Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-05-2017 Ran by Uzivatel (administrator) on UZIVATEL-PC (11-05-2017 23:13:25) Running from C:\Users\Uzivatel\Downloads Loaded Profiles: Uzivatel (Available Profiles: Uzivatel) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe () C:\Users\Uzivatel\AppData\Roaming\Seznam.cz\bin\szndesktop.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Users\Uzivatel\Downloads\lp538i8e.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Users\Uzivatel\Downloads\lp538i8e.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.) HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.) HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.) HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [144784 2008-02-22] (Sun Microsystems, Inc.) HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-10] (AVAST Software) HKLM\...\Run: [NCUpdateHelper] => C:\Program Files\NCWest\NCLauncher\NCUpdateHelper.exe HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] () HKLM\...\Run: [Windows Mobile Device Center] => C:\windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-3283628575-1838000162-593940776-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3283628575-1838000162-593940776-1000\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKU\S-1-5-21-3283628575-1838000162-593940776-1000\...\Run: [ALLUpdate] => "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" HKU\S-1-5-21-3283628575-1838000162-593940776-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Uzivatel\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] () HKU\S-1-5-21-3283628575-1838000162-593940776-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Uzivatel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] () HKU\S-1-5-21-3283628575-1838000162-593940776-1000\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files\ALLPlayer Remote\ALLPlayerRemoteControl.exe HKU\S-1-5-21-3283628575-1838000162-593940776-1000\...\Run: [AirDroid 3] => C:\Program Files\AirDroid\AirDroid.exe /start HKU\S-1-5-21-3283628575-1838000162-593940776-1000\...\Run: [Napisy24Update] => C:\Program Files\Napisy24\Napisy24Update.exe [3709896 2015-11-04] (Napisy24.pl) HKU\S-1-5-21-3283628575-1838000162-593940776-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-05-10] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Backup Manager.lnk [2010-10-12] ShortcutTarget: Backup Manager.lnk -> C:\Program Files\BackupManager\BkupMgr.exe (GenesysLogic) Startup: C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2010-10-21] ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{ADD22747-DB9C-489B-8DBC-9E6E4EDBFDD6}: [DhcpNameServer] 192.168.1.1 ManualProxies: 0hxxp://unstopaccess.com/wpad.dat?def5d84e58df500015d2be89176d24eb30141547 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3283628575-1838000162-593940776-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} HKU\S-1-5-21-3283628575-1838000162-593940776-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190 SearchScopes: HKLM -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454 SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {06A28F03-9BA4-4D9D-A07D-48FD4A17ED5C} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454 SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454 SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {1DCFFA66-9617-41D5-ADE7-40F4FDC6B90C} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454 SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {4349CE30-A19D-4132-A01C-CFC7EF59CC52} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454 SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {77C72B7B-2903-4F44-BD99-3AC893CA2BB6} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454 SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {87DD8CA0-9035-4F4C-9160-5A3ED4D9FCB0} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12454 SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {97B4DDF2-BD08-410D-A90B-281A47B729EB} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454 SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {F39D0EDA-20BE-4C65-A94B-09EE6522A5A8} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454 SearchScopes: HKU\S-1-5-21-3283628575-1838000162-593940776-1000 -> {FD6CE4DB-B8E8-49B5-91CF-375EE6F7543A} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454 BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22] (Sun Microsystems, Inc.) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-04] (AVAST Software) BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) DPF: {68282C51-9459-467B-95BF-3C0E89627E55} hxxp://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1446985745&z=7d9cc280ae9ee7e1f968ceegbz1z5q6tfb1wdz8q4o&from=cor&uid=TOSHIBAXMK5055GSX_10NGC08GTXX10NGC08GT FireFox: ======== FF ProfilePath: C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\v8rwpqxp.default [2017-05-11] FF Homepage: Mozilla\Firefox\Profiles\v8rwpqxp.default -> wp.pl FF Extension: (Avast SafePrice) - C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\v8rwpqxp.default\Extensions\sp@avast.com.xpi [2017-05-10] FF Extension: (Avast Online Security) - C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\v8rwpqxp.default\Extensions\wrc@avast.com.xpi [2017-05-10] FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-13] () FF Plugin: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files\Ganymede\Plugins\npganymedenet.dll [2015-07-15] ( ) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll [2015-07-15] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-15] (Microsoft Corporation) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\134264912.js [2017-05-01] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files\mozilla firefox\134264912.cfg [2017-05-01] <==== ATTENTION Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.gazeta.pl/0,0.html?p=154","www.google.com","hxxp://www.istartsurf.com/?type=hp&ts=1446985745&z=7d9cc280ae9ee7e1f968ceegbz1z5q6tfb1wdz8q4o&from=cor&uid=TOSHIBAXMK5055GSX_10NGC08GTXX10NGC08GT" CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default [2017-05-11] CHR Extension: (Prezentace Google) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-06] CHR Extension: (Dokumenty Google) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-06] CHR Extension: (Disk Google) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-06] CHR Extension: (YouTube) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-06] CHR Extension: (Avast Online Security (BETA)) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-05-06] CHR Extension: (Avast SafePrice) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-06] CHR Extension: (Tabulky Google) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-06] CHR Extension: (Dokumenty Google offline) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-06] CHR Extension: (Avast Online Security) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-06] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-05-06] CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-06] CHR Extension: (Adblock Pro) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2017-05-06] CHR Extension: (Gmail) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-06] CHR Extension: (Chrome Media Router) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-06] CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx CHR HKU\S-1-5-21-3283628575-1838000162-593940776-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Uzivatel\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx CHR HKU\S-1-5-21-3283628575-1838000162-593940776-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-05-10] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-10] (AVAST Software) S3 npggsvc; C:\windows\system32\GameMon.des [3190784 2015-05-19] (INCA Internet Co., Ltd.) R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] () R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed] S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed] S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 WsAppService; C:\Program Files\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdriverx.sys [258288 2017-05-10] (AVAST Software s.r.o.) R0 aswbidsh; C:\windows\system32\drivers\aswbidshx.sys [148696 2017-05-10] (AVAST Software s.r.o.) R0 aswblog; C:\windows\system32\drivers\aswblogx.sys [268016 2017-05-10] (AVAST Software s.r.o.) R0 aswbuniv; C:\windows\system32\drivers\aswbunivx.sys [41664 2017-05-10] (AVAST Software s.r.o.) S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [34136 2017-05-10] (AVAST Software) R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [31064 2017-05-10] (AVAST Software) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [107928 2017-05-10] (AVAST Software) R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [90336 2017-05-10] (AVAST Software) R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [62152 2017-05-10] (AVAST Software) R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [764576 2017-05-10] (AVAST Software) R1 aswSP; C:\windows\system32\drivers\aswSP.sys [482608 2017-05-10] (AVAST Software) R2 aswStm; C:\windows\system32\drivers\aswStm.sys [114640 2017-05-10] (AVAST Software) R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [279800 2017-05-10] (AVAST Software) S3 ugdirkob; C:\Users\Uzivatel\AppData\Local\Temp\ugdirkob.sys [104960 2017-05-11] (GMER) [File not signed] S3 Andbus; system32\DRIVERS\lgandbus.sys [X] S3 AndDiag; system32\DRIVERS\lganddiag.sys [X] S3 AndGps; system32\DRIVERS\lgandgps.sys [X] S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X] S3 androidusb; System32\Drivers\lgandadb.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-11 23:13 - 2017-05-11 23:14 - 00022901 _____ C:\Users\Uzivatel\Downloads\FRST.txt 2017-05-11 22:23 - 2017-05-11 22:23 - 00371282 _____ C:\Users\Uzivatel\Downloads\gmer.zip 2017-05-11 22:18 - 2017-05-11 23:13 - 00000000 ____D C:\FRST 2017-05-11 22:18 - 2017-05-11 22:18 - 00000000 ____D C:\ProgramData\SWCUTemp 2017-05-11 22:17 - 2017-05-11 22:17 - 01769984 _____ (Farbar) C:\Users\Uzivatel\Downloads\FRST.exe 2017-05-11 22:17 - 2017-05-11 22:17 - 00380928 _____ C:\Users\Uzivatel\Downloads\lp538i8e.exe 2017-05-11 20:55 - 2017-05-11 20:56 - 00003550 _____ C:\Users\Uzivatel\Desktop\Rkill.txt 2017-05-11 20:55 - 2017-05-11 20:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Uzivatel\Downloads\rkill.exe 2017-05-11 07:31 - 2017-05-11 07:31 - 00000000 ____D C:\Program Files\Common Files\Skype 2017-05-10 22:29 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2017-05-10 22:09 - 2017-05-10 22:29 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2017-05-10 22:09 - 2017-05-10 22:09 - 00002091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2017-05-10 22:09 - 2017-05-10 22:09 - 00002079 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2017-05-10 22:09 - 2017-05-10 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2017-05-10 22:09 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\windows\system32\sdnclean.exe 2017-05-10 22:08 - 2017-05-10 22:08 - 00000000 ____D C:\Program Files\Spybot Search and Destroy 2017-05-10 22:06 - 2017-05-10 22:07 - 54095496 _____ ( ) C:\Users\Uzivatel\Downloads\spybot-2.4.exe 2017-05-10 11:51 - 2017-05-10 11:50 - 00330768 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2017-05-06 23:33 - 2017-05-06 23:33 - 00152618 _____ C:\Users\Uzivatel\Downloads\OTL11.Txt 2017-05-06 22:22 - 2017-05-06 22:22 - 00002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-06 22:22 - 2017-05-06 22:22 - 00002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-05-06 22:21 - 2017-05-06 22:21 - 01130328 _____ (Google Inc.) C:\Users\Uzivatel\Downloads\ChromeSetup.exe 2017-05-06 11:08 - 2017-05-06 12:01 - 00000000 ____D C:\Program Files\Mozilla Firefox 2017-05-06 09:34 - 2017-05-06 09:34 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\ESET 2017-05-05 21:49 - 2017-05-05 21:49 - 04102600 _____ C:\Users\Uzivatel\Downloads\adwcleaner_6.046.exe 2017-05-05 21:48 - 2017-05-06 09:36 - 00000000 ____D C:\AdwCleaner 2017-05-03 20:33 - 2017-05-03 20:33 - 00151233 _____ C:\Users\Uzivatel\Downloads\2017_05 Pozvánka 869.pdf 2017-04-22 13:43 - 2017-04-22 13:43 - 00000000 ____D C:\Users\Uzivatel\AppData\LocalLow\uTorrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-11 22:21 - 2009-07-14 06:34 - 00014736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-05-11 22:21 - 2009-07-14 06:34 - 00014736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-05-11 21:39 - 2017-01-22 23:16 - 00000000 ____D C:\Users\Uzivatel\AppData\LocalLow\Mozilla 2017-05-11 21:25 - 2015-09-16 21:23 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\Seznam.cz 2017-05-11 21:20 - 2010-06-07 09:25 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2017-05-11 21:19 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2017-05-11 21:00 - 2012-09-16 19:17 - 00000000 ____D C:\Program Files\Slideshow XL 2017-05-11 07:31 - 2017-03-29 22:08 - 00000000 ___RD C:\Program Files\Skype 2017-05-11 07:31 - 2010-10-10 09:10 - 00000000 ____D C:\ProgramData\Skype 2017-05-11 07:18 - 2010-01-13 02:38 - 00640220 _____ C:\windows\system32\perfh005.dat 2017-05-11 07:18 - 2010-01-13 02:38 - 00127100 _____ C:\windows\system32\perfc005.dat 2017-05-11 07:18 - 2009-07-26 22:06 - 01497710 _____ C:\windows\system32\PerfStringBackup.INI 2017-05-11 07:18 - 2009-07-14 04:37 - 00000000 ____D C:\windows\inf 2017-05-10 23:04 - 2012-08-21 18:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-05-10 22:29 - 2015-12-04 08:48 - 00000000 ____D C:\Program Files\Common Files\AV 2017-05-10 21:53 - 2015-11-08 14:50 - 00000000 ____D C:\Program Files\GustoSoft 2017-05-10 11:50 - 2017-02-10 20:11 - 00268016 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswblogx.sys 2017-05-10 11:50 - 2017-02-10 20:11 - 00258288 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdriverx.sys 2017-05-10 11:50 - 2017-02-10 20:11 - 00148696 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidshx.sys 2017-05-10 11:50 - 2017-02-10 20:11 - 00041664 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbunivx.sys 2017-05-10 11:50 - 2016-04-11 10:48 - 00031064 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys 2017-05-10 11:50 - 2014-04-22 12:27 - 00034136 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys 2017-05-10 11:50 - 2013-12-26 12:23 - 00114640 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2017-05-10 11:50 - 2013-04-07 07:32 - 00279800 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys 2017-05-10 11:50 - 2013-04-07 07:31 - 00062152 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys 2017-05-10 11:50 - 2012-10-22 18:58 - 00090336 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2017-05-10 11:50 - 2011-02-24 17:02 - 00764576 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2017-05-10 11:50 - 2011-02-24 17:02 - 00482608 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2017-05-10 11:50 - 2011-02-24 17:02 - 00107928 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2017-05-06 23:35 - 2012-08-21 18:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-05-06 22:35 - 2012-08-12 21:14 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\pdfforge 2017-05-06 22:23 - 2010-10-08 20:16 - 00000000 ____D C:\Users\Uzivatel\AppData\Roaming\Google 2017-05-06 22:22 - 2012-08-24 22:07 - 00000000 ____D C:\Program Files\Google 2017-05-06 22:22 - 2010-10-08 20:16 - 00000000 ____D C:\Users\Uzivatel\AppData\Local\Google 2017-05-06 22:19 - 2010-06-07 09:38 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-05-06 22:19 - 2010-06-07 09:38 - 00000000 ____D C:\Program Files\Adobe 2017-05-06 22:05 - 2010-01-12 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2017-05-06 22:05 - 2010-01-12 09:14 - 00000000 ____D C:\Program Files\Samsung 2017-05-06 22:05 - 2010-01-12 09:09 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2017-05-06 22:03 - 2010-01-12 09:10 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2017-05-06 13:09 - 2015-09-16 21:39 - 00000000 ____D C:\Users\Uzivatel\Downloads\PDF Creator Plus 2017-05-05 21:53 - 2016-04-11 18:56 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-05-05 21:53 - 2012-08-21 18:52 - 00000979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-05-05 21:53 - 2010-06-07 09:42 - 00001108 _____ C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ==================== Files in the root of some directories ======= 2011-10-23 22:32 - 2011-10-23 22:32 - 0000132 _____ () C:\Users\Uzivatel\AppData\Roaming\Adobe GIF Format CS5 Prefs 2014-01-15 10:25 - 2014-01-18 10:35 - 0000132 _____ () C:\Users\Uzivatel\AppData\Roaming\Adobe PNG Format CS5 Prefs 2015-12-10 10:33 - 2016-02-09 12:30 - 0000045 _____ () C:\Users\Uzivatel\AppData\Roaming\AVSMediaPlayer.m3u 2017-02-12 21:33 - 2017-02-12 21:33 - 0000000 _____ () C:\Users\Uzivatel\AppData\Roaming\VideoPad.dmp 2013-01-20 10:06 - 2013-03-15 09:36 - 0008192 _____ () C:\Users\Uzivatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-04-08 13:15 - 2017-04-08 13:15 - 0004930 _____ () C:\ProgramData\czchsjpj.srw 2010-10-10 09:14 - 2010-10-10 09:14 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2010-06-07 09:39 - 2009-08-17 05:16 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2017-04-08 13:15 - 2017-04-08 13:15 - 0000016 _____ () C:\ProgramData\mntemp 2010-01-12 09:22 - 2010-01-12 09:22 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-01-12 09:20 - 2010-01-12 09:21 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log 2010-01-12 09:16 - 2010-01-12 09:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-01-12 09:21 - 2010-01-12 09:22 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2010-01-12 09:16 - 2010-01-12 09:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-01-12 09:17 - 2010-01-12 09:20 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Some files in TEMP: ==================== 2017-05-11 07:13 - 2017-05-11 07:13 - 4131895 _____ (Napisy24.pl ) C:\Users\Uzivatel\AppData\Local\Temp\Napisy24.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-05-03 21:07 ==================== End of FRST.txt ============================