Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by Tomik (administrator) on TOMIK-PC (21-12-2016 16:50:04)
Running from C:\Users\Tomik\Desktop
Loaded Profiles: Tomik (Available Profiles: Tomik)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\D-Link\GO-USB-N150\RtlService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\D-Link\GO-USB-N150\RtWlan.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Tomik\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254976 2015-07-23] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Tomik\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-09] (Valve Corporation)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {7833476c-f3eb-11e4-98c6-74d435b70c63} - F:\Setup.exe
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {969325a8-1682-11e6-b30b-74d435b70c63} - F:\iStudio.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{D5AA0375-A8D2-4E37-935C-B36FA5D4D025}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{ED0BAC4A-E373-4482-BE72-99D1E8180838}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05 ... O-38d663a4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05 ... O-38d663a4
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05 ... O-38d663a4
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> DefaultScope {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-03] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default [2016-12-21]
CHR Extension: (Google Slides) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-03]
CHR Extension: (Google Docs) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-03]
CHR Extension: (Google Drive) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (YouTube) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Google Sheets) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-03]
CHR Extension: (Google Docs Offline) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Yahoo Partner) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2016-11-07]
CHR Extension: (Gmail) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-09-16] (Advanced Micro Devices) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-04-28] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-06] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-06] (Electronic Arts)
R2 RtlService; C:\Program Files (x86)\D-Link\GO-USB-N150\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-07-23] (Razer Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-16] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-06] (Disc Soft Ltd)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2012-12-05] (Realtek Semiconductor Corporation )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-05-20] (SlimWare Utilities, Inc.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R1 {410984fa-ad89-4879-903e-b0c424552782}Gw64; C:\Windows\System32\drivers\{410984fa-ad89-4879-903e-b0c424552782}Gw64.sys [48736 2016-04-03] (StdLib)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 APXACC; system32\DRIVERS\appexDrv.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-21 16:50 - 2016-12-21 16:50 - 00016488 _____ C:\Users\Tomik\Desktop\FRST.txt
2016-12-21 16:49 - 2016-12-21 16:50 - 00000000 ____D C:\FRST
2016-12-21 16:48 - 2016-12-21 16:45 - 02420224 _____ (Farbar) C:\Users\Tomik\Desktop\FRST64.exe
2016-12-21 16:47 - 2016-12-21 16:47 - 00112640 _____ (forum.viry.cz) C:\Users\Tomik\Desktop\FRSTLauncher.exe
2016-12-21 16:45 - 2016-12-21 16:45 - 02420224 _____ (Farbar) C:\Users\Tomik\Downloads\FRST64.exe
2016-12-20 14:22 - 2016-12-20 14:22 - 00000355 _____ C:\Users\Tomik\Downloads\Favorites - Shortcut.lnk
2016-12-18 19:17 - 2016-12-18 20:40 - 1471444292 _____ C:\Users\Tomik\Downloads\The.BFG.2016.HDRip.XviD.AC3-EVO.avi
2016-12-18 18:56 - 2016-12-18 18:56 - 00000000 ____D C:\Windows\pss
2016-12-18 18:50 - 2016-12-18 18:51 - 08805960 _____ (Piriform Ltd) C:\Users\Tomik\Downloads\ccsetup525pro.exe
2016-12-18 12:12 - 2016-12-18 14:16 - 2189549546 _____ C:\Users\Tomik\Downloads\War-Dogs-CZ.avi
2016-12-18 12:04 - 2016-12-18 12:12 - 133901713 _____ C:\Users\Tomik\Downloads\TBBT-S10E11---The-Birthday-Synchronicity-(cs-titulky).mkv
2016-12-12 20:47 - 2016-12-12 20:47 - 00000000 ____D C:\Users\Tomik\AppData\Local\Chromium
2016-12-12 14:38 - 2016-12-12 15:11 - 596065169 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E08.HDTV.x264.CZtit.mkv
2016-12-10 17:32 - 2016-12-10 17:32 - 00013429 _____ C:\Users\Tomik\Downloads\Snowden.2016.720p.BluRay.x264-NeZu.torrent
2016-12-10 16:58 - 2016-12-10 18:11 - 1322332160 _____ C:\Users\Tomik\Downloads\Sebevražedný-oddíl-Suicide-Squad--CZ-dabing.avi
2016-12-08 17:24 - 2016-12-08 17:42 - 319921644 _____ C:\Users\Tomik\Downloads\The-Flash-S03E09.CZ.tit.mp4
2016-12-06 18:43 - 2016-12-06 18:43 - 00044039 _____ C:\Users\Tomik\Downloads\Westworld.S01E10.WEBRip.x264-FUM[ettv].srt
2016-12-06 14:54 - 2016-12-06 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-12-06 14:52 - 2016-12-06 14:54 - 00000000 ____D C:\Users\Tomik\AppData\Local\Origin
2016-12-06 14:52 - 2016-12-06 14:52 - 55364064 _____ (Electronic Arts) C:\Users\Tomik\Downloads\OriginThinSetup.exe
2016-12-06 14:51 - 2016-12-06 14:51 - 00002946 _____ C:\Windows\System32\Tasks\{2721A855-1C35-44CA-A016-0ACB38DA1B65}
2016-12-06 14:33 - 2016-12-06 14:33 - 00002946 _____ C:\Windows\System32\Tasks\{D8D73DF2-9853-4467-BF61-CC456B086ED0}
2016-12-06 14:24 - 2016-12-06 14:25 - 00000028 _____ C:\Users\Tomik\Desktop\New Text Document.txt
2016-12-05 15:45 - 2016-12-05 16:22 - 673505678 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E07.HDTV.x264-FUM[ettv].mp4
2016-12-05 13:02 - 2016-12-05 13:29 - 482256446 _____ C:\Users\Tomik\Downloads\Westworld.S01E10.The.Bicameral.Mind.720p.WEBRip.2CH.x265.HEVC-PSA.mp4
2016-12-03 19:20 - 2016-12-03 19:42 - 394017290 _____ C:\Users\Tomik\Downloads\The-Flash-S03E08-Invasion--české--titulky-novinka.avi
2016-12-02 18:45 - 2016-12-02 18:59 - 252822068 _____ C:\Users\Tomik\Downloads\The.Big.Bang.Theory.S10E10.720p.HDTV.X264-DIMENSION-CZ-titulky.avi
2016-12-02 17:20 - 2016-12-02 17:42 - 385986175 _____ C:\Users\Tomik\Downloads\The-Flash-S03E07---&-Arrow-TitCz.mp4
2016-12-02 14:38 - 2016-12-02 14:56 - 328459567 _____ C:\Users\Tomik\Downloads\The-Flash--S03E06-české-titulky-novinka.mp4
2016-11-30 15:09 - 2016-11-30 15:09 - 00034757 _____ C:\Users\Tomik\Downloads\Westworld.S01E09.WEBRip.x264-FUM[ettv].srt
2016-11-30 14:36 - 2016-11-30 14:55 - 349603545 _____ C:\Users\Tomik\Downloads\Westworld.S01E09.WEBRip.x264-FUM[ettv].mp4
2016-11-28 16:34 - 2016-11-28 16:55 - 366944256 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E06.cz-tit.avi
2016-11-28 11:06 - 2016-11-28 11:39 - 287507129 _____ C:\Users\Tomik\Downloads\Black.Mirror.S03E02.WebRip.x264-FS.mp4
2016-11-22 18:43 - 2016-11-22 19:22 - 707898614 _____ C:\Users\Tomik\Downloads\TheGrandTour--S01E01-cztit.mp4
2016-11-21 17:38 - 2016-11-21 18:01 - 413679218 _____ C:\Users\Tomik\Downloads\Westworld-S01E08-HDTVx264-CZtit.mp4
2016-11-21 17:37 - 2016-11-21 17:37 - 00014453 _____ C:\Users\Tomik\Downloads\[CzT]The_Flash_S03E05_Monster_TvRip_720p_.torrent
2016-11-21 16:01 - 2016-11-21 16:42 - 741712508 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E05---CZ-titulky-by-HanzeST.avi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-21 16:46 - 2016-01-02 12:01 - 00000000 ____D C:\Users\Tomik\AppData\Roaming\Skype
2016-12-21 16:33 - 2015-06-30 11:09 - 00000000 ____D C:\Users\Tomik\AppData\Local\Battle.net
2016-12-21 16:02 - 2014-10-30 10:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-21 15:47 - 2015-06-30 11:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-21 14:32 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-21 14:32 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-12-21 14:30 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-21 14:30 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-21 14:25 - 2016-09-16 12:16 - 00007603 _____ C:\Users\Tomik\AppData\Local\Resmon.ResmonCfg
2016-12-21 14:25 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-21 14:24 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-21 14:15 - 2015-02-13 23:24 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-21 14:12 - 2016-09-17 15:19 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-12-21 14:11 - 2015-06-30 11:22 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-12-21 13:58 - 2015-02-13 23:56 - 00000000 ____D C:\Users\Tomik\AppData\Local\PokerStars.UK
2016-12-20 22:12 - 2014-10-30 14:49 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-12-20 15:18 - 2016-11-07 10:37 - 00000000 ____D C:\Users\Tomik\AppData\Roaming\Origin
2016-12-20 14:53 - 2016-11-07 10:35 - 00000000 ____D C:\ProgramData\Origin
2016-12-20 14:21 - 2016-03-17 23:09 - 00000000 ____D C:\Users\Tomik\AppData\Local\UnrealEngine
2016-12-18 19:01 - 2009-07-14 03:20 - 00000000 ____D C:\PerfLogs
2016-12-18 18:52 - 2015-08-31 18:29 - 00000000 ____D C:\Users\Tomik\AppData\Roaming\uTorrent
2016-12-18 18:51 - 2016-09-14 20:38 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-18 18:51 - 2016-09-14 20:38 - 00000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2016-12-18 18:51 - 2016-09-14 20:38 - 00000000 ____D C:\Program Files\CCleaner
2016-12-16 20:00 - 2015-02-16 12:59 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 20:00 - 2015-02-16 12:59 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 20:59 - 2016-11-07 12:51 - 00001170 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2016-12-15 20:59 - 2016-11-07 12:51 - 00001170 _____ C:\ProgramData\Desktop\Battlefield 1.lnk
2016-12-14 21:01 - 2015-02-16 13:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 21:01 - 2015-02-16 13:01 - 00002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2016-12-13 19:02 - 2014-10-30 10:59 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 19:02 - 2014-10-30 10:59 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 19:02 - 2014-10-30 10:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 19:02 - 2014-10-30 10:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 19:02 - 2014-10-30 10:59 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-12 20:48 - 2015-02-20 01:54 - 00000000 ____D C:\Users\Tomik\AppData\Local\Steam
2016-12-10 17:40 - 2015-08-31 18:31 - 00000000 ____D C:\Movies
2016-12-06 21:38 - 2016-01-02 12:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-06 21:38 - 2016-01-02 12:01 - 00000000 ____D C:\ProgramData\Skype
2016-12-06 14:54 - 2016-11-07 10:34 - 00000000 ____D C:\Program Files (x86)\Origin
2016-12-06 14:52 - 2016-11-07 10:35 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-12-01 15:53 - 2016-11-07 13:07 - 00000000 ____D C:\Users\Tomik\Documents\Battlefield 1
2016-11-30 14:06 - 2016-07-28 20:00 - 00000000 ____D C:\Program Files (x86)\Hearthstone
==================== Files in the root of some directories =======
2015-11-06 16:12 - 2015-11-09 18:05 - 2128896 _____ () C:\Users\Tomik\AppData\Local\file__0.localstorage
2016-09-16 12:16 - 2016-12-21 14:25 - 0007603 _____ () C:\Users\Tomik\AppData\Local\Resmon.ResmonCfg
2016-01-29 19:38 - 2016-01-29 19:38 - 73090024 _____ () C:\Users\Tomik\AppData\Local\TempFullTiltPokerEuSetup.exe
2015-08-30 12:04 - 2015-08-30 12:11 - 0000112 _____ () C:\ProgramData\BeA2q4f8e.dat
2015-08-30 12:15 - 2015-08-30 12:15 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Files to move or delete:
====================
C:\ProgramData\BeA2q4f8e.dat
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-07 16:28
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:927.51 GB) (Free:233.72 GB) NTFS
Available physical RAM: 5812.98 MB
Total physical RAM: 8134.04 MB
Percentage of memory in use: 28%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AA19934E)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=927.5 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Tomik\Desktop" je 566 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSKAppManager
"C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency
C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Tomik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: kontrola logu
asi to bude velke fiasko. comp je hodne v erroru... chtel jsem vyzkouset vasi pomoc nez preinstaluju cely system
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
# AdwCleaner v6.041 - Logfile created 21/12/2016 at 17:23:51
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-21.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Tomik - TOMIK-PC
# Running from : C:\Users\Tomik\Desktop\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
[-] Service deleted: swdumon
***** [ Folders ] *****
[-] Folder deleted: C:\ProgramData\Uinllout
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Uinllout
[-] Folder deleted: C:\Users\Tomik\AppData\Local\DesktopSearch
[-] Folder deleted: C:\Users\Tomik\AppData\Local\globalUpdate
[-] Folder deleted: C:\Users\Tomik\AppData\Local\SmartWeb
[-] Folder deleted: C:\Users\Tomik\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Tomik\AppData\Roaming\RHEng
[-] Folder deleted: C:\Users\Tomik\AppData\Roaming\WeatherTool
[-] Folder deleted: C:\Users\Tomik\AppData\Roaming\FileOpenerWindows
[-] Folder deleted: C:\Program Files\SpaceSoundPro
[-] Folder deleted: C:\IQIYI Video
[-] Folder deleted: C:\ProgramData\GPCWValidator
[#] Folder deleted on reboot: C:\ProgramData\Application Data\GPCWValidator
[-] Folder deleted: C:\Users\Public\Documents\Guid
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files (x86)\globalUpdate
[-] Folder deleted: C:\Program Files (x86)\OneSystemCare
[-] Folder deleted: C:\Program Files (x86)\PepperZip
[-] Folder deleted: C:\Program Files (x86)\SFK
[-] Folder deleted: C:\Program Files (x86)\SpaceSondPro
[-] Folder deleted: C:\Program Files (x86)\WeatherTool
[-] Folder deleted: C:\Program Files (x86)\YTDownloader
[-] Folder deleted: C:\Windows\SysWOW64\First Verify
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
***** [ Files ] *****
[-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys
[-] File deleted: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[#] File deleted: C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: Uinllout
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\pc-mechanic
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key deleted: HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\ICSW1.19
[-] Key deleted: HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\csastats
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\ICSW1.19
[#] Key deleted on reboot: HKCU\Software\csastats
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.19
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[-] Key deleted: [x64] HKLM\SOFTWARE\WebBar
[-] Key deleted: [x64] HKLM\SOFTWARE\GPCWValidatorService
[-] Key deleted: [x64] HKLM\SOFTWARE\ussc-pr
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [wb.exe]
[#] Value deleted on reboot: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [wb.exe]
[-] Value deleted: HKLM\SOFTWARE\Classes\Unknown\shell\openas\command [windowsfileopener.Dat]
[-] Value deleted: HKLM\SOFTWARE\Classes\Unknown\shell\opendlg\command [windowsfileopener.Dat]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
***** [ Web browsers ] *****
[-] [C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: cassiopesa.com
[-] [C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www-searching.com_
[-] [C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www-searching.com
[-] [C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: npdicihegicnhaangkdmcgbjceoemeoo
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5210 Bytes] - [21/12/2016 17:23:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [5005 Bytes] - [21/12/2016 17:23:06]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5356 Bytes] ##########
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-21.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Tomik - TOMIK-PC
# Running from : C:\Users\Tomik\Desktop\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
[-] Service deleted: swdumon
***** [ Folders ] *****
[-] Folder deleted: C:\ProgramData\Uinllout
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Uinllout
[-] Folder deleted: C:\Users\Tomik\AppData\Local\DesktopSearch
[-] Folder deleted: C:\Users\Tomik\AppData\Local\globalUpdate
[-] Folder deleted: C:\Users\Tomik\AppData\Local\SmartWeb
[-] Folder deleted: C:\Users\Tomik\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Tomik\AppData\Roaming\RHEng
[-] Folder deleted: C:\Users\Tomik\AppData\Roaming\WeatherTool
[-] Folder deleted: C:\Users\Tomik\AppData\Roaming\FileOpenerWindows
[-] Folder deleted: C:\Program Files\SpaceSoundPro
[-] Folder deleted: C:\IQIYI Video
[-] Folder deleted: C:\ProgramData\GPCWValidator
[#] Folder deleted on reboot: C:\ProgramData\Application Data\GPCWValidator
[-] Folder deleted: C:\Users\Public\Documents\Guid
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files (x86)\globalUpdate
[-] Folder deleted: C:\Program Files (x86)\OneSystemCare
[-] Folder deleted: C:\Program Files (x86)\PepperZip
[-] Folder deleted: C:\Program Files (x86)\SFK
[-] Folder deleted: C:\Program Files (x86)\SpaceSondPro
[-] Folder deleted: C:\Program Files (x86)\WeatherTool
[-] Folder deleted: C:\Program Files (x86)\YTDownloader
[-] Folder deleted: C:\Windows\SysWOW64\First Verify
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
***** [ Files ] *****
[-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys
[-] File deleted: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[#] File deleted: C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: Uinllout
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\pc-mechanic
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key deleted: HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\ICSW1.19
[-] Key deleted: HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\csastats
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\ICSW1.19
[#] Key deleted on reboot: HKCU\Software\csastats
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.19
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[-] Key deleted: [x64] HKLM\SOFTWARE\WebBar
[-] Key deleted: [x64] HKLM\SOFTWARE\GPCWValidatorService
[-] Key deleted: [x64] HKLM\SOFTWARE\ussc-pr
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [wb.exe]
[#] Value deleted on reboot: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [wb.exe]
[-] Value deleted: HKLM\SOFTWARE\Classes\Unknown\shell\openas\command [windowsfileopener.Dat]
[-] Value deleted: HKLM\SOFTWARE\Classes\Unknown\shell\opendlg\command [windowsfileopener.Dat]
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
***** [ Web browsers ] *****
[-] [C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: cassiopesa.com
[-] [C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www-searching.com_
[-] [C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www-searching.com
[-] [C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: npdicihegicnhaangkdmcgbjceoemeoo
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5210 Bytes] - [21/12/2016 17:23:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [5005 Bytes] - [21/12/2016 17:23:06]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5356 Bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by Tomik (administrator) on TOMIK-PC (21-12-2016 19:03:16)
Running from C:\Users\Tomik\Desktop
Loaded Profiles: Tomik (Available Profiles: Tomik)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\D-Link\GO-USB-N150\RtlService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\D-Link\GO-USB-N150\RtWlan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Tomik\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254976 2015-07-23] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Tomik\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {7833476c-f3eb-11e4-98c6-74d435b70c63} - F:\Setup.exe
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {969325a8-1682-11e6-b30b-74d435b70c63} - F:\iStudio.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{D5AA0375-A8D2-4E37-935C-B36FA5D4D025}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{ED0BAC4A-E373-4482-BE72-99D1E8180838}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05 ... O-38d663a4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05 ... O-38d663a4
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05 ... O-38d663a4
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> DefaultScope {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-03] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default [2016-12-21]
CHR Extension: (Google Slides) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-03]
CHR Extension: (Google Docs) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-03]
CHR Extension: (Google Drive) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (YouTube) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Google Sheets) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-03]
CHR Extension: (Google Docs Offline) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-09-16] (Advanced Micro Devices) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-04-28] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-06] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-06] (Electronic Arts)
R2 RtlService; C:\Program Files (x86)\D-Link\GO-USB-N150\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-07-23] (Razer Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-16] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-06] (Disc Soft Ltd)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2012-12-05] (Realtek Semiconductor Corporation )
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R1 {410984fa-ad89-4879-903e-b0c424552782}Gw64; C:\Windows\System32\drivers\{410984fa-ad89-4879-903e-b0c424552782}Gw64.sys [48736 2016-04-03] (StdLib)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 APXACC; system32\DRIVERS\appexDrv.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-21 17:22 - 2016-12-21 17:23 - 00000000 ____D C:\AdwCleaner
2016-12-21 17:20 - 2016-12-21 17:20 - 03977168 _____ C:\Users\Tomik\Desktop\adwcleaner_6.041.exe
2016-12-21 16:50 - 2016-12-21 19:04 - 00016330 _____ C:\Users\Tomik\Desktop\FRST.txt
2016-12-21 16:49 - 2016-12-21 19:03 - 00000000 ____D C:\FRST
2016-12-21 16:48 - 2016-12-21 16:45 - 02420224 _____ (Farbar) C:\Users\Tomik\Desktop\FRST64.exe
2016-12-21 16:47 - 2016-12-21 16:47 - 00112640 _____ (forum.viry.cz) C:\Users\Tomik\Desktop\FRSTLauncher.exe
2016-12-21 16:45 - 2016-12-21 16:45 - 02420224 _____ (Farbar) C:\Users\Tomik\Downloads\FRST64.exe
2016-12-20 14:22 - 2016-12-20 14:22 - 00000355 _____ C:\Users\Tomik\Downloads\Favorites - Shortcut.lnk
2016-12-18 19:17 - 2016-12-18 20:40 - 1471444292 _____ C:\Users\Tomik\Downloads\The.BFG.2016.HDRip.XviD.AC3-EVO.avi
2016-12-18 18:56 - 2016-12-18 18:56 - 00000000 ____D C:\Windows\pss
2016-12-18 18:50 - 2016-12-18 18:51 - 08805960 _____ (Piriform Ltd) C:\Users\Tomik\Downloads\ccsetup525pro.exe
2016-12-18 12:12 - 2016-12-18 14:16 - 2189549546 _____ C:\Users\Tomik\Downloads\War-Dogs-CZ.avi
2016-12-18 12:04 - 2016-12-18 12:12 - 133901713 _____ C:\Users\Tomik\Downloads\TBBT-S10E11---The-Birthday-Synchronicity-(cs-titulky).mkv
2016-12-12 20:47 - 2016-12-12 20:47 - 00000000 ____D C:\Users\Tomik\AppData\Local\Chromium
2016-12-12 14:38 - 2016-12-12 15:11 - 596065169 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E08.HDTV.x264.CZtit.mkv
2016-12-10 17:32 - 2016-12-10 17:32 - 00013429 _____ C:\Users\Tomik\Downloads\Snowden.2016.720p.BluRay.x264-NeZu.torrent
2016-12-10 16:58 - 2016-12-10 18:11 - 1322332160 _____ C:\Users\Tomik\Downloads\Sebevražedný-oddíl-Suicide-Squad--CZ-dabing.avi
2016-12-08 17:24 - 2016-12-08 17:42 - 319921644 _____ C:\Users\Tomik\Downloads\The-Flash-S03E09.CZ.tit.mp4
2016-12-06 18:43 - 2016-12-06 18:43 - 00044039 _____ C:\Users\Tomik\Downloads\Westworld.S01E10.WEBRip.x264-FUM[ettv].srt
2016-12-06 14:54 - 2016-12-06 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-12-06 14:52 - 2016-12-06 14:54 - 00000000 ____D C:\Users\Tomik\AppData\Local\Origin
2016-12-06 14:52 - 2016-12-06 14:52 - 55364064 _____ (Electronic Arts) C:\Users\Tomik\Downloads\OriginThinSetup.exe
2016-12-06 14:51 - 2016-12-06 14:51 - 00002946 _____ C:\Windows\System32\Tasks\{2721A855-1C35-44CA-A016-0ACB38DA1B65}
2016-12-06 14:33 - 2016-12-06 14:33 - 00002946 _____ C:\Windows\System32\Tasks\{D8D73DF2-9853-4467-BF61-CC456B086ED0}
2016-12-06 14:24 - 2016-12-06 14:25 - 00000028 _____ C:\Users\Tomik\Desktop\New Text Document.txt
2016-12-05 15:45 - 2016-12-05 16:22 - 673505678 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E07.HDTV.x264-FUM[ettv].mp4
2016-12-05 13:02 - 2016-12-05 13:29 - 482256446 _____ C:\Users\Tomik\Downloads\Westworld.S01E10.The.Bicameral.Mind.720p.WEBRip.2CH.x265.HEVC-PSA.mp4
2016-12-03 19:20 - 2016-12-03 19:42 - 394017290 _____ C:\Users\Tomik\Downloads\The-Flash-S03E08-Invasion--české--titulky-novinka.avi
2016-12-02 18:45 - 2016-12-02 18:59 - 252822068 _____ C:\Users\Tomik\Downloads\The.Big.Bang.Theory.S10E10.720p.HDTV.X264-DIMENSION-CZ-titulky.avi
2016-12-02 17:20 - 2016-12-02 17:42 - 385986175 _____ C:\Users\Tomik\Downloads\The-Flash-S03E07---&-Arrow-TitCz.mp4
2016-12-02 14:38 - 2016-12-02 14:56 - 328459567 _____ C:\Users\Tomik\Downloads\The-Flash--S03E06-české-titulky-novinka.mp4
2016-11-30 15:09 - 2016-11-30 15:09 - 00034757 _____ C:\Users\Tomik\Downloads\Westworld.S01E09.WEBRip.x264-FUM[ettv].srt
2016-11-30 14:36 - 2016-11-30 14:55 - 349603545 _____ C:\Users\Tomik\Downloads\Westworld.S01E09.WEBRip.x264-FUM[ettv].mp4
2016-11-28 16:34 - 2016-11-28 16:55 - 366944256 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E06.cz-tit.avi
2016-11-28 11:06 - 2016-11-28 11:39 - 287507129 _____ C:\Users\Tomik\Downloads\Black.Mirror.S03E02.WebRip.x264-FS.mp4
2016-11-22 18:43 - 2016-11-22 19:22 - 707898614 _____ C:\Users\Tomik\Downloads\TheGrandTour--S01E01-cztit.mp4
2016-11-21 17:38 - 2016-11-21 18:01 - 413679218 _____ C:\Users\Tomik\Downloads\Westworld-S01E08-HDTVx264-CZtit.mp4
2016-11-21 17:37 - 2016-11-21 17:37 - 00014453 _____ C:\Users\Tomik\Downloads\[CzT]The_Flash_S03E05_Monster_TvRip_720p_.torrent
2016-11-21 16:01 - 2016-11-21 16:42 - 741712508 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E05---CZ-titulky-by-HanzeST.avi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-21 19:02 - 2016-01-02 12:01 - 00000000 ____D C:\Users\Tomik\AppData\Roaming\Skype
2016-12-21 19:02 - 2014-10-30 10:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-21 19:01 - 2015-06-30 11:09 - 00000000 ____D C:\Users\Tomik\AppData\Local\Battle.net
2016-12-21 18:24 - 2015-02-13 23:56 - 00000000 ____D C:\Users\Tomik\AppData\Local\PokerStars.UK
2016-12-21 18:14 - 2015-06-30 11:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-21 17:33 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-21 17:33 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-21 17:31 - 2015-02-13 23:24 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-21 17:31 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-21 17:31 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-12-21 17:25 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-21 17:24 - 2014-10-30 14:49 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-12-21 14:25 - 2016-09-16 12:16 - 00007603 _____ C:\Users\Tomik\AppData\Local\Resmon.ResmonCfg
2016-12-21 14:24 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-21 14:12 - 2016-09-17 15:19 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-12-21 14:11 - 2015-06-30 11:22 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-12-20 15:18 - 2016-11-07 10:37 - 00000000 ____D C:\Users\Tomik\AppData\Roaming\Origin
2016-12-20 14:53 - 2016-11-07 10:35 - 00000000 ____D C:\ProgramData\Origin
2016-12-20 14:21 - 2016-03-17 23:09 - 00000000 ____D C:\Users\Tomik\AppData\Local\UnrealEngine
2016-12-18 19:01 - 2009-07-14 03:20 - 00000000 ____D C:\PerfLogs
2016-12-18 18:52 - 2015-08-31 18:29 - 00000000 ____D C:\Users\Tomik\AppData\Roaming\uTorrent
2016-12-18 18:51 - 2016-09-14 20:38 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-18 18:51 - 2016-09-14 20:38 - 00000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2016-12-18 18:51 - 2016-09-14 20:38 - 00000000 ____D C:\Program Files\CCleaner
2016-12-16 20:00 - 2015-02-16 12:59 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 20:00 - 2015-02-16 12:59 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 20:59 - 2016-11-07 12:51 - 00001170 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2016-12-15 20:59 - 2016-11-07 12:51 - 00001170 _____ C:\ProgramData\Desktop\Battlefield 1.lnk
2016-12-14 21:01 - 2015-02-16 13:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 21:01 - 2015-02-16 13:01 - 00002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2016-12-13 19:02 - 2014-10-30 10:59 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 19:02 - 2014-10-30 10:59 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 19:02 - 2014-10-30 10:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 19:02 - 2014-10-30 10:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 19:02 - 2014-10-30 10:59 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-12 20:48 - 2015-02-20 01:54 - 00000000 ____D C:\Users\Tomik\AppData\Local\Steam
2016-12-10 17:40 - 2015-08-31 18:31 - 00000000 ____D C:\Movies
2016-12-06 21:38 - 2016-01-02 12:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-06 21:38 - 2016-01-02 12:01 - 00000000 ____D C:\ProgramData\Skype
2016-12-06 14:54 - 2016-11-07 10:34 - 00000000 ____D C:\Program Files (x86)\Origin
2016-12-06 14:52 - 2016-11-07 10:35 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-12-01 15:53 - 2016-11-07 13:07 - 00000000 ____D C:\Users\Tomik\Documents\Battlefield 1
2016-11-30 14:06 - 2016-07-28 20:00 - 00000000 ____D C:\Program Files (x86)\Hearthstone
==================== Files in the root of some directories =======
2015-11-06 16:12 - 2015-11-09 18:05 - 2128896 _____ () C:\Users\Tomik\AppData\Local\file__0.localstorage
2016-09-16 12:16 - 2016-12-21 14:25 - 0007603 _____ () C:\Users\Tomik\AppData\Local\Resmon.ResmonCfg
2016-01-29 19:38 - 2016-01-29 19:38 - 73090024 _____ () C:\Users\Tomik\AppData\Local\TempFullTiltPokerEuSetup.exe
2015-08-30 12:04 - 2015-08-30 12:11 - 0000112 _____ () C:\ProgramData\BeA2q4f8e.dat
Files to move or delete:
====================
C:\ProgramData\BeA2q4f8e.dat
Some files in TEMP:
====================
C:\Users\Tomik\AppData\Local\Temp\libeay32.dll
C:\Users\Tomik\AppData\Local\Temp\msvcr120.dll
C:\Users\Tomik\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-07 16:28
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:927.51 GB) (Free:233.81 GB) NTFS
Available physical RAM: 5338.27 MB
Total physical RAM: 8134.04 MB
Percentage of memory in use: 34%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AA19934E)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=927.5 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Tomik\Desktop" je 570 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSKAppManager
"C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency
C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Tomik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
Ran by Tomik (administrator) on TOMIK-PC (21-12-2016 19:03:16)
Running from C:\Users\Tomik\Desktop
Loaded Profiles: Tomik (Available Profiles: Tomik)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\D-Link\GO-USB-N150\RtlService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\D-Link\GO-USB-N150\RtWlan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Tomik\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254976 2015-07-23] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Tomik\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {7833476c-f3eb-11e4-98c6-74d435b70c63} - F:\Setup.exe
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {969325a8-1682-11e6-b30b-74d435b70c63} - F:\iStudio.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{D5AA0375-A8D2-4E37-935C-B36FA5D4D025}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{ED0BAC4A-E373-4482-BE72-99D1E8180838}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05 ... O-38d663a4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05 ... O-38d663a4
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05 ... O-38d663a4
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> DefaultScope {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-03] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-17] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default [2016-12-21]
CHR Extension: (Google Slides) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-03]
CHR Extension: (Google Docs) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-03]
CHR Extension: (Google Drive) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-03]
CHR Extension: (YouTube) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-03]
CHR Extension: (Google Sheets) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-03]
CHR Extension: (Google Docs Offline) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Tomik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-09-16] (Advanced Micro Devices) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-04-28] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-06] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-06] (Electronic Arts)
R2 RtlService; C:\Program Files (x86)\D-Link\GO-USB-N150\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-07-23] (Razer Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-16] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-06] (Disc Soft Ltd)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2012-12-05] (Realtek Semiconductor Corporation )
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R1 {410984fa-ad89-4879-903e-b0c424552782}Gw64; C:\Windows\System32\drivers\{410984fa-ad89-4879-903e-b0c424552782}Gw64.sys [48736 2016-04-03] (StdLib)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 APXACC; system32\DRIVERS\appexDrv.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-21 17:22 - 2016-12-21 17:23 - 00000000 ____D C:\AdwCleaner
2016-12-21 17:20 - 2016-12-21 17:20 - 03977168 _____ C:\Users\Tomik\Desktop\adwcleaner_6.041.exe
2016-12-21 16:50 - 2016-12-21 19:04 - 00016330 _____ C:\Users\Tomik\Desktop\FRST.txt
2016-12-21 16:49 - 2016-12-21 19:03 - 00000000 ____D C:\FRST
2016-12-21 16:48 - 2016-12-21 16:45 - 02420224 _____ (Farbar) C:\Users\Tomik\Desktop\FRST64.exe
2016-12-21 16:47 - 2016-12-21 16:47 - 00112640 _____ (forum.viry.cz) C:\Users\Tomik\Desktop\FRSTLauncher.exe
2016-12-21 16:45 - 2016-12-21 16:45 - 02420224 _____ (Farbar) C:\Users\Tomik\Downloads\FRST64.exe
2016-12-20 14:22 - 2016-12-20 14:22 - 00000355 _____ C:\Users\Tomik\Downloads\Favorites - Shortcut.lnk
2016-12-18 19:17 - 2016-12-18 20:40 - 1471444292 _____ C:\Users\Tomik\Downloads\The.BFG.2016.HDRip.XviD.AC3-EVO.avi
2016-12-18 18:56 - 2016-12-18 18:56 - 00000000 ____D C:\Windows\pss
2016-12-18 18:50 - 2016-12-18 18:51 - 08805960 _____ (Piriform Ltd) C:\Users\Tomik\Downloads\ccsetup525pro.exe
2016-12-18 12:12 - 2016-12-18 14:16 - 2189549546 _____ C:\Users\Tomik\Downloads\War-Dogs-CZ.avi
2016-12-18 12:04 - 2016-12-18 12:12 - 133901713 _____ C:\Users\Tomik\Downloads\TBBT-S10E11---The-Birthday-Synchronicity-(cs-titulky).mkv
2016-12-12 20:47 - 2016-12-12 20:47 - 00000000 ____D C:\Users\Tomik\AppData\Local\Chromium
2016-12-12 14:38 - 2016-12-12 15:11 - 596065169 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E08.HDTV.x264.CZtit.mkv
2016-12-10 17:32 - 2016-12-10 17:32 - 00013429 _____ C:\Users\Tomik\Downloads\Snowden.2016.720p.BluRay.x264-NeZu.torrent
2016-12-10 16:58 - 2016-12-10 18:11 - 1322332160 _____ C:\Users\Tomik\Downloads\Sebevražedný-oddíl-Suicide-Squad--CZ-dabing.avi
2016-12-08 17:24 - 2016-12-08 17:42 - 319921644 _____ C:\Users\Tomik\Downloads\The-Flash-S03E09.CZ.tit.mp4
2016-12-06 18:43 - 2016-12-06 18:43 - 00044039 _____ C:\Users\Tomik\Downloads\Westworld.S01E10.WEBRip.x264-FUM[ettv].srt
2016-12-06 14:54 - 2016-12-06 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-12-06 14:52 - 2016-12-06 14:54 - 00000000 ____D C:\Users\Tomik\AppData\Local\Origin
2016-12-06 14:52 - 2016-12-06 14:52 - 55364064 _____ (Electronic Arts) C:\Users\Tomik\Downloads\OriginThinSetup.exe
2016-12-06 14:51 - 2016-12-06 14:51 - 00002946 _____ C:\Windows\System32\Tasks\{2721A855-1C35-44CA-A016-0ACB38DA1B65}
2016-12-06 14:33 - 2016-12-06 14:33 - 00002946 _____ C:\Windows\System32\Tasks\{D8D73DF2-9853-4467-BF61-CC456B086ED0}
2016-12-06 14:24 - 2016-12-06 14:25 - 00000028 _____ C:\Users\Tomik\Desktop\New Text Document.txt
2016-12-05 15:45 - 2016-12-05 16:22 - 673505678 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E07.HDTV.x264-FUM[ettv].mp4
2016-12-05 13:02 - 2016-12-05 13:29 - 482256446 _____ C:\Users\Tomik\Downloads\Westworld.S01E10.The.Bicameral.Mind.720p.WEBRip.2CH.x265.HEVC-PSA.mp4
2016-12-03 19:20 - 2016-12-03 19:42 - 394017290 _____ C:\Users\Tomik\Downloads\The-Flash-S03E08-Invasion--české--titulky-novinka.avi
2016-12-02 18:45 - 2016-12-02 18:59 - 252822068 _____ C:\Users\Tomik\Downloads\The.Big.Bang.Theory.S10E10.720p.HDTV.X264-DIMENSION-CZ-titulky.avi
2016-12-02 17:20 - 2016-12-02 17:42 - 385986175 _____ C:\Users\Tomik\Downloads\The-Flash-S03E07---&-Arrow-TitCz.mp4
2016-12-02 14:38 - 2016-12-02 14:56 - 328459567 _____ C:\Users\Tomik\Downloads\The-Flash--S03E06-české-titulky-novinka.mp4
2016-11-30 15:09 - 2016-11-30 15:09 - 00034757 _____ C:\Users\Tomik\Downloads\Westworld.S01E09.WEBRip.x264-FUM[ettv].srt
2016-11-30 14:36 - 2016-11-30 14:55 - 349603545 _____ C:\Users\Tomik\Downloads\Westworld.S01E09.WEBRip.x264-FUM[ettv].mp4
2016-11-28 16:34 - 2016-11-28 16:55 - 366944256 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E06.cz-tit.avi
2016-11-28 11:06 - 2016-11-28 11:39 - 287507129 _____ C:\Users\Tomik\Downloads\Black.Mirror.S03E02.WebRip.x264-FS.mp4
2016-11-22 18:43 - 2016-11-22 19:22 - 707898614 _____ C:\Users\Tomik\Downloads\TheGrandTour--S01E01-cztit.mp4
2016-11-21 17:38 - 2016-11-21 18:01 - 413679218 _____ C:\Users\Tomik\Downloads\Westworld-S01E08-HDTVx264-CZtit.mp4
2016-11-21 17:37 - 2016-11-21 17:37 - 00014453 _____ C:\Users\Tomik\Downloads\[CzT]The_Flash_S03E05_Monster_TvRip_720p_.torrent
2016-11-21 16:01 - 2016-11-21 16:42 - 741712508 _____ C:\Users\Tomik\Downloads\The.Walking.Dead.S07E05---CZ-titulky-by-HanzeST.avi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-21 19:02 - 2016-01-02 12:01 - 00000000 ____D C:\Users\Tomik\AppData\Roaming\Skype
2016-12-21 19:02 - 2014-10-30 10:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-21 19:01 - 2015-06-30 11:09 - 00000000 ____D C:\Users\Tomik\AppData\Local\Battle.net
2016-12-21 18:24 - 2015-02-13 23:56 - 00000000 ____D C:\Users\Tomik\AppData\Local\PokerStars.UK
2016-12-21 18:14 - 2015-06-30 11:09 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-21 17:33 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-21 17:33 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-21 17:31 - 2015-02-13 23:24 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-21 17:31 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-21 17:31 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-12-21 17:25 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-21 17:24 - 2014-10-30 14:49 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-12-21 14:25 - 2016-09-16 12:16 - 00007603 _____ C:\Users\Tomik\AppData\Local\Resmon.ResmonCfg
2016-12-21 14:24 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-21 14:12 - 2016-09-17 15:19 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-12-21 14:11 - 2015-06-30 11:22 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-12-20 15:18 - 2016-11-07 10:37 - 00000000 ____D C:\Users\Tomik\AppData\Roaming\Origin
2016-12-20 14:53 - 2016-11-07 10:35 - 00000000 ____D C:\ProgramData\Origin
2016-12-20 14:21 - 2016-03-17 23:09 - 00000000 ____D C:\Users\Tomik\AppData\Local\UnrealEngine
2016-12-18 19:01 - 2009-07-14 03:20 - 00000000 ____D C:\PerfLogs
2016-12-18 18:52 - 2015-08-31 18:29 - 00000000 ____D C:\Users\Tomik\AppData\Roaming\uTorrent
2016-12-18 18:51 - 2016-09-14 20:38 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-18 18:51 - 2016-09-14 20:38 - 00000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2016-12-18 18:51 - 2016-09-14 20:38 - 00000000 ____D C:\Program Files\CCleaner
2016-12-16 20:00 - 2015-02-16 12:59 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 20:00 - 2015-02-16 12:59 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 20:59 - 2016-11-07 12:51 - 00001170 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2016-12-15 20:59 - 2016-11-07 12:51 - 00001170 _____ C:\ProgramData\Desktop\Battlefield 1.lnk
2016-12-14 21:01 - 2015-02-16 13:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 21:01 - 2015-02-16 13:01 - 00002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2016-12-13 19:02 - 2014-10-30 10:59 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 19:02 - 2014-10-30 10:59 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 19:02 - 2014-10-30 10:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 19:02 - 2014-10-30 10:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 19:02 - 2014-10-30 10:59 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-12 20:48 - 2015-02-20 01:54 - 00000000 ____D C:\Users\Tomik\AppData\Local\Steam
2016-12-10 17:40 - 2015-08-31 18:31 - 00000000 ____D C:\Movies
2016-12-06 21:38 - 2016-01-02 12:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-06 21:38 - 2016-01-02 12:01 - 00000000 ____D C:\ProgramData\Skype
2016-12-06 14:54 - 2016-11-07 10:34 - 00000000 ____D C:\Program Files (x86)\Origin
2016-12-06 14:52 - 2016-11-07 10:35 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-12-01 15:53 - 2016-11-07 13:07 - 00000000 ____D C:\Users\Tomik\Documents\Battlefield 1
2016-11-30 14:06 - 2016-07-28 20:00 - 00000000 ____D C:\Program Files (x86)\Hearthstone
==================== Files in the root of some directories =======
2015-11-06 16:12 - 2015-11-09 18:05 - 2128896 _____ () C:\Users\Tomik\AppData\Local\file__0.localstorage
2016-09-16 12:16 - 2016-12-21 14:25 - 0007603 _____ () C:\Users\Tomik\AppData\Local\Resmon.ResmonCfg
2016-01-29 19:38 - 2016-01-29 19:38 - 73090024 _____ () C:\Users\Tomik\AppData\Local\TempFullTiltPokerEuSetup.exe
2015-08-30 12:04 - 2015-08-30 12:11 - 0000112 _____ () C:\ProgramData\BeA2q4f8e.dat
Files to move or delete:
====================
C:\ProgramData\BeA2q4f8e.dat
Some files in TEMP:
====================
C:\Users\Tomik\AppData\Local\Temp\libeay32.dll
C:\Users\Tomik\AppData\Local\Temp\msvcr120.dll
C:\Users\Tomik\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-07 16:28
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:927.51 GB) (Free:233.81 GB) NTFS
Available physical RAM: 5338.27 MB
Total physical RAM: 8134.04 MB
Percentage of memory in use: 34%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AA19934E)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=927.5 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Tomik\Desktop" je 570 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSKAppManager
"C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency
C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Tomik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk
C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Tomik\AppData\Local\Akamai\netsession_win.exe"
C:\Users\Tomik\AppData\Local\Akamai
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {7833476c-f3eb-11e4-98c6-74d435b70c63} - F:\Setup.exe
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {969325a8-1682-11e6-b30b-74d435b70c63} - F:\iStudio.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1& ... O-38d663a4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1& ... O-38d663a4
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1& ... O-38d663a4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> DefaultScope {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\ProgramData\BeA2q4f8e.dat
C:\Users\Tomik\AppData\Local\Temp
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Tomik (21-12-2016 19:48:05) Run:1
Running from C:\Users\Tomik\Desktop
Loaded Profiles: Tomik (Available Profiles: Tomik)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Tomik\AppData\Local\Akamai\netsession_win.exe"
C:\Users\Tomik\AppData\Local\Akamai
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {7833476c-f3eb-11e4-98c6-74d435b70c63} - F:\Setup.exe
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {969325a8-1682-11e6-b30b-74d435b70c63} - F:\iStudio.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1& ... O-38d663a4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1& ... O-38d663a4
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1& ... O-38d663a4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> DefaultScope {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\ProgramData\BeA2q4f8e.dat
C:\Users\Tomik\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
"C:\Users\Tomik\AppData\Local\Akamai" => not found.
"HKU\S-1-5-21-147754569-2467050187-394659022-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7833476c-f3eb-11e4-98c6-74d435b70c63}" => key removed successfully
HKCR\CLSID\{7833476c-f3eb-11e4-98c6-74d435b70c63} => key not found.
"HKU\S-1-5-21-147754569-2467050187-394659022-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{969325a8-1682-11e6-b30b-74d435b70c63}" => key removed successfully
HKCR\CLSID\{969325a8-1682-11e6-b30b-74d435b70c63} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D162AE0B-14AD-493F-8456-86FC6333EE52}" => key removed successfully
HKCR\CLSID\{D162AE0B-14AD-493F-8456-86FC6333EE52} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d4fee3d1-1014-4db8-a824-573bf9ab51c7}" => key removed successfully
HKCR\CLSID\{d4fee3d1-1014-4db8-a824-573bf9ab51c7} => key not found.
HKU\S-1-5-21-147754569-2467050187-394659022-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-147754569-2467050187-394659022-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D162AE0B-14AD-493F-8456-86FC6333EE52}" => key removed successfully
HKCR\CLSID\{D162AE0B-14AD-493F-8456-86FC6333EE52} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\ProgramData\BeA2q4f8e.dat => moved successfully
"C:\Users\Tomik\AppData\Local\Temp" folder move:
Could not move "C:\Users\Tomik\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17267450 B
Java, Flash, Steam htmlcache => 381485303 B
Windows/system/drivers => 3840 B
Edge => 0 B
Chrome => 427414418 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 19120 B
Tomik => 72577614 B
RecycleBin => 2744 B
EmptyTemp: => 857.2 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-12-2016 19:49:51)
C:\Users\Tomik\AppData\Local\Temp => moved successfully
==== End of Fixlog 19:49:52 ====
Ran by Tomik (21-12-2016 19:48:05) Run:1
Running from C:\Users\Tomik\Desktop
Loaded Profiles: Tomik (Available Profiles: Tomik)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Tomik\AppData\Local\Akamai\netsession_win.exe"
C:\Users\Tomik\AppData\Local\Akamai
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {7833476c-f3eb-11e4-98c6-74d435b70c63} - F:\Setup.exe
HKU\S-1-5-21-147754569-2467050187-394659022-1002\...\MountPoints2: {969325a8-1682-11e6-b30b-74d435b70c63} - F:\iStudio.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1& ... O-38d663a4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1& ... O-38d663a4
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1& ... O-38d663a4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> DefaultScope {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-147754569-2467050187-394659022-1002 -> {D162AE0B-14AD-493F-8456-86FC6333EE52} URL = hxxp://www.bing.com/search?FORM=INCOH2& ... 8d663a4&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\ProgramData\BeA2q4f8e.dat
C:\Users\Tomik\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
"C:\Users\Tomik\AppData\Local\Akamai" => not found.
"HKU\S-1-5-21-147754569-2467050187-394659022-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7833476c-f3eb-11e4-98c6-74d435b70c63}" => key removed successfully
HKCR\CLSID\{7833476c-f3eb-11e4-98c6-74d435b70c63} => key not found.
"HKU\S-1-5-21-147754569-2467050187-394659022-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{969325a8-1682-11e6-b30b-74d435b70c63}" => key removed successfully
HKCR\CLSID\{969325a8-1682-11e6-b30b-74d435b70c63} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-147754569-2467050187-394659022-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D162AE0B-14AD-493F-8456-86FC6333EE52}" => key removed successfully
HKCR\CLSID\{D162AE0B-14AD-493F-8456-86FC6333EE52} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d4fee3d1-1014-4db8-a824-573bf9ab51c7}" => key removed successfully
HKCR\CLSID\{d4fee3d1-1014-4db8-a824-573bf9ab51c7} => key not found.
HKU\S-1-5-21-147754569-2467050187-394659022-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-147754569-2467050187-394659022-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D162AE0B-14AD-493F-8456-86FC6333EE52}" => key removed successfully
HKCR\CLSID\{D162AE0B-14AD-493F-8456-86FC6333EE52} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\ProgramData\BeA2q4f8e.dat => moved successfully
"C:\Users\Tomik\AppData\Local\Temp" folder move:
Could not move "C:\Users\Tomik\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17267450 B
Java, Flash, Steam htmlcache => 381485303 B
Windows/system/drivers => 3840 B
Edge => 0 B
Chrome => 427414418 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 19120 B
Tomik => 72577614 B
RecycleBin => 2744 B
EmptyTemp: => 857.2 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-12-2016 19:49:51)
C:\Users\Tomik\AppData\Local\Temp => moved successfully
==== End of Fixlog 19:49:52 ====
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Smazáno. Změnilo se něco?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
nic moc se nezmenilo. jde o CPU Usage.. stale 100% kdyz hraji graficky narocnejsi hry. pred tydnem jsem s tim nemel problem.
myslite, ze se s tim da neco udelat?
myslite, ze se s tim da neco udelat?
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Na zkoušku vypněte aut. aktualizace.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
bez zmeny. zkusim rr PC
Re: kontrola logu
tak to vypada v poradku. mockrat dekuji a preji prijemne straveni Vanocnich svatku.
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Nějak nechápu. Změnilo se to po vypnutí aktualizací, nebo jiném zásahu?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
vypnuti aktualizace pomohlo, ale musel jsem jit restart PC
Přispějete na provoz fóra?