google chrome plný reklam, pomalý ntb.
Nelze odstranit Omiga-plus a mystartsearch.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by User (administrator) on LENOVO on 14-02-2015 19:23:28
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\SourceApp\updateSourceApp.exe
() C:\Program Files (x86)\SourceApp\bin\utilSourceApp.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2014-09-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2014-09-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-17] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2015-02-14] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-26] (Facebook Inc.)
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [GSplay.exe] => C:\Users\User\Desktop\GSplay.exe [4772747 2014-03-12] ()
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {a6035aad-8526-11e4-be97-24fd52f0895d} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {ce58a4e0-aa2a-11e4-bea6-24fd52f0895d} - "D:\OriginInstaller.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... LHDM1LHDM1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... LHDM1LHDM1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type ... earchTerms}
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... LHDM1LHDM1
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type ... earchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
SearchScopes: HKU\S-1-5-21-3167516336-1972922022-304781140-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_s ... earchTerms}
SearchScopes: HKU\S-1-5-21-3167516336-1972922022-304781140-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_s ... earchTerms}
SearchScopes: HKU\S-1-5-21-3167516336-1972922022-304781140-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_s ... earchTerms}
SearchScopes: HKU\S-1-5-21-3167516336-1972922022-304781140-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_s ... earchTerms}
SearchScopes: HKU\S-1-5-21-3167516336-1972922022-304781140-1001 -> {C620DA7D-4C9D-4348-B20D-967773915BCE} URL = http://www.mystartsearch.com/web/?utm_s ... earchTerms}
SearchScopes: HKU\S-1-5-21-3167516336-1972922022-304781140-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_s ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: SourceApp 1.0.0.7 -> {9f7ab9c4-4da3-440e-ba84-95903165f129} -> C:\Program Files (x86)\SourceApp\SourceAppbho.dll (SourceApp)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc& ... LHDM1LHDM1
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3167516336-1972922022-304781140-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-14]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... LHDM1LHDM1
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... LHDM1LHDM1"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-13]
CHR Extension: (Dokumenty Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-13]
CHR Extension: (Disk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-13]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-13]
CHR Extension: (Vyhledávání Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-13]
CHR Extension: (Tabulky Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-13]
CHR Extension: (MSN Homepage) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2014-12-02]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-14]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-02]
CHR Extension: (SourceApp) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdojgmfmcidllmgoijgibijfoahboeok [2015-02-01]
CHR Extension: (Ask Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2014-12-06]
CHR Extension: (iLivid) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2014-12-06]
CHR Extension: (Peněženka Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-13]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-13]
CHR HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-14] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-15] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-15] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-02] (Intel Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 Update SourceApp; C:\Program Files (x86)\SourceApp\updateSourceApp.exe [403184 2015-02-14] ()
R2 Util SourceApp; C:\Program Files (x86)\SourceApp\bin\utilSourceApp.exe [403184 2015-02-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-01] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-01] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-14] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-14] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-14] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-01] (Disc Soft Ltd)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-01] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R1 {4f8c067a-e55a-4229-81e6-7be1491578a2}Gw64; C:\Windows\System32\drivers\{4f8c067a-e55a-4229-81e6-7be1491578a2}Gw64.sys [48784 2015-02-01] (StdLib)
R1 {b84422ed-9d09-458b-b9c8-bb808a96177d}Gw64; C:\Windows\System32\drivers\{b84422ed-9d09-458b-b9c8-bb808a96177d}Gw64.sys [48784 2015-02-02] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 19:23 - 2015-02-14 19:23 - 00023480 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-14 19:22 - 2015-02-14 19:23 - 01222144 _____ () C:\Users\User\Desktop\RSITx64.exe
2015-02-14 19:21 - 2015-02-14 19:23 - 00000000 ____D () C:\FRST
2015-02-14 19:19 - 2015-02-14 19:20 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2015-02-14 19:19 - 2015-02-14 19:19 - 02134528 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe
2015-02-14 19:18 - 2015-02-14 19:18 - 02134528 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-02-14 19:14 - 2015-02-14 19:14 - 00045568 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-14 19:14 - 2015-02-14 19:14 - 00000149 _____ () C:\WINDOWS\setupact.log
2015-02-14 19:14 - 2015-02-14 19:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-14 19:10 - 2015-02-14 19:10 - 00003144 _____ () C:\WINDOWS\System32\Tasks\{B42F526E-E835-43D9-B7D2-8298529DB9B6}
2015-02-14 18:54 - 2015-02-14 18:54 - 00001987 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-14 18:54 - 2015-02-14 18:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2015-02-14 18:54 - 2015-02-14 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-14 18:53 - 2015-02-14 18:54 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-14 18:53 - 2015-02-14 18:53 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1423936426609
2015-02-14 18:53 - 2015-02-14 18:53 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-14 18:53 - 2015-02-14 18:53 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.1423936428281
2015-02-14 18:53 - 2015-02-14 18:53 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-14 18:53 - 2015-02-14 18:53 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-14 18:52 - 2015-02-14 18:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-14 18:51 - 2015-02-14 18:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-14 18:50 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2015-02-14 18:47 - 2015-02-14 18:47 - 00002014 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-02-14 18:47 - 2015-02-14 18:47 - 00000000 ____D () C:\ProgramData\Lenovo
2015-02-14 18:36 - 2015-02-14 18:36 - 00002770 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-14 18:36 - 2015-02-14 18:36 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-14 18:36 - 2015-02-14 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-14 18:35 - 2015-02-14 18:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-14 18:31 - 2015-02-14 18:37 - 132469808 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup.exe
2015-02-13 15:02 - 2015-02-13 15:02 - 00000000 ____D () C:\Users\User\Documents\My Curse
2015-02-13 03:50 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 03:50 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 17:42 - 2015-02-12 17:42 - 00000828 _____ () C:\Users\User\Desktop\Dying Light.lnk
2015-02-12 17:42 - 2015-02-12 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2015-02-12 07:02 - 2015-02-12 07:02 - 00000000 ____D () C:\Users\User\Documents\DyingLight
2015-02-12 07:02 - 2015-02-12 07:02 - 00000000 ____D () C:\ProgramData\Steam
2015-02-11 21:17 - 2015-02-11 22:22 - 00000000 ____D () C:\Users\User\Downloads\Dying Light by xatab
2015-02-11 19:48 - 2015-02-14 10:44 - 00000000 ____D () C:\Users\User\AppData\Local\NFS Underground 2
2015-02-11 19:44 - 2015-02-13 23:32 - 00000000 ____D () C:\Users\User\Desktop\Need for Speed Underground 2
2015-02-11 17:29 - 2015-02-11 17:29 - 00001765 _____ () C:\Users\Public\Desktop\Webium's Modpack.lnk
2015-02-11 17:29 - 2015-02-11 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webium's modpack
2015-02-11 11:48 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 11:48 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 11:48 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 11:48 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 11:48 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 11:48 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 11:48 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 11:48 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 11:48 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 11:48 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 11:48 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 11:48 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 11:48 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 11:48 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 11:48 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 11:48 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 11:48 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 11:48 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 11:48 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 11:48 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 11:48 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 11:48 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 11:48 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 11:48 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 11:48 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 11:48 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 11:47 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 11:47 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 11:47 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 11:47 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 11:47 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 11:47 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 11:47 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 11:47 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 11:47 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 11:47 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 11:47 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 11:47 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 11:47 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 11:47 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 11:47 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 11:47 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 11:47 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 11:47 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 11:47 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 11:47 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 11:47 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 11:47 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 11:47 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 11:47 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 11:47 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 11:47 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 11:47 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 11:47 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 11:47 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 11:47 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 11:47 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 11:47 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 11:47 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 11:47 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 11:47 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 11:47 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 11:47 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 11:47 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 11:47 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-07 13:08 - 2015-02-14 18:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Curse Client
2015-02-07 13:08 - 2015-02-07 13:08 - 00001085 _____ () C:\Users\User\Desktop\Curse.lnk
2015-02-07 13:08 - 2015-02-07 13:08 - 00001071 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2015-02-07 13:08 - 2015-02-07 13:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\Curse
2015-02-07 12:57 - 2015-02-07 12:57 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2015-02-03 07:19 - 2015-02-02 18:46 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{b84422ed-9d09-458b-b9c8-bb808a96177d}Gw64.sys
2015-02-02 10:49 - 2015-02-02 10:49 - 00000000 ____D () C:\ProgramData\Origin
2015-02-02 10:25 - 2015-02-12 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-02 10:25 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2015-02-01 17:27 - 2015-02-01 03:48 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{4f8c067a-e55a-4229-81e6-7be1491578a2}Gw64.sys
2015-02-01 17:22 - 2015-02-14 19:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\mystartsearch
2015-02-01 17:21 - 2015-02-14 18:43 - 00000000 ____D () C:\Program Files (x86)\SourceApp
2015-02-01 17:20 - 2015-02-14 18:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2015-02-01 17:20 - 2015-02-01 17:20 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2015-02-01 17:20 - 2015-02-01 17:20 - 00001969 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-02-01 17:20 - 2015-02-01 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-02-01 17:19 - 2015-02-01 17:20 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2015-02-01 17:17 - 2015-02-02 10:11 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-02-01 17:06 - 2015-02-01 20:34 - 00000000 ____D () C:\Users\User\Downloads\Need.For.Speed.Rivals-RELOADED
2015-02-01 11:49 - 2015-02-01 17:24 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-02-01 11:49 - 2015-02-01 17:24 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-02-01 11:49 - 2015-02-01 11:49 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-02-01 11:48 - 2015-02-14 19:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\omiga-plus
2015-02-01 11:48 - 2015-02-01 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-01 11:48 - 2015-02-01 11:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-31 14:44 - 2015-01-31 14:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG
2015-01-31 14:44 - 2015-01-31 14:44 - 00000000 ____D () C:\Users\User\AppData\Local\Avg
2015-01-31 14:44 - 2015-01-31 14:44 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-31 14:43 - 2015-01-31 14:45 - 00000000 ____D () C:\ProgramData\AVG
2015-01-31 14:42 - 2015-02-14 18:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2015-01-31 14:42 - 2015-01-31 14:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\OpenCandy
2015-01-31 14:42 - 2015-01-31 14:42 - 00000000 ____D () C:\ProgramData\APN
2015-01-25 18:15 - 2015-01-25 18:15 - 00000000 ____D () C:\Users\User\AppData\Local\Caphyon
2015-01-25 18:15 - 2015-01-25 18:15 - 00000000 ____D () C:\res_mods
2015-01-25 17:20 - 2015-01-25 17:20 - 00003116 _____ () C:\WINDOWS\System32\Tasks\{C0A64AFA-7087-403D-996B-D97A9381A4BA}
2015-01-18 12:29 - 2015-01-18 12:29 - 00000788 _____ () C:\Users\User\Desktop\World of Tanks.lnk
2015-01-18 12:29 - 2015-01-18 12:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 19:14 - 2014-10-26 15:09 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001UA.job
2015-02-14 19:13 - 2014-09-13 03:51 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 19:08 - 2014-12-01 21:31 - 01859330 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-14 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-14 18:59 - 2014-12-01 12:05 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-14 18:59 - 2014-09-13 03:53 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-14 18:47 - 2014-09-19 17:49 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3167516336-1972922022-304781140-1001
2015-02-14 18:47 - 2014-09-08 14:56 - 00000000 ____D () C:\Users\User\AppData\Local\LSC
2015-02-14 18:47 - 2014-09-06 18:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-02-14 18:47 - 2014-09-06 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-02-14 18:47 - 2014-09-06 18:00 - 00000000 ____D () C:\Program Files\Lenovo
2015-02-14 18:46 - 2014-09-06 18:00 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-02-14 18:43 - 2014-09-13 03:51 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 18:42 - 2014-09-06 18:06 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-14 18:42 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 18:41 - 2014-09-06 19:36 - 10391844 _____ () C:\Users\Public\CAFADEBUG.log
2015-02-14 18:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-14 18:40 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-14 18:38 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-02-14 18:23 - 2014-12-02 12:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-14 18:21 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-14 17:50 - 2014-12-02 12:48 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7BCCE261-5287-49B3-B1BE-D7C758B0E9F1}
2015-02-14 07:14 - 2014-10-26 15:09 - 00000916 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001Core.job
2015-02-13 06:32 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 17:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 17:46 - 2014-12-18 19:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-02-12 17:46 - 2014-09-15 03:50 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-02-12 16:45 - 2014-09-15 03:50 - 00000000 ____D () C:\Games
2015-02-12 07:27 - 2014-09-14 08:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 07:20 - 2014-09-14 08:47 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 06:59 - 2013-08-22 15:44 - 00346256 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 17:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 15:11 - 2014-09-24 17:23 - 01749406 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-11 15:11 - 2014-09-24 16:39 - 00740946 _____ () C:\WINDOWS\system32\perfh005.dat
2015-02-11 15:11 - 2014-09-24 16:39 - 00152150 _____ () C:\WINDOWS\system32\perfc005.dat
2015-02-11 11:06 - 2014-11-24 20:00 - 00000000 ____D () C:\Users\User\Desktop\všechno
2015-02-08 19:18 - 2014-09-26 12:06 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2015-02-06 13:17 - 2014-09-13 03:52 - 00002428 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 07:08 - 2014-09-13 03:51 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 07:08 - 2014-09-13 03:51 - 00003656 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 15:37 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-02-03 20:31 - 2014-12-12 12:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-12 12:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 02:29 - 2015-01-01 23:59 - 00000000 ____D () C:\Users\User\Downloads\xD
2015-02-01 18:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-02-01 17:22 - 2014-12-01 21:33 - 00001647 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-01 14:48 - 2014-09-06 19:11 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-01-30 09:20 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-01-18 13:52 - 2014-11-24 19:58 - 00000000 ____D () C:\Users\User\GSplay
==================== Files in the root of some directories =======
2014-09-08 14:48 - 2014-09-08 14:48 - 0003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage
2014-09-06 17:55 - 2014-09-06 17:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\0311171423935480mcinst.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001Core.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001UA.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\User\Desktop" je 1787 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
nežádoucí reklamy, prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
nežádoucí reklamy, prosím o kontrolu
- Přílohy
-
- log.rar
- (24.33 KiB) Staženo 62 x
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: nežádoucí reklamy, prosím o kontrolu
Zdravím!
Spusťte nejprve tuto utilitu:
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: nežádoucí reklamy, prosím o kontrolu
# AdwCleaner v4.110 - Logfile created 14/02/2015 at 19:58:14
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : User - LENOVO
# Running from : C:\Users\User\Desktop\adwcleaner_4.110.exe
# Option : Cleaning
***** [ Services ] *****
Service Deleted : IHProtect Service
[#] Service Deleted : Update SourceApp
[#] Service Deleted : Util SourceApp
Service Deleted : {4f8c067a-e55a-4229-81e6-7be1491578a2}Gw64
Service Deleted : {b84422ed-9d09-458b-b9c8-bb808a96177d}Gw64
Service Deleted : {baa74904-cbb6-4a19-900b-b8cb1e551476}Gw64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\Program Files (x86)\XTab
[!] Folder Deleted : C:\Program Files (x86)\SourceApp
[!] Folder Deleted : C:\Program Files (x86)\SourceApp
Folder Deleted : C:\Users\User\AppData\Local\Temp\apn
Folder Deleted : C:\Users\User\AppData\Roaming\omiga-plus
Folder Deleted : C:\Users\User\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\User\AppData\Roaming\mystartsearch
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf
File Deleted : C:\WINDOWS\System32\drivers\{4f8c067a-e55a-4229-81e6-7be1491578a2}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{b84422ed-9d09-458b-b9c8-bb808a96177d}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{baa74904-cbb6-4a19-900b-b8cb1e551476}Gw64.sys
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searches.vi-view.com_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searches.vi-view.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update SourceApp
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util SourceApp
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{989191AC-28FF-4CF0-9584-E0D078BC2396}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1B74BE8-E593-4EB8-BF9E-AC2BBE4B1BEB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7e25cc08-8611-435a-bed7-60dd82b4fde5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{989191AC-28FF-4CF0-9584-E0D078BC2396}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1B74BE8-E593-4EB8-BF9E-AC2BBE4B1BEB}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C620DA7D-4C9D-4348-B20D-967773915BCE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\SourceApp
Key Deleted : HKLM\SOFTWARE\omiga-plusSoftware
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\SourceApp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SourceApp
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v40.0.2214.111
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts ... earchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts ... earchTerms}
*************************
AdwCleaner[R0].txt - [10647 bytes] - [14/02/2015 19:55:54]
AdwCleaner[S0].txt - [8660 bytes] - [14/02/2015 19:58:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8719 bytes] ##########
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : User - LENOVO
# Running from : C:\Users\User\Desktop\adwcleaner_4.110.exe
# Option : Cleaning
***** [ Services ] *****
Service Deleted : IHProtect Service
[#] Service Deleted : Update SourceApp
[#] Service Deleted : Util SourceApp
Service Deleted : {4f8c067a-e55a-4229-81e6-7be1491578a2}Gw64
Service Deleted : {b84422ed-9d09-458b-b9c8-bb808a96177d}Gw64
Service Deleted : {baa74904-cbb6-4a19-900b-b8cb1e551476}Gw64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\Program Files (x86)\XTab
[!] Folder Deleted : C:\Program Files (x86)\SourceApp
[!] Folder Deleted : C:\Program Files (x86)\SourceApp
Folder Deleted : C:\Users\User\AppData\Local\Temp\apn
Folder Deleted : C:\Users\User\AppData\Roaming\omiga-plus
Folder Deleted : C:\Users\User\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\User\AppData\Roaming\mystartsearch
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf
File Deleted : C:\WINDOWS\System32\drivers\{4f8c067a-e55a-4229-81e6-7be1491578a2}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{b84422ed-9d09-458b-b9c8-bb808a96177d}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{baa74904-cbb6-4a19-900b-b8cb1e551476}Gw64.sys
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searches.vi-view.com_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searches.vi-view.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update SourceApp
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util SourceApp
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{989191AC-28FF-4CF0-9584-E0D078BC2396}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1B74BE8-E593-4EB8-BF9E-AC2BBE4B1BEB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7e25cc08-8611-435a-bed7-60dd82b4fde5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{989191AC-28FF-4CF0-9584-E0D078BC2396}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1B74BE8-E593-4EB8-BF9E-AC2BBE4B1BEB}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C620DA7D-4C9D-4348-B20D-967773915BCE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\SourceApp
Key Deleted : HKLM\SOFTWARE\omiga-plusSoftware
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\SourceApp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SourceApp
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v40.0.2214.111
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts ... earchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts ... earchTerms}
*************************
AdwCleaner[R0].txt - [10647 bytes] - [14/02/2015 19:55:54]
AdwCleaner[S0].txt - [8660 bytes] - [14/02/2015 19:58:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8719 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: nežádoucí reklamy, prosím o kontrolu
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: nežádoucí reklamy, prosím o kontrolu
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by User (administrator) on LENOVO on 14-02-2015 20:22:23
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2014-09-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2014-09-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-17] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-14] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-26] (Facebook Inc.)
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [GSplay.exe] => C:\Users\User\Desktop\GSplay.exe [4772747 2014-03-12] ()
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {a6035aad-8526-11e4-be97-24fd52f0895d} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {ce58a4e0-aa2a-11e4-bea6-24fd52f0895d} - "D:\OriginInstaller.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3167516336-1972922022-304781140-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-14]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... LHDM1LHDM1
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... LHDM1LHDM1"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-13]
CHR Extension: (Dokumenty Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-13]
CHR Extension: (Disk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-13]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-13]
CHR Extension: (Vyhledávání Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-13]
CHR Extension: (Tabulky Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-13]
CHR Extension: (MSN Homepage) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2014-12-02]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-14]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-02]
CHR Extension: (SourceApp) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdojgmfmcidllmgoijgibijfoahboeok [2015-02-01]
CHR Extension: (Peněženka Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-13]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-13]
CHR HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-14] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-15] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-15] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-01] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-01] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-14] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-01] (Disc Soft Ltd)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-01] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 20:22 - 2015-02-14 20:22 - 00017373 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-14 20:21 - 2015-02-14 20:21 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2015-02-14 19:59 - 2015-02-14 19:59 - 00000562 _____ () C:\WINDOWS\PFRO.log
2015-02-14 19:55 - 2015-02-14 19:58 - 00000000 ____D () C:\AdwCleaner
2015-02-14 19:54 - 2015-02-14 19:54 - 02112512 _____ () C:\Users\User\Desktop\adwcleaner_4.110.exe
2015-02-14 19:26 - 2015-02-14 19:26 - 00000000 ____D () C:\rsit
2015-02-14 19:26 - 2015-02-14 19:26 - 00000000 ____D () C:\Program Files\trend micro
2015-02-14 19:22 - 2015-02-14 19:23 - 01222144 _____ () C:\Users\User\Desktop\RSITx64.exe
2015-02-14 19:21 - 2015-02-14 20:22 - 00000000 ____D () C:\FRST
2015-02-14 19:19 - 2015-02-14 19:19 - 02134528 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe
2015-02-14 19:18 - 2015-02-14 19:18 - 02134528 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-02-14 19:14 - 2015-02-14 20:20 - 00001317 _____ () C:\WINDOWS\setupact.log
2015-02-14 19:14 - 2015-02-14 19:14 - 00045568 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-14 19:14 - 2015-02-14 19:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-14 19:10 - 2015-02-14 19:10 - 00003144 _____ () C:\WINDOWS\System32\Tasks\{B42F526E-E835-43D9-B7D2-8298529DB9B6}
2015-02-14 18:54 - 2015-02-14 18:54 - 00001987 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-14 18:54 - 2015-02-14 18:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2015-02-14 18:54 - 2015-02-14 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-14 18:53 - 2015-02-14 18:54 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-14 18:53 - 2015-02-14 18:53 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-14 18:53 - 2015-02-14 18:53 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-14 18:53 - 2015-02-14 18:53 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-14 18:52 - 2015-02-14 18:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-14 18:51 - 2015-02-14 18:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-14 18:50 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2015-02-14 18:47 - 2015-02-14 18:47 - 00002014 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-02-14 18:47 - 2015-02-14 18:47 - 00000000 ____D () C:\ProgramData\Lenovo
2015-02-14 18:36 - 2015-02-14 18:36 - 00002770 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-14 18:36 - 2015-02-14 18:36 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-14 18:36 - 2015-02-14 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-14 18:35 - 2015-02-14 18:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-14 18:31 - 2015-02-14 18:37 - 132469808 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup.exe
2015-02-13 15:02 - 2015-02-13 15:02 - 00000000 ____D () C:\Users\User\Documents\My Curse
2015-02-13 03:50 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 03:50 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 17:42 - 2015-02-12 17:42 - 00000828 _____ () C:\Users\User\Desktop\Dying Light.lnk
2015-02-12 17:42 - 2015-02-12 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2015-02-12 07:02 - 2015-02-12 07:02 - 00000000 ____D () C:\Users\User\Documents\DyingLight
2015-02-12 07:02 - 2015-02-12 07:02 - 00000000 ____D () C:\ProgramData\Steam
2015-02-11 21:17 - 2015-02-11 22:22 - 00000000 ____D () C:\Users\User\Downloads\Dying Light by xatab
2015-02-11 19:48 - 2015-02-14 10:44 - 00000000 ____D () C:\Users\User\AppData\Local\NFS Underground 2
2015-02-11 19:44 - 2015-02-13 23:32 - 00000000 ____D () C:\Users\User\Desktop\Need for Speed Underground 2
2015-02-11 17:29 - 2015-02-11 17:29 - 00001765 _____ () C:\Users\Public\Desktop\Webium's Modpack.lnk
2015-02-11 17:29 - 2015-02-11 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webium's modpack
2015-02-11 11:48 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 11:48 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 11:48 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 11:48 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 11:48 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 11:48 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 11:48 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 11:48 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 11:48 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 11:48 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 11:48 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 11:48 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 11:48 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 11:48 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 11:48 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 11:48 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 11:48 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 11:48 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 11:48 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 11:48 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 11:48 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 11:48 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 11:48 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 11:48 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 11:48 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 11:48 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 11:47 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 11:47 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 11:47 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 11:47 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 11:47 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 11:47 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 11:47 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 11:47 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 11:47 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 11:47 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 11:47 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 11:47 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 11:47 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 11:47 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 11:47 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 11:47 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 11:47 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 11:47 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 11:47 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 11:47 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 11:47 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 11:47 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 11:47 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 11:47 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 11:47 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 11:47 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 11:47 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 11:47 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 11:47 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 11:47 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 11:47 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 11:47 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 11:47 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 11:47 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 11:47 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 11:47 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 11:47 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 11:47 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 11:47 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-07 13:08 - 2015-02-14 18:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Curse Client
2015-02-07 13:08 - 2015-02-07 13:08 - 00001085 _____ () C:\Users\User\Desktop\Curse.lnk
2015-02-07 13:08 - 2015-02-07 13:08 - 00001071 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2015-02-07 13:08 - 2015-02-07 13:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\Curse
2015-02-07 12:57 - 2015-02-07 12:57 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2015-02-02 10:49 - 2015-02-02 10:49 - 00000000 ____D () C:\ProgramData\Origin
2015-02-02 10:25 - 2015-02-12 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-02 10:25 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2015-02-01 17:21 - 2015-02-14 19:58 - 00000000 ____D () C:\Program Files (x86)\SourceApp
2015-02-01 17:20 - 2015-02-14 18:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2015-02-01 17:20 - 2015-02-01 17:20 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2015-02-01 17:20 - 2015-02-01 17:20 - 00001969 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-02-01 17:20 - 2015-02-01 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-02-01 17:19 - 2015-02-01 17:20 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2015-02-01 17:17 - 2015-02-02 10:11 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-02-01 17:06 - 2015-02-01 20:34 - 00000000 ____D () C:\Users\User\Downloads\Need.For.Speed.Rivals-RELOADED
2015-02-01 11:48 - 2015-02-01 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-01 11:48 - 2015-02-01 11:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-31 14:44 - 2015-01-31 14:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG
2015-01-31 14:44 - 2015-01-31 14:44 - 00000000 ____D () C:\Users\User\AppData\Local\Avg
2015-01-31 14:44 - 2015-01-31 14:44 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-31 14:43 - 2015-01-31 14:45 - 00000000 ____D () C:\ProgramData\AVG
2015-01-31 14:42 - 2015-02-14 18:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2015-01-25 18:15 - 2015-01-25 18:15 - 00000000 ____D () C:\Users\User\AppData\Local\Caphyon
2015-01-25 18:15 - 2015-01-25 18:15 - 00000000 ____D () C:\res_mods
2015-01-25 17:20 - 2015-01-25 17:20 - 00003116 _____ () C:\WINDOWS\System32\Tasks\{C0A64AFA-7087-403D-996B-D97A9381A4BA}
2015-01-18 12:29 - 2015-01-18 12:29 - 00000788 _____ () C:\Users\User\Desktop\World of Tanks.lnk
2015-01-18 12:29 - 2015-01-18 12:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 20:22 - 2014-12-01 21:31 - 01059933 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-14 20:17 - 2014-09-24 17:23 - 01749406 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-14 20:17 - 2014-09-24 16:39 - 00740946 _____ () C:\WINDOWS\system32\perfh005.dat
2015-02-14 20:17 - 2014-09-24 16:39 - 00152150 _____ () C:\WINDOWS\system32\perfc005.dat
2015-02-14 20:14 - 2014-09-19 17:49 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3167516336-1972922022-304781140-1001
2015-02-14 20:13 - 2014-09-13 03:51 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 20:10 - 2014-09-13 03:51 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 20:09 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 20:08 - 2014-09-06 19:36 - 10422026 _____ () C:\Users\Public\CAFADEBUG.log
2015-02-14 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-14 19:58 - 2014-12-01 21:33 - 00000986 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-14 19:58 - 2014-09-13 03:52 - 00001313 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 19:58 - 2014-09-13 03:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-14 19:44 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-02-14 19:14 - 2014-10-26 15:09 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001UA.job
2015-02-14 18:59 - 2014-12-01 12:05 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-14 18:59 - 2014-09-13 03:53 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-14 18:47 - 2014-09-08 14:56 - 00000000 ____D () C:\Users\User\AppData\Local\LSC
2015-02-14 18:47 - 2014-09-06 18:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-02-14 18:47 - 2014-09-06 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-02-14 18:47 - 2014-09-06 18:00 - 00000000 ____D () C:\Program Files\Lenovo
2015-02-14 18:46 - 2014-09-06 18:00 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-02-14 18:42 - 2014-09-06 18:06 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-14 18:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-14 18:40 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-14 18:38 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-02-14 18:23 - 2014-12-02 12:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-14 18:21 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-14 17:50 - 2014-12-02 12:48 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7BCCE261-5287-49B3-B1BE-D7C758B0E9F1}
2015-02-14 07:14 - 2014-10-26 15:09 - 00000916 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001Core.job
2015-02-13 06:32 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 17:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 17:46 - 2014-12-18 19:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-02-12 17:46 - 2014-09-15 03:50 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-02-12 16:45 - 2014-09-15 03:50 - 00000000 ____D () C:\Games
2015-02-12 07:27 - 2014-09-14 08:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 07:20 - 2014-09-14 08:47 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 06:59 - 2013-08-22 15:44 - 00346256 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 17:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 11:06 - 2014-11-24 20:00 - 00000000 ____D () C:\Users\User\Desktop\všechno
2015-02-08 19:18 - 2014-09-26 12:06 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2015-02-05 07:08 - 2014-09-13 03:51 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 07:08 - 2014-09-13 03:51 - 00003656 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2014-12-12 12:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-12 12:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 02:29 - 2015-01-01 23:59 - 00000000 ____D () C:\Users\User\Downloads\xD
2015-02-01 18:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-02-01 14:48 - 2014-09-06 19:11 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-01-30 09:20 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-01-18 13:52 - 2014-11-24 19:58 - 00000000 ____D () C:\Users\User\GSplay
==================== Files in the root of some directories =======
2014-09-08 14:48 - 2014-09-08 14:48 - 0003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage
2014-09-06 17:55 - 2014-09-06 17:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001Core.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001UA.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\User\Desktop" je 1789 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by User (administrator) on LENOVO on 14-02-2015 20:22:23
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2014-09-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2014-09-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-17] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-14] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-26] (Facebook Inc.)
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [GSplay.exe] => C:\Users\User\Desktop\GSplay.exe [4772747 2014-03-12] ()
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {a6035aad-8526-11e4-be97-24fd52f0895d} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {ce58a4e0-aa2a-11e4-bea6-24fd52f0895d} - "D:\OriginInstaller.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3167516336-1972922022-304781140-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-14]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... LHDM1LHDM1
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... LHDM1LHDM1"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-13]
CHR Extension: (Dokumenty Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-13]
CHR Extension: (Disk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-13]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-13]
CHR Extension: (Vyhledávání Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-13]
CHR Extension: (Tabulky Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-13]
CHR Extension: (MSN Homepage) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2014-12-02]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-14]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-02]
CHR Extension: (SourceApp) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdojgmfmcidllmgoijgibijfoahboeok [2015-02-01]
CHR Extension: (Peněženka Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-13]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-13]
CHR HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-14] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-15] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-15] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-01] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-01] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-14] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-01] (Disc Soft Ltd)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-01] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 20:22 - 2015-02-14 20:22 - 00017373 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-14 20:21 - 2015-02-14 20:21 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2015-02-14 19:59 - 2015-02-14 19:59 - 00000562 _____ () C:\WINDOWS\PFRO.log
2015-02-14 19:55 - 2015-02-14 19:58 - 00000000 ____D () C:\AdwCleaner
2015-02-14 19:54 - 2015-02-14 19:54 - 02112512 _____ () C:\Users\User\Desktop\adwcleaner_4.110.exe
2015-02-14 19:26 - 2015-02-14 19:26 - 00000000 ____D () C:\rsit
2015-02-14 19:26 - 2015-02-14 19:26 - 00000000 ____D () C:\Program Files\trend micro
2015-02-14 19:22 - 2015-02-14 19:23 - 01222144 _____ () C:\Users\User\Desktop\RSITx64.exe
2015-02-14 19:21 - 2015-02-14 20:22 - 00000000 ____D () C:\FRST
2015-02-14 19:19 - 2015-02-14 19:19 - 02134528 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe
2015-02-14 19:18 - 2015-02-14 19:18 - 02134528 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-02-14 19:14 - 2015-02-14 20:20 - 00001317 _____ () C:\WINDOWS\setupact.log
2015-02-14 19:14 - 2015-02-14 19:14 - 00045568 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-02-14 19:14 - 2015-02-14 19:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-14 19:10 - 2015-02-14 19:10 - 00003144 _____ () C:\WINDOWS\System32\Tasks\{B42F526E-E835-43D9-B7D2-8298529DB9B6}
2015-02-14 18:54 - 2015-02-14 18:54 - 00001987 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-14 18:54 - 2015-02-14 18:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2015-02-14 18:54 - 2015-02-14 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-14 18:53 - 2015-02-14 18:54 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-14 18:53 - 2015-02-14 18:53 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-14 18:53 - 2015-02-14 18:53 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-14 18:53 - 2015-02-14 18:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-14 18:53 - 2015-02-14 18:53 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-14 18:52 - 2015-02-14 18:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-14 18:51 - 2015-02-14 18:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-14 18:50 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2015-02-14 18:47 - 2015-02-14 18:47 - 00002014 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-02-14 18:47 - 2015-02-14 18:47 - 00000000 ____D () C:\ProgramData\Lenovo
2015-02-14 18:36 - 2015-02-14 18:36 - 00002770 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-14 18:36 - 2015-02-14 18:36 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-14 18:36 - 2015-02-14 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-14 18:35 - 2015-02-14 18:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-14 18:31 - 2015-02-14 18:37 - 132469808 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup.exe
2015-02-13 15:02 - 2015-02-13 15:02 - 00000000 ____D () C:\Users\User\Documents\My Curse
2015-02-13 03:50 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 03:50 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 17:42 - 2015-02-12 17:42 - 00000828 _____ () C:\Users\User\Desktop\Dying Light.lnk
2015-02-12 17:42 - 2015-02-12 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2015-02-12 07:02 - 2015-02-12 07:02 - 00000000 ____D () C:\Users\User\Documents\DyingLight
2015-02-12 07:02 - 2015-02-12 07:02 - 00000000 ____D () C:\ProgramData\Steam
2015-02-11 21:17 - 2015-02-11 22:22 - 00000000 ____D () C:\Users\User\Downloads\Dying Light by xatab
2015-02-11 19:48 - 2015-02-14 10:44 - 00000000 ____D () C:\Users\User\AppData\Local\NFS Underground 2
2015-02-11 19:44 - 2015-02-13 23:32 - 00000000 ____D () C:\Users\User\Desktop\Need for Speed Underground 2
2015-02-11 17:29 - 2015-02-11 17:29 - 00001765 _____ () C:\Users\Public\Desktop\Webium's Modpack.lnk
2015-02-11 17:29 - 2015-02-11 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webium's modpack
2015-02-11 11:48 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 11:48 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 11:48 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 11:48 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 11:48 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 11:48 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 11:48 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 11:48 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 11:48 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 11:48 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 11:48 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 11:48 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 11:48 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 11:48 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 11:48 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 11:48 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 11:48 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 11:48 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 11:48 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 11:48 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 11:48 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 11:48 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 11:48 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 11:48 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 11:48 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 11:48 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 11:47 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 11:47 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 11:47 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 11:47 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 11:47 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 11:47 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 11:47 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 11:47 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 11:47 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 11:47 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 11:47 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 11:47 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 11:47 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 11:47 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 11:47 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 11:47 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 11:47 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 11:47 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 11:47 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 11:47 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 11:47 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 11:47 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 11:47 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 11:47 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 11:47 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 11:47 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 11:47 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 11:47 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 11:47 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 11:47 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 11:47 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 11:47 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 11:47 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 11:47 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 11:47 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 11:47 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 11:47 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 11:47 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 11:47 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-07 13:08 - 2015-02-14 18:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Curse Client
2015-02-07 13:08 - 2015-02-07 13:08 - 00001085 _____ () C:\Users\User\Desktop\Curse.lnk
2015-02-07 13:08 - 2015-02-07 13:08 - 00001071 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2015-02-07 13:08 - 2015-02-07 13:08 - 00000000 ____D () C:\Users\User\AppData\Roaming\Curse
2015-02-07 12:57 - 2015-02-07 12:57 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2015-02-02 10:49 - 2015-02-02 10:49 - 00000000 ____D () C:\ProgramData\Origin
2015-02-02 10:25 - 2015-02-12 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-02 10:25 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2015-02-02 10:25 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2015-02-01 17:21 - 2015-02-14 19:58 - 00000000 ____D () C:\Program Files (x86)\SourceApp
2015-02-01 17:20 - 2015-02-14 18:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2015-02-01 17:20 - 2015-02-01 17:20 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2015-02-01 17:20 - 2015-02-01 17:20 - 00001969 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-02-01 17:20 - 2015-02-01 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-02-01 17:19 - 2015-02-01 17:20 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2015-02-01 17:17 - 2015-02-02 10:11 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-02-01 17:06 - 2015-02-01 20:34 - 00000000 ____D () C:\Users\User\Downloads\Need.For.Speed.Rivals-RELOADED
2015-02-01 11:48 - 2015-02-01 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-01 11:48 - 2015-02-01 11:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-31 14:44 - 2015-01-31 14:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG
2015-01-31 14:44 - 2015-01-31 14:44 - 00000000 ____D () C:\Users\User\AppData\Local\Avg
2015-01-31 14:44 - 2015-01-31 14:44 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-31 14:43 - 2015-01-31 14:45 - 00000000 ____D () C:\ProgramData\AVG
2015-01-31 14:42 - 2015-02-14 18:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2015-01-25 18:15 - 2015-01-25 18:15 - 00000000 ____D () C:\Users\User\AppData\Local\Caphyon
2015-01-25 18:15 - 2015-01-25 18:15 - 00000000 ____D () C:\res_mods
2015-01-25 17:20 - 2015-01-25 17:20 - 00003116 _____ () C:\WINDOWS\System32\Tasks\{C0A64AFA-7087-403D-996B-D97A9381A4BA}
2015-01-18 12:29 - 2015-01-18 12:29 - 00000788 _____ () C:\Users\User\Desktop\World of Tanks.lnk
2015-01-18 12:29 - 2015-01-18 12:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 20:22 - 2014-12-01 21:31 - 01059933 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-14 20:17 - 2014-09-24 17:23 - 01749406 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-14 20:17 - 2014-09-24 16:39 - 00740946 _____ () C:\WINDOWS\system32\perfh005.dat
2015-02-14 20:17 - 2014-09-24 16:39 - 00152150 _____ () C:\WINDOWS\system32\perfc005.dat
2015-02-14 20:14 - 2014-09-19 17:49 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3167516336-1972922022-304781140-1001
2015-02-14 20:13 - 2014-09-13 03:51 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 20:10 - 2014-09-13 03:51 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 20:09 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 20:08 - 2014-09-06 19:36 - 10422026 _____ () C:\Users\Public\CAFADEBUG.log
2015-02-14 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-14 19:58 - 2014-12-01 21:33 - 00000986 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-14 19:58 - 2014-09-13 03:52 - 00001313 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 19:58 - 2014-09-13 03:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-14 19:44 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-02-14 19:14 - 2014-10-26 15:09 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001UA.job
2015-02-14 18:59 - 2014-12-01 12:05 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-14 18:59 - 2014-09-13 03:53 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-14 18:47 - 2014-09-08 14:56 - 00000000 ____D () C:\Users\User\AppData\Local\LSC
2015-02-14 18:47 - 2014-09-06 18:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-02-14 18:47 - 2014-09-06 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-02-14 18:47 - 2014-09-06 18:00 - 00000000 ____D () C:\Program Files\Lenovo
2015-02-14 18:46 - 2014-09-06 18:00 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-02-14 18:42 - 2014-09-06 18:06 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-14 18:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-14 18:40 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-02-14 18:38 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-02-14 18:23 - 2014-12-02 12:58 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-02-14 18:21 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-14 17:50 - 2014-12-02 12:48 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7BCCE261-5287-49B3-B1BE-D7C758B0E9F1}
2015-02-14 07:14 - 2014-10-26 15:09 - 00000916 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001Core.job
2015-02-13 06:32 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 17:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 17:46 - 2014-12-18 19:54 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-02-12 17:46 - 2014-09-15 03:50 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-02-12 16:45 - 2014-09-15 03:50 - 00000000 ____D () C:\Games
2015-02-12 07:27 - 2014-09-14 08:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 07:20 - 2014-09-14 08:47 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 06:59 - 2013-08-22 15:44 - 00346256 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 17:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 11:06 - 2014-11-24 20:00 - 00000000 ____D () C:\Users\User\Desktop\všechno
2015-02-08 19:18 - 2014-09-26 12:06 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2015-02-05 07:08 - 2014-09-13 03:51 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 07:08 - 2014-09-13 03:51 - 00003656 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2014-12-12 12:57 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-12 12:57 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 02:29 - 2015-01-01 23:59 - 00000000 ____D () C:\Users\User\Downloads\xD
2015-02-01 18:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-02-01 14:48 - 2014-09-06 19:11 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-01-30 09:20 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-01-18 13:52 - 2014-11-24 19:58 - 00000000 ____D () C:\Users\User\GSplay
==================== Files in the root of some directories =======
2014-09-08 14:48 - 2014-09-08 14:48 - 0003072 _____ () C:\Users\User\AppData\Local\file__0.localstorage
2014-09-06 17:55 - 2014-09-06 17:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001Core.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001UA.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\User\Desktop" je 1789 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: nežádoucí reklamy, prosím o kontrolu
Otevřte poznámkový blok a zkopírujte do něj:
Na ploše je 1,7GB dat, což je hodně a zpomaluje to start. Přesuňte je z plochy do jiného adresáře.
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
C:\Program Files (x86)\Skype\Toolbars
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-17] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-26] (Facebook Inc.)
C:\Users\User\AppData\Local\Facebook\Update
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {a6035aad-8526-11e4-be97-24fd52f0895d} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {ce58a4e0-aa2a-11e4-bea6-24fd52f0895d} - "D:\OriginInstaller.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp ... LHDM1LHDM1
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... LHDM1LHDM1"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-15]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-15] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-15] (Microsoft Corporation)
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001UA.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001Core.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\User\AppData\Local\Temp
End
Na ploše je 1,7GB dat, což je hodně a zpomaluje to start. Přesuňte je z plochy do jiného adresáře.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: nežádoucí reklamy, prosím o kontrolu
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015
Ran by User at 2015-02-14 20:43:27 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
C:\Program Files (x86)\Skype\Toolbars
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-17] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-26] (Facebook Inc.)
C:\Users\User\AppData\Local\Facebook\Update
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {a6035aad-8526-11e4-be97-24fd52f0895d} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {ce58a4e0-aa2a-11e4-bea6-24fd52f0895d} - "D:\OriginInstaller.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp ... LHDM1LHDM1
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... LHDM1LHDM1"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-15]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-15] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-15] (Microsoft Corporation)
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001UA.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001Core.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\User\AppData\Local\Temp
End
*****************
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value deleted successfully.
C:\Users\User\AppData\Local\Facebook\Update => Moved successfully.
"HKU\S-1-5-21-3167516336-1972922022-304781140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6035aad-8526-11e4-be97-24fd52f0895d}" => Key deleted successfully.
HKCR\CLSID\{a6035aad-8526-11e4-be97-24fd52f0895d} => Key not found.
"HKU\S-1-5-21-3167516336-1972922022-304781140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce58a4e0-aa2a-11e4-bea6-24fd52f0895d}" => Key deleted successfully.
HKCR\CLSID\{ce58a4e0-aa2a-11e4-bea6-24fd52f0895d} => Key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\skypec2c" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => Key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => Key deleted successfully.
"C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx" => File/Directory not found.
c2cautoupdatesvc => Unable to stop service
c2cautoupdatesvc => Service deleted successfully.
c2cpnrsvc => Unable to stop service
c2cpnrsvc => Service deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001UA.job => Moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001Core.job => Moved successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"C:\Users\User\AppData\Local\Temp" directory move:
C:\Users\User\AppData\Local\Temp\15021323135400001.TMP => Moved successfully.
C:\Users\User\AppData\Local\Temp\adwcleaner.db => Moved successfully.
C:\Users\User\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\User\AppData\Local\Temp\browserinfo.ini => Moved successfully.
C:\Users\User\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\User\AppData\Local\Temp\DMIDE6A.tmp => Moved successfully.
C:\Users\User\AppData\Local\Temp\EULA.txt => Moved successfully.
C:\Users\User\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\User\AppData\Local\Temp\LSCInstall.log => Moved successfully.
C:\Users\User\AppData\Local\Temp\modules00 => Moved successfully.
C:\Users\User\AppData\Local\Temp\modules11 => Moved successfully.
C:\Users\User\AppData\Local\Temp\preferences00 => Moved successfully.
C:\Users\User\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\User\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\User\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\User\AppData\Local\Temp\~240B.bat => Moved successfully.
C:\Users\User\AppData\Local\Temp\~240B.tmp => Moved successfully.
C:\Users\User\AppData\Local\Temp\~6A92.tmp => Moved successfully.
C:\Users\User\AppData\Local\Temp\~D626.tmp => Moved successfully.
C:\Users\User\AppData\Local\Temp\HYD972B.tmp.1423934506\HTA\install.1423934506.zip => Moved successfully.
C:\Users\User\AppData\Local\Temp\fla1AC1.tmp\LSCSetup64.exe => Moved successfully.
Could not move "C:\Users\User\AppData\Local\Temp" directory. => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-14 20:45:06)<=
C:\Users\User\AppData\Local\Temp => Moved successfully.
==== End of Fixlog 20:45:07 ====
Ran by User at 2015-02-14 20:43:27 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
C:\Program Files (x86)\Skype\Toolbars
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-17] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-26] (Facebook Inc.)
C:\Users\User\AppData\Local\Facebook\Update
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {a6035aad-8526-11e4-be97-24fd52f0895d} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\...\MountPoints2: {ce58a4e0-aa2a-11e4-bea6-24fd52f0895d} - "D:\OriginInstaller.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp ... LHDM1LHDM1
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... LHDM1LHDM1"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-15]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-15] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-15] (Microsoft Corporation)
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001UA.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001Core.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\User\AppData\Local\Temp
End
*****************
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-3167516336-1972922022-304781140-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value deleted successfully.
C:\Users\User\AppData\Local\Facebook\Update => Moved successfully.
"HKU\S-1-5-21-3167516336-1972922022-304781140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6035aad-8526-11e4-be97-24fd52f0895d}" => Key deleted successfully.
HKCR\CLSID\{a6035aad-8526-11e4-be97-24fd52f0895d} => Key not found.
"HKU\S-1-5-21-3167516336-1972922022-304781140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce58a4e0-aa2a-11e4-bea6-24fd52f0895d}" => Key deleted successfully.
HKCR\CLSID\{ce58a4e0-aa2a-11e4-bea6-24fd52f0895d} => Key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\skypec2c" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => Key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => Key deleted successfully.
"C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx" => File/Directory not found.
c2cautoupdatesvc => Unable to stop service
c2cautoupdatesvc => Service deleted successfully.
c2cpnrsvc => Unable to stop service
c2cpnrsvc => Service deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001UA.job => Moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3167516336-1972922022-304781140-1001Core.job => Moved successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"C:\Users\User\AppData\Local\Temp" directory move:
C:\Users\User\AppData\Local\Temp\15021323135400001.TMP => Moved successfully.
C:\Users\User\AppData\Local\Temp\adwcleaner.db => Moved successfully.
C:\Users\User\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\User\AppData\Local\Temp\browserinfo.ini => Moved successfully.
C:\Users\User\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\User\AppData\Local\Temp\DMIDE6A.tmp => Moved successfully.
C:\Users\User\AppData\Local\Temp\EULA.txt => Moved successfully.
C:\Users\User\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\User\AppData\Local\Temp\LSCInstall.log => Moved successfully.
C:\Users\User\AppData\Local\Temp\modules00 => Moved successfully.
C:\Users\User\AppData\Local\Temp\modules11 => Moved successfully.
C:\Users\User\AppData\Local\Temp\preferences00 => Moved successfully.
C:\Users\User\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\User\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\User\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\User\AppData\Local\Temp\~240B.bat => Moved successfully.
C:\Users\User\AppData\Local\Temp\~240B.tmp => Moved successfully.
C:\Users\User\AppData\Local\Temp\~6A92.tmp => Moved successfully.
C:\Users\User\AppData\Local\Temp\~D626.tmp => Moved successfully.
C:\Users\User\AppData\Local\Temp\HYD972B.tmp.1423934506\HTA\install.1423934506.zip => Moved successfully.
C:\Users\User\AppData\Local\Temp\fla1AC1.tmp\LSCSetup64.exe => Moved successfully.
Could not move "C:\Users\User\AppData\Local\Temp" directory. => Scheduled to move on reboot.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-14 20:45:06)<=
C:\Users\User\AppData\Local\Temp => Moved successfully.
==== End of Fixlog 20:45:07 ====
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: nežádoucí reklamy, prosím o kontrolu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: nežádoucí reklamy, prosím o kontrolu
Reklamy zmizely i nežadoucí programy.
Je třeba ještě nějaké čištění ?
Je třeba ještě nějaké čištění ?
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: nežádoucí reklamy, prosím o kontrolu
Není-li jiný problém, je to vše.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: nežádoucí reklamy, prosím o kontrolu
Děkuji za rychlost.
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: nežádoucí reklamy, prosím o kontrolu
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?