Zdravím,
chtěl bych poprosit o pomoc s odvirováním notebooku. Všechny fotky a kdoví co ještě má příponu .thor, už jsem koukal na nějaké rady a jen si chci upřesnit zda mám AdwCleaner spustit normálně z W7, nebo přes nouzový režim? Spustím Scan a Clean, následně sem vložím log.
Díky
F.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
.Thor
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: .Thor
Zdravím!
Nejprve ale dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Pokud budeme ADW spouštět je jedno, v jakém režimu ho spustíte. FRST ale musíte spustit v normálním.
Nejprve ale dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Pokud budeme ADW spouštět je jedno, v jakém režimu ho spustíte. FRST ale musíte spustit v normálním.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: .Thor
Omlouvám se, ale chvíli to trvalo. Přikládám logy FRST.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Lucik (administrator) on LUCIK (26-11-2016 13:25:20)
Running from C:\Users\Lucik\Desktop
Loaded Profiles: Lucik (Available Profiles: Lucik & as640)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Popajar, inc) C:\Users\Lucik\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\szninstall.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(C. Ghisler & Co.) C:\totalcmd\TOTALCMD.EXE
(forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1875048 2010-11-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [UpdateChecker] => C:\Users\Lucik\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe [7168 2014-01-16] (Popajar, inc)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818712 2016-10-12] (Google)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{575D9BD0-1B2D-44C4-ACE1-1AFCE2D565CA}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{E300DC5B-DBC0-4B94-A8C2-E2C23CC0EEBA}: [DhcpNameServer] 94.74.192.252 94.74.192.244
Internet Explorer:
==================
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {12DA348F-BAF5-4F55-8883-D113C5F1A241} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {2A9603D9-DA6C-4872-95C0-41C5F52BB5AF} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {48B5550F-C9D3-4D4E-9B9D-D4D6C5505076} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {73E416AD-34F4-42FB-AEFD-C09147BE00E2} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {81BFDFDA-4C37-4C4E-A56A-EE0E52B0A5D5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {92C3213F-2BAE-4B5F-AFD3-6C53D87DD3A4} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {A9D4A26E-E769-4BD9-B781-97417173F925} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {B5314C77-2842-42FA-BCC9-B51EDDA442F0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {BD272F60-7C8B-4AB9-B431-575B87129B56} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_27368
BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Prezentace Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-25]
CHR Extension: (Dokumenty Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]
CHR Extension: (Disk Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-15]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Vyhledávání Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Tabulky Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-25]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl [2015-11-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-11-15]
CHR Extension: (Gmail) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]
CHR HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Lucik\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [121368 2008-05-25] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 wxpSvc; D:\instal\WLITE-program kamera\webcamXP 5\wService.exe [5023744 2011-07-27] (Moonware Studios) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 13:25 - 2016-11-26 13:26 - 00015912 _____ C:\Users\Lucik\Desktop\FRST.txt
2016-11-26 13:24 - 2016-11-26 13:25 - 00000000 ____D C:\FRST
2016-11-26 13:23 - 2016-11-26 13:16 - 00112640 _____ (forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe
2016-11-26 13:23 - 2016-11-15 16:23 - 02411520 _____ (Farbar) C:\Users\Lucik\Desktop\FRST64.exe
2016-11-15 11:20 - 2016-11-15 11:20 - 232123713 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2566-9F4F31AE33E6.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 173489029 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3608-9D85BD30DE98.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 109426825 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-33F2-3D81BFFF6AC1.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 65856655 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-BFFC-2090E2902CF3.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 15515132 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-372E-FF4CA7B91045.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-5B90-52495C28336A.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-71C5-E73990DE56AE.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 03223441 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-0680-D487064BC8BB.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00039141 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-0DAD-E4D23502779B.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Downloads\_649_WHAT_is.html
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Documents\_642_WHAT_is.html
2016-11-15 11:16 - 2016-11-15 11:16 - 04870670 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-02AA-35AEAC56BD1C.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00499353 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A295-F2D3D71CDEED.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00062736 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-E921-02359266F532.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00887580 ____N C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6100-6D9D3A65FF74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00460000 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-09FF-32FA4F4AD441.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00409849 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-788A-BF1B34CDA6DF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00061466 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-BCF4-817DB7DAEDD4.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00052787 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-F1CE-CBED3F488E03.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002946 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2194-ACD96352E3AF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002775 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-153C-12EE11944DE6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002495 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-0644-8AC61BFC1C74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001933 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-03B2-DD41A3439F20.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001929 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D00-FC17D8918DF6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001913 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8891-468EF1389050.thor
2016-11-15 11:03 - 2016-11-15 11:03 - 00031748 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D57-E1143CD742E7.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00593044 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-7305-C732F3B67C18.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00136253 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-A781-DCEE4B0227B3.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00008327 _____ C:\Users\Lucik\Documents\_135_WHAT_is.html
2016-11-15 11:01 - 2016-11-15 11:01 - 00286784 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3A5A-9161886764B8.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00208708 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-D61A-87BDA79FB965.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00048452 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-4D60-18EA223757E9.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00039252 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B936-2195B7C636DF.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00014121 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B6C5-1801B69F0A2B.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00012170 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-94F0-EF2D6436CACB.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00008327 _____ C:\Users\Lucik\Downloads\_87_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00087364 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A4CD-7367152742B7.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00036676 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6A85-F905E1F0CDC4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00034628 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8FA3-74C76929BD0E.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00025412 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-1570-9E9DF99F47D4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00013362 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-56E8-1B8BAFC3CB3C.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00010365 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-58F7-3F6E6CC9E1E0.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_33_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_14_WHAT_is.html
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-10-31 16:24 - 2016-10-31 16:24 - 00284640 _____ C:\Windows\Minidump\103116-68999-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 13:26 - 2011-04-12 09:34 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-11-26 13:26 - 2011-04-12 09:34 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-11-26 13:26 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-26 13:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-26 13:22 - 2014-05-28 15:03 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 13:22 - 2014-02-05 15:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Skype
2016-11-26 13:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 15:09 - 2014-05-28 15:03 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-15 15:09 - 2013-11-19 21:35 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-15 11:21 - 2014-02-05 14:59 - 00000000 ____D C:\Users\Lucik\Documents\Add-in Express
2016-11-15 11:20 - 2014-03-25 20:53 - 00000000 ____D C:\ProgramData\webcamXP 5
2016-11-15 11:18 - 2016-02-03 08:41 - 00000000 ____D C:\Users\Lucik\Desktop\NOVELI BUSINESS
2016-11-15 11:12 - 2013-11-19 22:08 - 00000000 ____D C:\totalcmd
2016-11-15 11:10 - 2016-05-20 13:10 - 00000000 ____D C:\Users\Lucik\Desktop\daně zaměstnanci
2016-11-15 11:02 - 2016-10-05 18:16 - 00000000 ___RD C:\Users\Lucik\Disk Google
2016-11-15 10:15 - 2014-05-28 15:03 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 10:15 - 2014-05-28 15:03 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 09:45 - 2015-10-14 07:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\eM Client
2016-11-12 11:49 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-12 11:49 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-09 08:30 - 2016-10-05 17:54 - 00002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-07 19:54 - 2016-02-25 17:39 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Seznam.cz
2016-11-07 19:51 - 2015-01-01 16:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-03 16:47 - 2014-05-28 15:03 - 00000000 ____D C:\Users\Lucik\AppData\Local\Google
2016-10-31 16:24 - 2014-04-22 17:42 - 00000000 ____D C:\Windows\Minidump
==================== Files in the root of some directories =======
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\AtStart.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\DSwitch.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\QSwitch.txt
Files to move or delete:
====================
C:\Users\Lucik\bullzip-pdf-printer_10.19.0.2457.exe
Some files in TEMP:
====================
C:\Users\Lucik\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Lucik\AppData\Local\Temp\ose00000.exe
C:\Users\Lucik\AppData\Local\Temp\primosdk.DLL
C:\Users\Lucik\AppData\Local\Temp\px.dll
C:\Users\Lucik\AppData\Local\Temp\pxafs.dll
C:\Users\Lucik\AppData\Local\Temp\PxCpyA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxCpyI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxdrv.dll
C:\Users\Lucik\AppData\Local\Temp\pxhpinst.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxmas.dll
C:\Users\Lucik\AppData\Local\Temp\pxsetup.exe
C:\Users\Lucik\AppData\Local\Temp\pxsfs.dll
C:\Users\Lucik\AppData\Local\Temp\pxwave.dll
C:\Users\Lucik\AppData\Local\Temp\qAUTucmLua3.dll
C:\Users\Lucik\AppData\Local\Temp\siinst.exe
C:\Users\Lucik\AppData\Local\Temp\strings.dll
C:\Users\Lucik\AppData\Local\Temp\vxblock.dll
C:\Users\Lucik\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Lucik\Desktop" je 2414 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Lucik (administrator) on LUCIK (26-11-2016 13:25:20)
Running from C:\Users\Lucik\Desktop
Loaded Profiles: Lucik (Available Profiles: Lucik & as640)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Popajar, inc) C:\Users\Lucik\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\szninstall.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(C. Ghisler & Co.) C:\totalcmd\TOTALCMD.EXE
(forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1875048 2010-11-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [UpdateChecker] => C:\Users\Lucik\AppData\Local\Popajar\UpdateChecker\UpdateCheckerApp.exe [7168 2014-01-16] (Popajar, inc)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818712 2016-10-12] (Google)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{575D9BD0-1B2D-44C4-ACE1-1AFCE2D565CA}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{E300DC5B-DBC0-4B94-A8C2-E2C23CC0EEBA}: [DhcpNameServer] 94.74.192.252 94.74.192.244
Internet Explorer:
==================
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {12DA348F-BAF5-4F55-8883-D113C5F1A241} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {2A9603D9-DA6C-4872-95C0-41C5F52BB5AF} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {48B5550F-C9D3-4D4E-9B9D-D4D6C5505076} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {73E416AD-34F4-42FB-AEFD-C09147BE00E2} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {81BFDFDA-4C37-4C4E-A56A-EE0E52B0A5D5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {92C3213F-2BAE-4B5F-AFD3-6C53D87DD3A4} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {A9D4A26E-E769-4BD9-B781-97417173F925} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {B5314C77-2842-42FA-BCC9-B51EDDA442F0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {BD272F60-7C8B-4AB9-B431-575B87129B56} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_27368
BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Prezentace Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-25]
CHR Extension: (Dokumenty Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]
CHR Extension: (Disk Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-15]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Vyhledávání Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Tabulky Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-25]
CHR Extension: (Free Smileys & Emoticons) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl [2015-11-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-11-15]
CHR Extension: (Gmail) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]
CHR HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Lucik\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [121368 2008-05-25] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 wxpSvc; D:\instal\WLITE-program kamera\webcamXP 5\wService.exe [5023744 2011-07-27] (Moonware Studios) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 13:25 - 2016-11-26 13:26 - 00015912 _____ C:\Users\Lucik\Desktop\FRST.txt
2016-11-26 13:24 - 2016-11-26 13:25 - 00000000 ____D C:\FRST
2016-11-26 13:23 - 2016-11-26 13:16 - 00112640 _____ (forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe
2016-11-26 13:23 - 2016-11-15 16:23 - 02411520 _____ (Farbar) C:\Users\Lucik\Desktop\FRST64.exe
2016-11-15 11:20 - 2016-11-15 11:20 - 232123713 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2566-9F4F31AE33E6.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 173489029 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3608-9D85BD30DE98.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 109426825 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-33F2-3D81BFFF6AC1.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 65856655 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-BFFC-2090E2902CF3.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 15515132 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-372E-FF4CA7B91045.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-5B90-52495C28336A.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-71C5-E73990DE56AE.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 03223441 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-0680-D487064BC8BB.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00039141 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-0DAD-E4D23502779B.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Downloads\_649_WHAT_is.html
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Documents\_642_WHAT_is.html
2016-11-15 11:16 - 2016-11-15 11:16 - 04870670 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-02AA-35AEAC56BD1C.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00499353 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A295-F2D3D71CDEED.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00062736 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-E921-02359266F532.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00887580 ____N C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6100-6D9D3A65FF74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00460000 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-09FF-32FA4F4AD441.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00409849 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-788A-BF1B34CDA6DF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00061466 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-BCF4-817DB7DAEDD4.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00052787 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-F1CE-CBED3F488E03.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002946 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2194-ACD96352E3AF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002775 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-153C-12EE11944DE6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002495 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-0644-8AC61BFC1C74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001933 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-03B2-DD41A3439F20.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001929 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D00-FC17D8918DF6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001913 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8891-468EF1389050.thor
2016-11-15 11:03 - 2016-11-15 11:03 - 00031748 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D57-E1143CD742E7.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00593044 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-7305-C732F3B67C18.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00136253 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-A781-DCEE4B0227B3.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00008327 _____ C:\Users\Lucik\Documents\_135_WHAT_is.html
2016-11-15 11:01 - 2016-11-15 11:01 - 00286784 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3A5A-9161886764B8.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00208708 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-D61A-87BDA79FB965.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00048452 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-4D60-18EA223757E9.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00039252 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B936-2195B7C636DF.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00014121 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B6C5-1801B69F0A2B.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00012170 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-94F0-EF2D6436CACB.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00008327 _____ C:\Users\Lucik\Downloads\_87_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00087364 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A4CD-7367152742B7.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00036676 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6A85-F905E1F0CDC4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00034628 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8FA3-74C76929BD0E.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00025412 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-1570-9E9DF99F47D4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00013362 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-56E8-1B8BAFC3CB3C.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00010365 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-58F7-3F6E6CC9E1E0.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_33_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_14_WHAT_is.html
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-10-31 16:24 - 2016-10-31 16:24 - 00284640 _____ C:\Windows\Minidump\103116-68999-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 13:26 - 2011-04-12 09:34 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-11-26 13:26 - 2011-04-12 09:34 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-11-26 13:26 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-26 13:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-26 13:22 - 2014-05-28 15:03 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 13:22 - 2014-02-05 15:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Skype
2016-11-26 13:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 15:09 - 2014-05-28 15:03 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-15 15:09 - 2013-11-19 21:35 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-15 11:21 - 2014-02-05 14:59 - 00000000 ____D C:\Users\Lucik\Documents\Add-in Express
2016-11-15 11:20 - 2014-03-25 20:53 - 00000000 ____D C:\ProgramData\webcamXP 5
2016-11-15 11:18 - 2016-02-03 08:41 - 00000000 ____D C:\Users\Lucik\Desktop\NOVELI BUSINESS
2016-11-15 11:12 - 2013-11-19 22:08 - 00000000 ____D C:\totalcmd
2016-11-15 11:10 - 2016-05-20 13:10 - 00000000 ____D C:\Users\Lucik\Desktop\daně zaměstnanci
2016-11-15 11:02 - 2016-10-05 18:16 - 00000000 ___RD C:\Users\Lucik\Disk Google
2016-11-15 10:15 - 2014-05-28 15:03 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 10:15 - 2014-05-28 15:03 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 09:45 - 2015-10-14 07:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\eM Client
2016-11-12 11:49 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-12 11:49 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-09 08:30 - 2016-10-05 17:54 - 00002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-07 19:54 - 2016-02-25 17:39 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Seznam.cz
2016-11-07 19:51 - 2015-01-01 16:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-03 16:47 - 2014-05-28 15:03 - 00000000 ____D C:\Users\Lucik\AppData\Local\Google
2016-10-31 16:24 - 2014-04-22 17:42 - 00000000 ____D C:\Windows\Minidump
==================== Files in the root of some directories =======
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\AtStart.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\DSwitch.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\QSwitch.txt
Files to move or delete:
====================
C:\Users\Lucik\bullzip-pdf-printer_10.19.0.2457.exe
Some files in TEMP:
====================
C:\Users\Lucik\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Lucik\AppData\Local\Temp\ose00000.exe
C:\Users\Lucik\AppData\Local\Temp\primosdk.DLL
C:\Users\Lucik\AppData\Local\Temp\px.dll
C:\Users\Lucik\AppData\Local\Temp\pxafs.dll
C:\Users\Lucik\AppData\Local\Temp\PxCpyA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxCpyI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxdrv.dll
C:\Users\Lucik\AppData\Local\Temp\pxhpinst.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxmas.dll
C:\Users\Lucik\AppData\Local\Temp\pxsetup.exe
C:\Users\Lucik\AppData\Local\Temp\pxsfs.dll
C:\Users\Lucik\AppData\Local\Temp\pxwave.dll
C:\Users\Lucik\AppData\Local\Temp\qAUTucmLua3.dll
C:\Users\Lucik\AppData\Local\Temp\siinst.exe
C:\Users\Lucik\AppData\Local\Temp\strings.dll
C:\Users\Lucik\AppData\Local\Temp\vxblock.dll
C:\Users\Lucik\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Lucik\Desktop" je 2414 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.7z
- (3.73 KiB) Staženo 44 x
Re: .Thor
A ještě Adwcleaner.
# AdwCleaner v6.030 - Log soubor vytvořen 26/11/2016 na 13:34:47
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-10-18.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Lucik - LUCIK
# Beží od : D:\instal\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Adresáře ] *****
[-] Adresář smazán:C:\Users\Lucik\AppData\Local\Popajar
[-] Adresář smazán:C:\Users\Lucik\AppData\Roaming\OpenCandy
[-] Adresář smazán:C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupce ] *****
***** [ Plánovač úloh ] *****
***** [ Registry ] *****
[-] Klíč smazán:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\APN PIP
[-] Klíč smazán:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Popajar
[-] Klíč smazán:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\SmileysWeLove
[#] Klíč smazán po restartování:HKCU\Software\APN PIP
[#] Klíč smazán po restartování:HKCU\Software\Popajar
[#] Klíč smazán po restartování:HKCU\Software\SmileysWeLove
[#] Klíč smazán po restartování:[x64] HKCU\Software\APN PIP
[#] Klíč smazán po restartování:[x64] HKCU\Software\Popajar
[#] Klíč smazán po restartování:[x64] HKCU\Software\SmileysWeLove
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\freeradiocast.dl.tb.ask.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\freeradiocast.dl.tb.ask.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[-] Hodnota smazána:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Windows\CurrentVersion\Run [UpdateChecker]
[#] Hodnota smazána po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Run [UpdateChecker]
[#] Hodnota smazána po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [UpdateChecker]
[-] Klíč smazán:HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
***** [ Prohlížeče ] *****
[-] [C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazání:fjbbjfdilbioabojmcplalojlmdngbjl
*************************
:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2921 Bajtů] - [26/11/2016 13:34:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [3126 Bajtů] - [26/11/2016 13:32:53]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3069 Bajtů] ##########
# AdwCleaner v6.030 - Log soubor vytvořen 26/11/2016 na 13:34:47
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-10-18.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Lucik - LUCIK
# Beží od : D:\instal\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Adresáře ] *****
[-] Adresář smazán:C:\Users\Lucik\AppData\Local\Popajar
[-] Adresář smazán:C:\Users\Lucik\AppData\Roaming\OpenCandy
[-] Adresář smazán:C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupce ] *****
***** [ Plánovač úloh ] *****
***** [ Registry ] *****
[-] Klíč smazán:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\APN PIP
[-] Klíč smazán:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Popajar
[-] Klíč smazán:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\SmileysWeLove
[#] Klíč smazán po restartování:HKCU\Software\APN PIP
[#] Klíč smazán po restartování:HKCU\Software\Popajar
[#] Klíč smazán po restartování:HKCU\Software\SmileysWeLove
[#] Klíč smazán po restartování:[x64] HKCU\Software\APN PIP
[#] Klíč smazán po restartování:[x64] HKCU\Software\Popajar
[#] Klíč smazán po restartování:[x64] HKCU\Software\SmileysWeLove
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\freeradiocast.dl.tb.ask.com
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\freeradiocast.dl.tb.ask.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[-] Hodnota smazána:HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Windows\CurrentVersion\Run [UpdateChecker]
[#] Hodnota smazána po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Run [UpdateChecker]
[#] Hodnota smazána po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [UpdateChecker]
[-] Klíč smazán:HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
***** [ Prohlížeče ] *****
[-] [C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazání:fjbbjfdilbioabojmcplalojlmdngbjl
*************************
:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2921 Bajtů] - [26/11/2016 13:34:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [3126 Bajtů] - [26/11/2016 13:32:53]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3069 Bajtů] ##########
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: .Thor
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: .Thor
Tady je.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Lucik (administrator) on LUCIK (27-11-2016 11:10:40)
Running from C:\Users\Lucik\Desktop
Loaded Profiles: Lucik (Available Profiles: Lucik & as640)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1875048 2010-11-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818712 2016-10-12] (Google)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{575D9BD0-1B2D-44C4-ACE1-1AFCE2D565CA}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{E300DC5B-DBC0-4B94-A8C2-E2C23CC0EEBA}: [DhcpNameServer] 94.74.192.252 94.74.192.244
Internet Explorer:
==================
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {12DA348F-BAF5-4F55-8883-D113C5F1A241} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {2A9603D9-DA6C-4872-95C0-41C5F52BB5AF} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {48B5550F-C9D3-4D4E-9B9D-D4D6C5505076} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {73E416AD-34F4-42FB-AEFD-C09147BE00E2} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {81BFDFDA-4C37-4C4E-A56A-EE0E52B0A5D5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {92C3213F-2BAE-4B5F-AFD3-6C53D87DD3A4} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {A9D4A26E-E769-4BD9-B781-97417173F925} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {B5314C77-2842-42FA-BCC9-B51EDDA442F0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {BD272F60-7C8B-4AB9-B431-575B87129B56} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_27368
BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Prezentace Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-25]
CHR Extension: (Dokumenty Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]
CHR Extension: (Disk Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-15]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Vyhledávání Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Tabulky Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-11-15]
CHR Extension: (Gmail) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]
CHR HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [121368 2008-05-25] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 wxpSvc; D:\instal\WLITE-program kamera\webcamXP 5\wService.exe [5023744 2011-07-27] (Moonware Studios) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-27 11:04 - 2016-11-27 11:10 - 00015084 _____ C:\Users\Lucik\Desktop\FRST.txt
2016-11-26 13:31 - 2016-11-26 13:34 - 00000000 ____D C:\AdwCleaner
2016-11-26 13:24 - 2016-11-26 13:25 - 00000000 ____D C:\FRST
2016-11-26 13:23 - 2016-11-26 13:16 - 00112640 _____ (forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe
2016-11-26 13:23 - 2016-11-15 16:23 - 02411520 _____ (Farbar) C:\Users\Lucik\Desktop\FRST64.exe
2016-11-15 11:20 - 2016-11-15 11:20 - 232123713 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2566-9F4F31AE33E6.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 173489029 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3608-9D85BD30DE98.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 109426825 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-33F2-3D81BFFF6AC1.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 65856655 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-BFFC-2090E2902CF3.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 15515132 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-372E-FF4CA7B91045.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-5B90-52495C28336A.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-71C5-E73990DE56AE.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 03223441 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-0680-D487064BC8BB.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00039141 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-0DAD-E4D23502779B.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Downloads\_649_WHAT_is.html
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Documents\_642_WHAT_is.html
2016-11-15 11:16 - 2016-11-15 11:16 - 04870670 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-02AA-35AEAC56BD1C.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00499353 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A295-F2D3D71CDEED.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00062736 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-E921-02359266F532.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00887580 ____N C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6100-6D9D3A65FF74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00460000 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-09FF-32FA4F4AD441.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00409849 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-788A-BF1B34CDA6DF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00061466 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-BCF4-817DB7DAEDD4.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00052787 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-F1CE-CBED3F488E03.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002946 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2194-ACD96352E3AF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002775 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-153C-12EE11944DE6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002495 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-0644-8AC61BFC1C74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001933 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-03B2-DD41A3439F20.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001929 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D00-FC17D8918DF6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001913 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8891-468EF1389050.thor
2016-11-15 11:03 - 2016-11-15 11:03 - 00031748 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D57-E1143CD742E7.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00593044 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-7305-C732F3B67C18.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00136253 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-A781-DCEE4B0227B3.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00008327 _____ C:\Users\Lucik\Documents\_135_WHAT_is.html
2016-11-15 11:01 - 2016-11-15 11:01 - 00286784 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3A5A-9161886764B8.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00208708 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-D61A-87BDA79FB965.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00048452 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-4D60-18EA223757E9.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00039252 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B936-2195B7C636DF.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00014121 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B6C5-1801B69F0A2B.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00012170 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-94F0-EF2D6436CACB.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00008327 _____ C:\Users\Lucik\Downloads\_87_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00087364 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A4CD-7367152742B7.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00036676 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6A85-F905E1F0CDC4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00034628 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8FA3-74C76929BD0E.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00025412 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-1570-9E9DF99F47D4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00013362 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-56E8-1B8BAFC3CB3C.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00010365 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-58F7-3F6E6CC9E1E0.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_33_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_14_WHAT_is.html
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-10-31 16:24 - 2016-10-31 16:24 - 00284640 _____ C:\Windows\Minidump\103116-68999-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-27 11:10 - 2014-02-05 15:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Skype
2016-11-27 11:10 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-27 11:10 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-27 11:09 - 2014-05-28 15:03 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-27 11:09 - 2013-11-19 21:35 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-27 11:08 - 2011-04-12 09:34 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-11-27 11:08 - 2011-04-12 09:34 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-11-27 11:08 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-27 11:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-27 11:07 - 2016-02-25 17:39 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Seznam.cz
2016-11-27 11:02 - 2014-05-28 15:03 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-27 11:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 11:21 - 2014-02-05 14:59 - 00000000 ____D C:\Users\Lucik\Documents\Add-in Express
2016-11-15 11:20 - 2014-03-25 20:53 - 00000000 ____D C:\ProgramData\webcamXP 5
2016-11-15 11:18 - 2016-02-03 08:41 - 00000000 ____D C:\Users\Lucik\Desktop\NOVELI BUSINESS
2016-11-15 11:12 - 2013-11-19 22:08 - 00000000 ____D C:\totalcmd
2016-11-15 11:10 - 2016-05-20 13:10 - 00000000 ____D C:\Users\Lucik\Desktop\daně zaměstnanci
2016-11-15 11:02 - 2016-10-05 18:16 - 00000000 ___RD C:\Users\Lucik\Disk Google
2016-11-15 10:15 - 2014-05-28 15:03 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 10:15 - 2014-05-28 15:03 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 09:45 - 2015-10-14 07:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\eM Client
2016-11-09 08:30 - 2016-10-05 17:54 - 00002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-07 19:51 - 2015-01-01 16:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-03 16:47 - 2014-05-28 15:03 - 00000000 ____D C:\Users\Lucik\AppData\Local\Google
2016-10-31 16:24 - 2014-04-22 17:42 - 00000000 ____D C:\Windows\Minidump
==================== Files in the root of some directories =======
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\AtStart.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\DSwitch.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\QSwitch.txt
Files to move or delete:
====================
C:\Users\Lucik\bullzip-pdf-printer_10.19.0.2457.exe
Some files in TEMP:
====================
C:\Users\Lucik\AppData\Local\Temp\libeay32.dll
C:\Users\Lucik\AppData\Local\Temp\msvcr120.dll
C:\Users\Lucik\AppData\Local\Temp\ose00000.exe
C:\Users\Lucik\AppData\Local\Temp\primosdk.DLL
C:\Users\Lucik\AppData\Local\Temp\px.dll
C:\Users\Lucik\AppData\Local\Temp\pxafs.dll
C:\Users\Lucik\AppData\Local\Temp\PxCpyA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxCpyI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxdrv.dll
C:\Users\Lucik\AppData\Local\Temp\pxhpinst.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxmas.dll
C:\Users\Lucik\AppData\Local\Temp\pxsetup.exe
C:\Users\Lucik\AppData\Local\Temp\pxsfs.dll
C:\Users\Lucik\AppData\Local\Temp\pxwave.dll
C:\Users\Lucik\AppData\Local\Temp\qAUTucmLua3.dll
C:\Users\Lucik\AppData\Local\Temp\siinst.exe
C:\Users\Lucik\AppData\Local\Temp\sqlite3.dll
C:\Users\Lucik\AppData\Local\Temp\strings.dll
C:\Users\Lucik\AppData\Local\Temp\vxblock.dll
C:\Users\Lucik\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-24 14:19
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (System) (Fixed) (Total:48.83 GB) (Free:0.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (data) (Fixed) (Total:100.22 GB) (Free:16.8 GB) NTFS
Available physical RAM: 1547.45 MB
Total physical RAM: 3055.3 MB
Percentage of memory in use: 49%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 30212419)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Lucik\Desktop" je 2414 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Lucik (administrator) on LUCIK (27-11-2016 11:10:40)
Running from C:\Users\Lucik\Desktop
Loaded Profiles: Lucik (Available Profiles: Lucik & as640)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1875048 2010-11-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Lucik\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818712 2016-10-12] (Google)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{575D9BD0-1B2D-44C4-ACE1-1AFCE2D565CA}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{E300DC5B-DBC0-4B94-A8C2-E2C23CC0EEBA}: [DhcpNameServer] 94.74.192.252 94.74.192.244
Internet Explorer:
==================
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {12DA348F-BAF5-4F55-8883-D113C5F1A241} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {2A9603D9-DA6C-4872-95C0-41C5F52BB5AF} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {48B5550F-C9D3-4D4E-9B9D-D4D6C5505076} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {73E416AD-34F4-42FB-AEFD-C09147BE00E2} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {81BFDFDA-4C37-4C4E-A56A-EE0E52B0A5D5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {92C3213F-2BAE-4B5F-AFD3-6C53D87DD3A4} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {A9D4A26E-E769-4BD9-B781-97417173F925} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {B5314C77-2842-42FA-BCC9-B51EDDA442F0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-1426876207-582522621-1287086209-1000 -> {BD272F60-7C8B-4AB9-B431-575B87129B56} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_27368
BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-28] (Oracle Corporation)
BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D8950D0E-FCE7-4AE4-9370-7E4CFBC04362} hxxps://eportal.cssz.cz/fas/page/activexcab/webff_cs.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Prezentace Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-25]
CHR Extension: (Dokumenty Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]
CHR Extension: (Disk Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-15]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Vyhledávání Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Tabulky Google) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-11-15]
CHR Extension: (Gmail) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\Lucik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]
CHR HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [121368 2008-05-25] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 wxpSvc; D:\instal\WLITE-program kamera\webcamXP 5\wService.exe [5023744 2011-07-27] (Moonware Studios) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-27 11:04 - 2016-11-27 11:10 - 00015084 _____ C:\Users\Lucik\Desktop\FRST.txt
2016-11-26 13:31 - 2016-11-26 13:34 - 00000000 ____D C:\AdwCleaner
2016-11-26 13:24 - 2016-11-26 13:25 - 00000000 ____D C:\FRST
2016-11-26 13:23 - 2016-11-26 13:16 - 00112640 _____ (forum.viry.cz) C:\Users\Lucik\Desktop\FRSTLauncher.exe
2016-11-26 13:23 - 2016-11-15 16:23 - 02411520 _____ (Farbar) C:\Users\Lucik\Desktop\FRST64.exe
2016-11-15 11:20 - 2016-11-15 11:20 - 232123713 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2566-9F4F31AE33E6.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 173489029 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3608-9D85BD30DE98.thor
2016-11-15 11:20 - 2016-11-15 11:20 - 109426825 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-33F2-3D81BFFF6AC1.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 65856655 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-BFFC-2090E2902CF3.thor
2016-11-15 11:19 - 2016-11-15 11:19 - 15515132 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-372E-FF4CA7B91045.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-5B90-52495C28336A.thor
2016-11-15 11:18 - 2016-11-15 11:18 - 00444014 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-71C5-E73990DE56AE.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 03223441 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-0680-D487064BC8BB.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00039141 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-0DAD-E4D23502779B.thor
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Downloads\_649_WHAT_is.html
2016-11-15 11:17 - 2016-11-15 11:17 - 00008327 _____ C:\Users\Lucik\Documents\_642_WHAT_is.html
2016-11-15 11:16 - 2016-11-15 11:16 - 04870670 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-02AA-35AEAC56BD1C.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00499353 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A295-F2D3D71CDEED.thor
2016-11-15 11:11 - 2016-11-15 11:11 - 00062736 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-E921-02359266F532.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00887580 ____N C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6100-6D9D3A65FF74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00460000 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-09FF-32FA4F4AD441.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00409849 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-788A-BF1B34CDA6DF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00061466 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-BCF4-817DB7DAEDD4.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00052787 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-F1CE-CBED3F488E03.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002946 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-2194-ACD96352E3AF.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002775 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-153C-12EE11944DE6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00002495 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-0644-8AC61BFC1C74.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001933 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-03B2-DD41A3439F20.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001929 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D00-FC17D8918DF6.thor
2016-11-15 11:10 - 2016-11-15 11:10 - 00001913 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8891-468EF1389050.thor
2016-11-15 11:03 - 2016-11-15 11:03 - 00031748 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-5D57-E1143CD742E7.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00593044 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-7305-C732F3B67C18.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00136253 _____ C:\Users\Lucik\Documents\B899021C-AEE2-424B-A781-DCEE4B0227B3.thor
2016-11-15 11:02 - 2016-11-15 11:02 - 00008327 _____ C:\Users\Lucik\Documents\_135_WHAT_is.html
2016-11-15 11:01 - 2016-11-15 11:01 - 00286784 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-3A5A-9161886764B8.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00208708 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-D61A-87BDA79FB965.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00048452 _____ C:\Users\Lucik\Downloads\B899021C-AEE2-424B-4D60-18EA223757E9.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00039252 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B936-2195B7C636DF.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00014121 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-B6C5-1801B69F0A2B.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00012170 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-94F0-EF2D6436CACB.thor
2016-11-15 11:01 - 2016-11-15 11:01 - 00008327 _____ C:\Users\Lucik\Downloads\_87_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00087364 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-A4CD-7367152742B7.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00036676 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-6A85-F905E1F0CDC4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00034628 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-8FA3-74C76929BD0E.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00025412 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-1570-9E9DF99F47D4.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00013362 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-56E8-1B8BAFC3CB3C.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00010365 _____ C:\Users\Lucik\Desktop\B899021C-AEE2-424B-58F7-3F6E6CC9E1E0.thor
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_33_WHAT_is.html
2016-11-15 11:00 - 2016-11-15 11:00 - 00008327 _____ C:\Users\Lucik\Desktop\_14_WHAT_is.html
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-09 08:29 - 2016-11-09 08:29 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-10-31 16:24 - 2016-10-31 16:24 - 00284640 _____ C:\Windows\Minidump\103116-68999-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-27 11:10 - 2014-02-05 15:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Skype
2016-11-27 11:10 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-27 11:10 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-27 11:09 - 2014-05-28 15:03 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-27 11:09 - 2013-11-19 21:35 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-27 11:08 - 2011-04-12 09:34 - 00668792 _____ C:\Windows\system32\perfh005.dat
2016-11-27 11:08 - 2011-04-12 09:34 - 00141420 _____ C:\Windows\system32\perfc005.dat
2016-11-27 11:08 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-27 11:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-27 11:07 - 2016-02-25 17:39 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\Seznam.cz
2016-11-27 11:02 - 2014-05-28 15:03 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-27 11:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 11:21 - 2014-02-05 14:59 - 00000000 ____D C:\Users\Lucik\Documents\Add-in Express
2016-11-15 11:20 - 2014-03-25 20:53 - 00000000 ____D C:\ProgramData\webcamXP 5
2016-11-15 11:18 - 2016-02-03 08:41 - 00000000 ____D C:\Users\Lucik\Desktop\NOVELI BUSINESS
2016-11-15 11:12 - 2013-11-19 22:08 - 00000000 ____D C:\totalcmd
2016-11-15 11:10 - 2016-05-20 13:10 - 00000000 ____D C:\Users\Lucik\Desktop\daně zaměstnanci
2016-11-15 11:02 - 2016-10-05 18:16 - 00000000 ___RD C:\Users\Lucik\Disk Google
2016-11-15 10:15 - 2014-05-28 15:03 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 10:15 - 2014-05-28 15:03 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 09:45 - 2015-10-14 07:01 - 00000000 ____D C:\Users\Lucik\AppData\Roaming\eM Client
2016-11-09 08:30 - 2016-10-05 17:54 - 00002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-11-09 08:30 - 2016-10-05 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-07 19:51 - 2015-01-01 16:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-03 16:47 - 2014-05-28 15:03 - 00000000 ____D C:\Users\Lucik\AppData\Local\Google
2016-10-31 16:24 - 2014-04-22 17:42 - 00000000 ____D C:\Windows\Minidump
==================== Files in the root of some directories =======
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\AtStart.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\DSwitch.txt
2014-03-25 21:35 - 2014-03-25 21:35 - 0000000 _____ () C:\Users\Lucik\AppData\Local\QSwitch.txt
Files to move or delete:
====================
C:\Users\Lucik\bullzip-pdf-printer_10.19.0.2457.exe
Some files in TEMP:
====================
C:\Users\Lucik\AppData\Local\Temp\libeay32.dll
C:\Users\Lucik\AppData\Local\Temp\msvcr120.dll
C:\Users\Lucik\AppData\Local\Temp\ose00000.exe
C:\Users\Lucik\AppData\Local\Temp\primosdk.DLL
C:\Users\Lucik\AppData\Local\Temp\px.dll
C:\Users\Lucik\AppData\Local\Temp\pxafs.dll
C:\Users\Lucik\AppData\Local\Temp\PxCpyA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxCpyI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxdrv.dll
C:\Users\Lucik\AppData\Local\Temp\pxhpinst.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsA64.exe
C:\Users\Lucik\AppData\Local\Temp\PxInsI64.exe
C:\Users\Lucik\AppData\Local\Temp\pxmas.dll
C:\Users\Lucik\AppData\Local\Temp\pxsetup.exe
C:\Users\Lucik\AppData\Local\Temp\pxsfs.dll
C:\Users\Lucik\AppData\Local\Temp\pxwave.dll
C:\Users\Lucik\AppData\Local\Temp\qAUTucmLua3.dll
C:\Users\Lucik\AppData\Local\Temp\siinst.exe
C:\Users\Lucik\AppData\Local\Temp\sqlite3.dll
C:\Users\Lucik\AppData\Local\Temp\strings.dll
C:\Users\Lucik\AppData\Local\Temp\vxblock.dll
C:\Users\Lucik\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-24 14:19
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (System) (Fixed) (Total:48.83 GB) (Free:0.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (data) (Fixed) (Total:100.22 GB) (Free:16.8 GB) NTFS
Available physical RAM: 1547.45 MB
Total physical RAM: 3055.3 MB
Percentage of memory in use: 49%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 30212419)
Partition 1: (Active) - (Size=48.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Lucik\Desktop" je 2414 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition3.7z
- (8 KiB) Staženo 64 x
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: .Thor
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Lucik\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Z logu
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Lucik\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Z logu
To je přiliš mnoho a může to způsobovat zpomalení startu systému.Vytvořte v C:\Users\Lucik novou složku a přesuňte do ní všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.Velikost slozky "C:\Users\Lucik\Desktop" je 2414 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: .Thor
tady je fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Lucik (27-11-2016 12:24:40) Run:1
Running from C:\Users\Lucik\Desktop
Loaded Profiles: Lucik (Available Profiles: Lucik & as640)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Lucik\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
"HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dc2597c-7a4f-11e6-ad58-001a4b7d7f54}" => key removed successfully
HKCR\CLSID\{8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
"C:\Users\Lucik\AppData\Local\Temp" folder move:
Could not move "C:\Users\Lucik\AppData\Local\Temp" => Scheduled to move on reboot.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 157307547 B
Java, Flash, Steam htmlcache => 106603 B
Windows/system/drivers => 545539230 B
Edge => 0 B
Chrome => 258678196 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6876 B
Public => 0 B
ProgramData => 0 B
systemprofile => 68840 B
systemprofile32 => 72682 B
LocalService => 66228 B
NetworkService => 329224 B
Lucik => 3303431635 B
nspadm => 0 B
as640 => 57535 B
RecycleBin => 1497060010 B
EmptyTemp: => 5.4 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-11-2016 12:29:47)
C:\Users\Lucik\AppData\Local\Temp => moved successfully
==== End of Fixlog 12:29:49 ====
A díky za info ohledně plochy, nevšiml jsem si že toho bylo 2,4 GB.
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Lucik (27-11-2016 12:24:40) Run:1
Running from C:\Users\Lucik\Desktop
Loaded Profiles: Lucik (Available Profiles: Lucik & as640)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: F - F:\SISetup.exe
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\...\MountPoints2: {8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} - F:\SISetup.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Lucik\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1426876207-582522621-1287086209-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
"HKU\S-1-5-21-1426876207-582522621-1287086209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dc2597c-7a4f-11e6-ad58-001a4b7d7f54}" => key removed successfully
HKCR\CLSID\{8dc2597c-7a4f-11e6-ad58-001a4b7d7f54} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
"C:\Users\Lucik\AppData\Local\Temp" folder move:
Could not move "C:\Users\Lucik\AppData\Local\Temp" => Scheduled to move on reboot.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 157307547 B
Java, Flash, Steam htmlcache => 106603 B
Windows/system/drivers => 545539230 B
Edge => 0 B
Chrome => 258678196 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6876 B
Public => 0 B
ProgramData => 0 B
systemprofile => 68840 B
systemprofile32 => 72682 B
LocalService => 66228 B
NetworkService => 329224 B
Lucik => 3303431635 B
nspadm => 0 B
as640 => 57535 B
RecycleBin => 1497060010 B
EmptyTemp: => 5.4 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-11-2016 12:29:47)
C:\Users\Lucik\AppData\Local\Temp => moved successfully
==== End of Fixlog 12:29:49 ====
A díky za info ohledně plochy, nevšiml jsem si že toho bylo 2,4 GB.
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: .Thor
Váš PC je odvirován. Příponu *.thor vám ale nedešifrujeme. K tomu je třeba přímý přístup do PC, což nemáme právně ošetřeno. Obraťte se na naše kolegy zde: https://neslape.cz/?utm_campaign=neslap ... ium=banner .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 118283
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: .Thor
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?