopic.php?t=150556

Stránka 1 z 1

.Thor

Napsal: 15 lis 2016 16:48
od foldy
Zdravím,
chtěl bych poprosit o pomoc s odvirováním notebooku. Všechny fotky a kdoví co ještě má příponu .thor, už jsem koukal na nějaké rady a jen si chci upřesnit zda mám AdwCleaner spustit normálně z W7, nebo přes nouzový režim? Spustím Scan a Clean, následně sem vložím log.

Díky

F.

Re: .Thor

Napsal: 15 lis 2016 19:32
od Rudy
Zdravím!
Nejprve ale dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Pokud budeme ADW spouštět je jedno, v jakém režimu ho spustíte. FRST ale musíte spustit v normálním.

Re: .Thor

Napsal: 26 lis 2016 13:57
od foldy
Omlouvám se, ale chvíli to trvalo. Přikládám logy FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Lucik (administrator) on LUCIK (26-11-2016 13:25:20)
Running from C:\Users\Lucik\Desktop
Loaded Profiles: Lucik (Available Profiles: Lucik & as640)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Popajar, inc) C:\Users\Lucik\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\szninstall.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(C. Ghisler & Co.) C:\totalcmd\TOTALCMD.EXE
(forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1875048 2010-11-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [UpdateChecker] => C:\Users\Lucik\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe [7168 2014-01-16] (Popajar, inc)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818712 2016-10-12] (Google)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{575D9BD0-1B2D-44C4-ACE1-1AFCE2D565CA}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{E300DC5B-DBC0-4B94-A8C2-E2C23CC0EEBA}: [DhcpNameServer] 94.74.192.252 94.74.192.244

Internet Explorer:
==================
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {12DA348F-BAF5-4F55-8883-D113C5F1A241} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {2A9603D9-DA6C-4872-95C0-41C5F52BB5AF} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {48B5550F-C9D3-4D4E-9B9D-D4D6C5505076} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {73E416AD-34F4-42FB-AEFD-C09147BE00E2} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {81BFDFDA-4C37-4C4E-A56A-EE0E52B0A5D5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {92C3213F-2BAE-4B5F-AFD3-6C53D87DD3A4} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {A9D4A26E-E769-4BD9-B781-97417173F925} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {B5314C77-2842-42FA-BCC9-B51EDDA442F0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {BD272F60-7C8B-4AB9-B431-575B87129B56} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_27368
BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Prezentace Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-25]
CHR Extension: (Dokumenty Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]
CHR Extension: (Disk Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-15]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Vyhledávání Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Tabulky Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-25]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl [2015-11-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-11-15]
CHR Extension: (Gmail) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]
CHR HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Lucik\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [121368 2008-05-25] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 wxpSvc; D:\instal\WLITE-program kamera\webcamXP 5\wService.exe [5023744 2011-07-27] (Moonware Studios) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-26 13:25 - 2016-11-26 13:26 - 00015912 _____ C:\Users\Lucik\Desktop\FRST.txt
2016-11-26 13:24 - 2016-11-26 13:25 - 00000000 ____D C:\FRST
2016-11-26 13:23 - 2016-11-26 13:16 - 00112640 _____ (forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe
2016-11-26 13:23 - 2016-11-15 16:23 - 02411520 _____ (Farbar) C:\Users\Lucik\Desktop\FRST64.exe
2016-11-15 11:20 - 2016-11-15 11:20 - 232123713 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2566-9F4F31AE33E6.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 173489029 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3608-9D85BD30DE98.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 109426825 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-33F2-3D81BFFF6AC1.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 65856655 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-BFFC-2090E2902CF3.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 15515132 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-372E-FF4CA7B91045.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-5B90-52495C28336A.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-71C5-E73990DE56AE.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 03223441 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-0680-D487064BC8BB.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00039141 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-0DAD-E4D23502779B.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Downloads\_649_WHAT_is.html
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Documents\_642_WHAT_is.html
2016-11-15 11:16 - 2016-11-15 11:16 - 04870670 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-02AA-35AEAC56BD1C.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00499353 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A295-F2D3D71CDEED.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00062736 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-E921-02359266F532.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00887580 ____N C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6100-6D9D3A65FF74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00460000 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-09FF-32FA4F4AD441.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00409849 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-788A-BF1B34CDA6DF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00061466 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-BCF4-817DB7DAEDD4.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00052787 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-F1CE-CBED3F488E03.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002946 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2194-ACD96352E3AF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002775 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-153C-12EE11944DE6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002495 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-0644-8AC61BFC1C74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001933 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-03B2-DD41A3439F20.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001929 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D00-FC17D8918DF6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001913 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8891-468EF1389050.thor
2016-11-15 11:03 - 2016-11-15 11:03 - 00031748 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D57-E1143CD742E7.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00593044 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-7305-C732F3B67C18.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00136253 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-A781-DCEE4B0227B3.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00008327 _____ C:\Users\Lucik\Documents\_135_WHAT_is.html
2016-11-15 11:01 - 2016-11-15 11:01 - 00286784 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3A5A-9161886764B8.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00208708 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-D61A-87BDA79FB965.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00048452 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-4D60-18EA223757E9.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00039252 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B936-2195B7C636DF.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00014121 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B6C5-1801B69F0A2B.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00012170 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-94F0-EF2D6436CACB.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00008327 _____ C:\Users\Lucik\Downloads\_87_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00087364 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A4CD-7367152742B7.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00036676 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6A85-F905E1F0CDC4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00034628 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8FA3-74C76929BD0E.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00025412 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-1570-9E9DF99F47D4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00013362 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-56E8-1B8BAFC3CB3C.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00010365 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-58F7-3F6E6CC9E1E0.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_33_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_14_WHAT_is.html
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-10-31 16:24 - 2016-10-31 16:24 - 00284640 _____ C:\Windows\Minidump\103116-68999-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-26 13:26 - 2011-04-12 09:34 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-11-26 13:26 - 2011-04-12 09:34 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-11-26 13:26 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-26 13:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-26 13:22 - 2014-05-28 15:03 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 13:22 - 2014-02-05 15:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Skype
2016-11-26 13:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 15:09 - 2014-05-28 15:03 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-15 15:09 - 2013-11-19 21:35 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-15 11:21 - 2014-02-05 14:59 - 00000000 ____D C:\Users\Lucik\Documents\Add-in Express
2016-11-15 11:20 - 2014-03-25 20:53 - 00000000 ____D C:\ProgramData\webcamXP 5
2016-11-15 11:18 - 2016-02-03 08:41 - 00000000 ____D C:\Users\Lucik\Desktop\NOVELI BUSINESS
2016-11-15 11:12 - 2013-11-19 22:08 - 00000000 ____D C:\totalcmd
2016-11-15 11:10 - 2016-05-20 13:10 - 00000000 ____D C:\Users\Lucik\Desktop\daně zaměstnanci
2016-11-15 11:02 - 2016-10-05 18:16 - 00000000 ___RD C:\Users\Lucik\Disk Google
2016-11-15 10:15 - 2014-05-28 15:03 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 10:15 - 2014-05-28 15:03 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 09:45 - 2015-10-14 07:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\eM Client
2016-11-12 11:49 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-12 11:49 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-09 08:30 - 2016-10-05 17:54 - 00002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-07 19:54 - 2016-02-25 17:39 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Seznam.cz
2016-11-07 19:51 - 2015-01-01 16:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-03 16:47 - 2014-05-28 15:03 - 00000000 ____D C:\Users\Lucik\AppData\Local\Google
2016-10-31 16:24 - 2014-04-22 17:42 - 00000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\AtStart.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\DSwitch.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\QSwitch.txt

Files to move or delete:
====================
C:\Users\Lucik\bullzip-pdf-printer_10.19.0.2457.exe


Some files in TEMP:
====================
C:\Users\Lucik\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Lucik\AppData\Local\Temp\ose00000.exe
C:\Users\Lucik\AppData\Local\Temp\primosdk.DLL
C:\Users\Lucik\AppData\Local\Temp\px.dll
C:\Users\Lucik\AppData\Local\Temp\pxafs.dll
C:\Users\Lucik\AppData\Local\Temp\PxCpyA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxCpyI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxdrv.dll
C:\Users\Lucik\AppData\Local\Temp\pxhpinst.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxmas.dll
C:\Users\Lucik\AppData\Local\Temp\pxsetup.exe
C:\Users\Lucik\AppData\Local\Temp\pxsfs.dll
C:\Users\Lucik\AppData\Local\Temp\pxwave.dll
C:\Users\Lucik\AppData\Local\Temp\qAUTucmLua3.dll
C:\Users\Lucik\AppData\Local\Temp\siinst.exe
C:\Users\Lucik\AppData\Local\Temp\strings.dll
C:\Users\Lucik\AppData\Local\Temp\vxblock.dll
C:\Users\Lucik\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Lucik\Desktop" je 2414 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: .Thor

Napsal: 26 lis 2016 13:59
od foldy
A ještě Adwcleaner.

# AdwCleaner v6.030 - Log soubor vytvořen 26/11/2016 na 13:34:47
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-10-18.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Lucik - LUCIK
# Beží od : D:\instal\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Adresáře ] *****

[-] Adresář smazán:C:\Users\Lucik\AppData\Local\Popajar
[-] Adresář smazán:C:\Users\Lucik\AppData\Roaming\OpenCandy
[-] Adresář smazán:C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupce ] *****



***** [ Plánovač úloh ] *****



***** [ Registry ] *****

[-] Klíč smazán:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\APN PIP
[-] Klíč smazán:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Popajar
[-] Klíč smazán:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\SmileysWeLove
[#] Klíč smazán po restartování:HKCU\Software\APN PIP
[#] Klíč smazán po restartování:HKCU\Software\Popajar
[#] Klíč smazán po restartování:HKCU\Software\SmileysWeLove
[#] Klíč smazán po restartování:[x64] HKCU\Software\APN PIP
[#] Klíč smazán po restartování:[x64] HKCU\Software\Popajar
[#] Klíč smazán po restartování:[x64] HKCU\Software\SmileysWeLove
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\freeradiocast.dl.tb.ask.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\freeradiocast.dl.tb.ask.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[-] Hodnota smazána:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Windows\CurrentVersion\Run [UpdateChecker]
[#] Hodnota smazána po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Run [UpdateChecker]
[#] Hodnota smazána po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [UpdateChecker]
[-] Klíč smazán:HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl


***** [ Prohlížeče ] *****

[-] [C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazání:fjbbjfdilbioabojmcplalojlmdngbjl


*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2921 Bajtů] - [26/11/2016 13:34:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [3126 Bajtů] - [26/11/2016 13:32:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3069 Bajtů] ##########

Re: .Thor

Napsal: 26 lis 2016 18:51
od Rudy
Dejte nový log FRST.

Re: .Thor

Napsal: 27 lis 2016 11:18
od foldy
Tady je.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Lucik (administrator) on LUCIK (27-11-2016 11:10:40)
Running from C:\Users\Lucik\Desktop
Loaded Profiles: Lucik (Available Profiles: Lucik & as640)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1875048 2010-11-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818712 2016-10-12] (Google)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{575D9BD0-1B2D-44C4-ACE1-1AFCE2D565CA}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{E300DC5B-DBC0-4B94-A8C2-E2C23CC0EEBA}: [DhcpNameServer] 94.74.192.252 94.74.192.244

Internet Explorer:
==================
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {12DA348F-BAF5-4F55-8883-D113C5F1A241} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {2A9603D9-DA6C-4872-95C0-41C5F52BB5AF} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {48B5550F-C9D3-4D4E-9B9D-D4D6C5505076} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {73E416AD-34F4-42FB-AEFD-C09147BE00E2} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {81BFDFDA-4C37-4C4E-A56A-EE0E52B0A5D5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {92C3213F-2BAE-4B5F-AFD3-6C53D87DD3A4} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {A9D4A26E-E769-4BD9-B781-97417173F925} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {B5314C77-2842-42FA-BCC9-B51EDDA442F0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {BD272F60-7C8B-4AB9-B431-575B87129B56} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_27368
BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Prezentace Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-25]
CHR Extension: (Dokumenty Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]
CHR Extension: (Disk Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-15]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Vyhledávání Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Tabulky Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-11-15]
CHR Extension: (Gmail) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]
CHR HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [121368 2008-05-25] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 wxpSvc; D:\instal\WLITE-program kamera\webcamXP 5\wService.exe [5023744 2011-07-27] (Moonware Studios) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 11:04 - 2016-11-27 11:10 - 00015084 _____ C:\Users\Lucik\Desktop\FRST.txt
2016-11-26 13:31 - 2016-11-26 13:34 - 00000000 ____D C:\AdwCleaner
2016-11-26 13:24 - 2016-11-26 13:25 - 00000000 ____D C:\FRST
2016-11-26 13:23 - 2016-11-26 13:16 - 00112640 _____ (forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe
2016-11-26 13:23 - 2016-11-15 16:23 - 02411520 _____ (Farbar) C:\Users\Lucik\Desktop\FRST64.exe
2016-11-15 11:20 - 2016-11-15 11:20 - 232123713 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2566-9F4F31AE33E6.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 173489029 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3608-9D85BD30DE98.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 109426825 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-33F2-3D81BFFF6AC1.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 65856655 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-BFFC-2090E2902CF3.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 15515132 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-372E-FF4CA7B91045.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-5B90-52495C28336A.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-71C5-E73990DE56AE.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 03223441 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-0680-D487064BC8BB.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00039141 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-0DAD-E4D23502779B.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Downloads\_649_WHAT_is.html
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Documents\_642_WHAT_is.html
2016-11-15 11:16 - 2016-11-15 11:16 - 04870670 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-02AA-35AEAC56BD1C.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00499353 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A295-F2D3D71CDEED.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00062736 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-E921-02359266F532.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00887580 ____N C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6100-6D9D3A65FF74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00460000 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-09FF-32FA4F4AD441.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00409849 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-788A-BF1B34CDA6DF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00061466 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-BCF4-817DB7DAEDD4.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00052787 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-F1CE-CBED3F488E03.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002946 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2194-ACD96352E3AF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002775 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-153C-12EE11944DE6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002495 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-0644-8AC61BFC1C74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001933 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-03B2-DD41A3439F20.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001929 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D00-FC17D8918DF6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001913 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8891-468EF1389050.thor
2016-11-15 11:03 - 2016-11-15 11:03 - 00031748 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D57-E1143CD742E7.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00593044 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-7305-C732F3B67C18.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00136253 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-A781-DCEE4B0227B3.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00008327 _____ C:\Users\Lucik\Documents\_135_WHAT_is.html
2016-11-15 11:01 - 2016-11-15 11:01 - 00286784 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3A5A-9161886764B8.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00208708 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-D61A-87BDA79FB965.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00048452 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-4D60-18EA223757E9.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00039252 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B936-2195B7C636DF.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00014121 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B6C5-1801B69F0A2B.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00012170 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-94F0-EF2D6436CACB.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00008327 _____ C:\Users\Lucik\Downloads\_87_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00087364 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A4CD-7367152742B7.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00036676 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6A85-F905E1F0CDC4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00034628 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8FA3-74C76929BD0E.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00025412 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-1570-9E9DF99F47D4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00013362 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-56E8-1B8BAFC3CB3C.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00010365 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-58F7-3F6E6CC9E1E0.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_33_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_14_WHAT_is.html
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-10-31 16:24 - 2016-10-31 16:24 - 00284640 _____ C:\Windows\Minidump\103116-68999-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 11:10 - 2014-02-05 15:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Skype
2016-11-27 11:10 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-27 11:10 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-27 11:09 - 2014-05-28 15:03 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-27 11:09 - 2013-11-19 21:35 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-27 11:08 - 2011-04-12 09:34 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-11-27 11:08 - 2011-04-12 09:34 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-11-27 11:08 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-27 11:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-27 11:07 - 2016-02-25 17:39 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Seznam.cz
2016-11-27 11:02 - 2014-05-28 15:03 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-27 11:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 11:21 - 2014-02-05 14:59 - 00000000 ____D C:\Users\Lucik\Documents\Add-in Express
2016-11-15 11:20 - 2014-03-25 20:53 - 00000000 ____D C:\ProgramData\webcamXP 5
2016-11-15 11:18 - 2016-02-03 08:41 - 00000000 ____D C:\Users\Lucik\Desktop\NOVELI BUSINESS
2016-11-15 11:12 - 2013-11-19 22:08 - 00000000 ____D C:\totalcmd
2016-11-15 11:10 - 2016-05-20 13:10 - 00000000 ____D C:\Users\Lucik\Desktop\daně zaměstnanci
2016-11-15 11:02 - 2016-10-05 18:16 - 00000000 ___RD C:\Users\Lucik\Disk Google
2016-11-15 10:15 - 2014-05-28 15:03 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 10:15 - 2014-05-28 15:03 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 09:45 - 2015-10-14 07:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\eM Client
2016-11-09 08:30 - 2016-10-05 17:54 - 00002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-07 19:51 - 2015-01-01 16:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-03 16:47 - 2014-05-28 15:03 - 00000000 ____D C:\Users\Lucik\AppData\Local\Google
2016-10-31 16:24 - 2014-04-22 17:42 - 00000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\AtStart.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\DSwitch.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\QSwitch.txt

Files to move or delete:
====================
C:\Users\Lucik\bullzip-pdf-printer_10.19.0.2457.exe


Some files in TEMP:
====================
C:\Users\Lucik\AppData\Local\Temp\libeay32.dll
C:\Users\Lucik\AppData\Local\Temp\msvcr120.dll
C:\Users\Lucik\AppData\Local\Temp\ose00000.exe
C:\Users\Lucik\AppData\Local\Temp\primosdk.DLL
C:\Users\Lucik\AppData\Local\Temp\px.dll
C:\Users\Lucik\AppData\Local\Temp\pxafs.dll
C:\Users\Lucik\AppData\Local\Temp\PxCpyA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxCpyI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxdrv.dll
C:\Users\Lucik\AppData\Local\Temp\pxhpinst.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxmas.dll
C:\Users\Lucik\AppData\Local\Temp\pxsetup.exe
C:\Users\Lucik\AppData\Local\Temp\pxsfs.dll
C:\Users\Lucik\AppData\Local\Temp\pxwave.dll
C:\Users\Lucik\AppData\Local\Temp\qAUTucmLua3.dll
C:\Users\Lucik\AppData\Local\Temp\siinst.exe
C:\Users\Lucik\AppData\Local\Temp\sqlite3.dll
C:\Users\Lucik\AppData\Local\Temp\strings.dll
C:\Users\Lucik\AppData\Local\Temp\vxblock.dll
C:\Users\Lucik\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-24 14:19

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (System) (Fixed) (Total:48.83 GB) (Free:0.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (data) (Fixed) (Total:100.22 GB) (Free:16.8 GB) NTFS

Available physical RAM: 1547.45 MB
Total physical RAM: 3055.3 MB
Percentage of memory in use: 49%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 30212419)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Lucik\Desktop" je 2414 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: .Thor

Napsal: 27 lis 2016 11:44
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Lucik\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu
Velikost slozky "C:\Users\Lucik\Desktop" je 2414 MB.
To je přiliš mnoho a může to způsobovat zpomalení startu systému.Vytvořte v C:\Users\Lucik novou složku a přesuňte do ní všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.

Re: .Thor

Napsal: 27 lis 2016 12:39
od foldy
tady je fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Lucik (27-11-2016 12:24:40) Run:1
Running from C:\Users\Lucik\Desktop
Loaded Profiles: Lucik (Available Profiles: Lucik & as640)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Lucik\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
"HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dc2597c-7a4f-11e6-ad58-001a4b7d7f54}" => key removed successfully
HKCR\CLSID\{8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully

"C:\Users\Lucik\AppData\Local\Temp" folder move:

Could not move "C:\Users\Lucik\AppData\Local\Temp" => Scheduled to move on reboot.

C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 157307547 B
Java, Flash, Steam htmlcache => 106603 B
Windows/system/drivers => 545539230 B
Edge => 0 B
Chrome => 258678196 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6876 B
Public => 0 B
ProgramData => 0 B
systemprofile => 68840 B
systemprofile32 => 72682 B
LocalService => 66228 B
NetworkService => 329224 B
Lucik => 3303431635 B
nspadm => 0 B
as640 => 57535 B

RecycleBin => 1497060010 B
EmptyTemp: => 5.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-11-2016 12:29:47)

C:\Users\Lucik\AppData\Local\Temp => moved successfully

==== End of Fixlog 12:29:49 ====

A díky za info ohledně plochy, nevšiml jsem si že toho bylo 2,4 GB.

Re: .Thor

Napsal: 27 lis 2016 17:40
od Rudy
Váš PC je odvirován. Příponu *.thor vám ale nedešifrujeme. K tomu je třeba přímý přístup do PC, což nemáme právně ošetřeno. Obraťte se na naše kolegy zde: https://neslape.cz/?utm_campaign=neslap ... ium=banner .

Re: .Thor

Napsal: 28 lis 2016 10:40
od foldy
Super, díky moc za pomoc.

Re: .Thor

Napsal: 28 lis 2016 18:11
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz