Čínská reklama

Zpráva

Willy · #1 Příspěvek od **Willy** » 16 led 2016 13:34

Ahoj,
zobrazuje se mi mj. čínská reklama v pravým dolním rohu. Zároveň mi to i bloklo WinDefender (aspoň ponaučení, že jinej antivir).
Poradili by jste, prosím?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:29:46, on 16.1.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)
Boot mode: Normal

Running processes:
C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\t_201601160025\201601160025\lsas.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\t_201601160025\201601160025\auds.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\t_201601160025\201601160025\tslog.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\aPrograms\OperaPortable\OperaPortable.exe
C:\aPrograms\OperaPortable\App\Opera\opera.exe
C:\aPrograms\OperaPortable\Data\profile\temporary_downloads\hijackthis.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://odzowik.ru/?utm_content=e4da6f38 ... 6FEF64C054
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira System Speedup User Starter] C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Fufan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Fufan\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [join.me.launcher] C:\Users\Fufan\AppData\Local\join.me.launcher\join.me.launcher.exe
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [sbdrelbcoh] explorer "http://odzowik.ru/?utm_source=uoua03n&u ... 6FEF64C054"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [lsas] C:\Program Files (x86)\t_201601160025\201601160025\lsas.exe -mini
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: Intel(R) Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
O4 - Startup: Odeslat do OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O4 - Startup: Poslat do aplikace OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Avira System Speedup (SpeedupService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TiMiniService - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 20871 bytes

#2 Příspěvek od **altrok** » 16 led 2016 17:06

Krasny den Vam preju

Otestujte na virustotal.com C:\Program Files (x86)\t_201601160025\201601160025\lsas.exe - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.

Z tohoto logu je velice malo informaci. Urcite ale je, ze mate aktivnich nekolik antiviru - avast, aviru a jak uvadite, jeste Defender. Tohle nemuze dobre fungovat.

Odinstalujte

Skype Click to Call - adware z instalace Skypu http://forum.viry.cz/viewtopic.php?p=1374439#p1374439
Seznam Software - pokud nepouzivate, protoze velice casto byva instalovan jako adware

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Cleaning
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Willy · #3 Příspěvek od **Willy** » 16 led 2016 21:56

Isas už by měl být komplet pryč, avast mi ho smazal.

Jo, mám jich teď víc po tom, co mi defender nefunguje

.

Tady je log s Adw:
# AdwCleaner v5.029 - Logfile created 16/01/2016 at 19:12:32
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Fufan - FUFAN-PC
# Running from : C:\aPrograms\OperaPortable\Data\profile\temporary_downloads\adwcleaner_5.029 (1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : TSDefenseBt

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[#] Folder Deleted : C:\ProgramData\mntemp
[-] Folder Deleted : C:\Users\Fufan\AppData\Roaming\tencent

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\SysNative\drivers\TFsFltX64.sys

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9563BC59-9556-4805-8CD4-886781779D8D}
[!] Key Not Deleted : HKU\S-1-5-21-722700253-2852286510-886327887-1006\Software\One System Care
[!] Data Not Restored : HKU\S-1-5-21-722700253-2852286510-886327887-1006\Software\Microsoft\Internet Explorer\Main [Start Page]

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1333 bytes] ##########

#4 Příspěvek od **altrok** » 17 led 2016 13:26

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

Willy · #5 Příspěvek od **Willy** » 17 led 2016 13:54

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Fufan (2016-01-17 13:47:06)
Running from C:\Users\Fufan\Desktop
Windows 10 Home (X64) (2015-11-18 00:48:36)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-722700253-2852286510-886327887-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-722700253-2852286510-886327887-503 - Limited - Disabled)
Fufan (S-1-5-21-722700253-2852286510-886327887-1001 - Administrator - Enabled) => C:\Users\Fufan
Guest (S-1-5-21-722700253-2852286510-886327887-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-722700253-2852286510-886327887-1003 - Limited - Enabled)
postgres (S-1-5-21-722700253-2852286510-886327887-1006 - Limited - Enabled) => C:\Users\postgres.Fufan-PC
UpdatusUser (S-1-5-21-722700253-2852286510-886327887-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis (HKLM-x32\...\{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}) (Version: 15.4.5722.2 - Microsoft Corporation)
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
888poker (HKLM-x32\...\888poker) (Version: - )
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
Aktualizace NVIDIA 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
AMP WinOFF 5.0.1 (HKLM-x32\...\AMP WinOFF) (Version: 5.0.1 - Alberto Martinez Perez)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.44 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4710 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4710 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Avid License Control (HKLM-x32\...\{89A9B9EE-839E-4820-9450-2912C82F46AF}) (Version: 6.0.1 - Avid Technology, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version: - Oberon Media Inc.)
Calculator (HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Calculator) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cooking Dash (HKLM-x32\...\Cooking Dash) (Version: - Oberon Media Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1123_32710 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ELAN Touchpad 15.9.6.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.9.6.1 - ELAN Microelectronic Corp.)
ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.88.405 - Asus)
ExpressGate Cloud (x32 Version: 2.1.88.405 - Asus) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Flopzilla (HKLM-x32\...\{855D22BD-5785-4DE7-8026-96920539C3C7}) (Version: 1.7.6 - Flopzilla)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fresco Logic USB3.0 Host Controller (HKLM\...\{5B9F1BB4-4C06-41E8-877D-B458742B0D0A}) (Version: 3.0.116.3 - Fresco Logic Inc.)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version: - Oberon Media Inc.)
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version: - Oberon Media Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Quest 3 (HKLM-x32\...\Jewel Quest 3) (Version: - Oberon Media Inc.)
join.me (HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\JoinMe) (Version: 2.4.2.1167 - LogMeIn, Inc.)
join.me.launcher (x32 Version: 1.0.573.0 - LogMeIn, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.138 - PandoraTV)
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Luxor 3 (HKLM-x32\...\Luxor 3) (Version: - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version: - Oberon Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneNote 2016 pro domácnosti - cs-cz (HKLM\...\OneNoteFreeRetail - cs-cz) (Version: 16.0.6366.2036 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA Ovladače grafiky 311.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.44 - NVIDIA Corporation)
Odds calculator (HKLM-x32\...\odds-calculator-desktop.71249E51277F5CE3F1C9178228D3FD8E8D6DCCCF.1) (Version: 1.0.17 - UNKNOWN)
Odds calculator (x32 Version: 1.0.17 - UNKNOWN) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Opera Stable 34.0.2036.39 (HKLM-x32\...\Opera 34.0.2036.39) (Version: 34.0.2036.39 - Opera Software)
Ovládací panel NVIDIA 353.54 (Version: 353.54 - NVIDIA Corporation) Hidden
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version: - Oberon Media Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Seznam Software (HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\SeznamInstall) (Version: - Seznam.cz)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{44998978-7DDB-4AD0-BDF5-D226FBC029FE}) (Version: 7.1.2 - Avid)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.13.201509231442 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UpdateAdmin (HKLM-x32\...\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}) (Version: 2.0.2011 - DownloadAdmin) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX kontrola za daljinske veze (HKLM-x32\...\{8985AE5E-622A-4980-8BF8-0A1830643220}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem (HKLM-x32\...\{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-i juhtelement kaugühendustele (HKLM-x32\...\{216ACEC1-4556-4717-A8DE-3F7F5F9C6F63}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version: - Oberon Media Inc.)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-722700253-2852286510-886327887-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Fufan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E0CD00-0041-4D8A-9477-9C92E0EFE891} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0168DDD5-4BB3-4A85-99BA-B9AADC53BC5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {01C7F7B5-67E3-48A9-9326-0AA46291395D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-16] (Microsoft Corporation)
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {02A88E6F-739B-4C90-A3BA-9E12EEEB1D0E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-16] (AVAST Software)
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {0CC818E1-665A-412D-9FC9-42CCBBA9842A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {13E07B75-7765-44C9-A0FD-EABC03236015} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {1FBB9AC0-D9F6-4030-8117-D66FA2D3EDF3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {25A16F3A-D4CC-4F86-9A55-7ACE7F8E85B5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3048F251-EBB1-484C-BADE-6A9634BBBFF3} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {31FA36FA-D5EF-48DA-A70E-11B410A56B34} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {3B7BAE2A-01CD-4265-9FF0-CE3C6AE5C4D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {3C62B858-8822-4574-83E2-ED2E0CB4838C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4C5C67AA-FB0B-431C-9288-05F04FAD7580} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-11-24] (CyberLink)
Task: {506AD046-B18C-4EBF-91F0-F6185B6862F1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5DEA8D85-716F-4FED-9C31-C5F010E4A186} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-01-04] (Avira Operations GmbH & Co. KG)
Task: {68CB20EF-E7CE-4513-858F-FA64F96FA64F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {6A5A10F8-DB70-49BC-A635-DB578AA3D832} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-fbuc@seznam.cz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {76DD189E-D720-4BAF-8D6E-7E7D7FE7B4E3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {91CA17A4-803E-49F9-B97B-0B31CF34BB49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {964D70F5-BE08-4A3A-B5A0-CF79F94E87EF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A988EFDD-652B-4DC3-A59C-77A5E86A062D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A9C022E0-CF62-4227-B32F-6486BFB352CA} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe [2010-07-29] ()
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {B0921B4E-78CE-45A0-8F59-FF4461117996} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B0A682C6-B35D-4906-BD98-26A08609BC5C} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {B213A2A8-E094-4134-BA55-86C94F85DFB9} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {BAECEBBE-A8FD-47D2-A41A-D7CE711B6CB8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BD80CADC-4C03-46BF-A645-6C0F0763C32D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {BF9C7064-5A87-4ECC-9C1B-9E072FC97D1A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CA5D12C9-6E13-4B06-BE61-371DE1E6F59D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D3FCA291-916E-41DE-BF0C-C170C50719A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {D508EA0D-6F20-4D3F-B63C-F48C4672E55D} - System32\Tasks\Web Rush => Rundll32.exe "C:\Users\Fufan\AppData\Local\Web Rush\xBin\WebRush.dll",#3 <==== ATTENTION
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {E07E7D5A-C2A2-4DAD-AF85-A8A724AE8A3A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] ()
Task: {E46A5CE1-4284-4415-891E-49814036E7F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {E48DE60D-20ED-4D8D-9330-2B2950080148} - System32\Tasks\Opera scheduled Autoupdate 1450399619 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-15] (Opera Software)
Task: {E6D70B07-30B3-4414-A113-388179A66583} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {E81A1064-00DF-4E20-9955-09230680FAFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EA4008AD-9775-426D-BA87-73108DB77ACC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F086CA91-77E3-4A62-AB48-437C3930344F} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-03-07] (ASUS)
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FC59A24D-A0AB-4C5F-9AF7-80B8FED82F0F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Fufan\Desktop\Universal Replayer.lnk -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.universal-replayer.net/jws/universal_replayer.jnlp "C:\Users\Fufan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\16a3839d-2970f4cd"

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-18 01:16 - 2015-07-13 18:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-31 18:51 - 2011-03-31 06:47 - 00023040 _____ () C:\WINDOWS\System32\xrhk2alm.dll
2010-08-21 02:47 - 2010-08-21 02:47 - 00077312 _____ () C:\ExpressGateUtil\VAWinService.exe
2015-12-05 14:19 - 2015-12-04 03:52 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2011-04-01 10:24 - 2010-09-17 09:52 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-04-01 10:24 - 2010-09-17 09:52 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2015-12-03 10:52 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-12 16:50 - 2015-05-26 12:35 - 00079872 _____ () C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\16141libfoxloader-x64.dll
2015-12-03 10:52 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-18 01:48 - 2015-12-18 01:50 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-08-09 07:59 - 2009-04-17 11:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-12-18 01:54 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 01:54 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-09-12 16:50 - 2015-05-26 12:38 - 00457384 _____ () C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2015-09-12 16:50 - 2015-05-26 12:36 - 00073896 _____ () C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2010-11-29 23:04 - 2010-11-29 23:04 - 00403968 _____ () C:\Program Files\Intel\TurboBoost\cs\SignalIslandUi.resources.dll
2010-09-24 00:53 - 2010-09-24 00:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-08-13 01:52 - 2010-08-13 01:52 - 00021504 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2015-08-09 16:51 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-04-03 03:21 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-09-15 19:14 - 2010-09-15 19:14 - 01102336 _____ () D:\Poker\Software\Holdem Manager 2\System.Data.SQLite.dll
2015-12-23 12:26 - 2015-12-23 12:26 - 00297400 _____ () D:\Poker\Software\PokerStars\br\PokerStarsBr.exe
2015-12-23 12:26 - 2015-12-23 12:26 - 02351384 _____ () D:\Poker\Software\PokerStars\gameutil1.exe
2015-08-11 17:06 - 2014-04-30 07:51 - 00150392 _____ () C:\totalcmd\wcmzip64.dll
2015-12-10 13:02 - 2015-12-10 13:02 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 13:02 - 2015-12-10 13:02 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 12:37 - 2015-11-20 12:37 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-15 17:51 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-15 17:51 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-15 17:51 - 2016-01-05 02:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-15 17:51 - 2016-01-05 02:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-16 01:56 - 2016-01-16 01:56 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-16 01:56 - 2016-01-16 01:56 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-16 21:44 - 2016-01-16 21:44 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011603\algo.dll
2016-01-16 01:56 - 2016-01-16 01:56 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-17 10:15 - 2016-01-17 10:15 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011607\algo.dll
2010-08-13 01:52 - 2010-08-13 01:52 - 00151552 _____ () C:\ExpressGateUtil\libexpat.dll
2010-08-13 01:52 - 2010-08-13 01:52 - 00057344 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2016-01-16 01:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-16 01:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-16 01:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-18 17:19 - 2014-02-18 09:11 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll
2015-09-18 17:20 - 2012-08-14 14:19 - 00999424 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll
2015-12-18 01:48 - 2015-12-18 01:50 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-18 01:48 - 2015-12-18 01:50 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-09-12 16:50 - 2015-05-26 12:37 - 00078504 _____ () C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\16137libfoxloader.dll
2015-09-12 16:50 - 2015-05-26 12:38 - 00862888 _____ () C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2016-01-17 10:14 - 2016-01-17 10:14 - 00098816 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32api.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00110080 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\pywintypes27.dll
2016-01-17 10:14 - 2016-01-17 10:14 - 00364544 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\pythoncom27.dll
2016-01-17 10:14 - 2016-01-17 10:14 - 00046080 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\_socket.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 01208320 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\_ssl.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00320512 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32com.shell.shell.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00776704 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\_hashlib.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 01176576 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\wx._core_.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00806400 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\wx._gdi_.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00816128 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\wx._windows_.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 01067008 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\wx._controls_.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00733184 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\wx._misc_.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00682496 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\pysqlite2._sqlite.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00088064 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\_ctypes.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00119808 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32file.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00108544 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32security.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00007168 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\hashobjs_ext.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00017920 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\thumbnails_ext.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00079360 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\usb_ext.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00167936 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32gui.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00018432 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32event.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00128512 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\_elementtree.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00127488 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\pyexpat.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00013824 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\common.time34.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00036864 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\_psutil_windows.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00038912 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32inet.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00525640 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\windows._lib_cacheinvalidation.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00011264 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32crypt.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00077312 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\wx._html2.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00027136 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\_multiprocessing.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00020480 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\_yappi.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00035840 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32process.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00686080 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\unicodedata.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00123392 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\wx._wizard.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00024064 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32pipe.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00010240 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\select.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00025600 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32pdh.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00017408 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32profile.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00022528 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\win32ts.pyd
2016-01-17 10:14 - 2016-01-17 10:14 - 00078848 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI43642\wx._animate.pyd
2016-01-16 01:56 - 2016-01-16 01:56 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-23 12:26 - 2015-12-23 12:26 - 40560920 _____ () D:\Poker\Software\PokerStars\br\libcef.dll
2015-12-23 12:26 - 2015-12-23 12:26 - 01364248 _____ () D:\Poker\Software\PokerStars\br\libglesv2.dll
2015-12-23 12:26 - 2015-12-23 12:26 - 00217880 _____ () D:\Poker\Software\PokerStars\br\libegl.dll
2015-12-23 12:26 - 2015-12-23 12:26 - 09306392 _____ () D:\Poker\Software\PokerStars\br\pdf.dll
2015-12-23 12:26 - 2015-12-23 12:26 - 00989976 _____ () D:\Poker\Software\PokerStars\br\ffmpegsumo.dll
2012-06-08 06:40 - 2012-06-08 06:40 - 00249856 _____ () D:\Poker\Software\Holdem Manager 2\textBoxHook.dll
2015-12-22 21:47 - 2015-12-22 21:47 - 03172400 _____ () D:\Poker\Software\Holdem Manager 2\fastfold.dll
2016-01-17 10:20 - 2016-01-17 10:20 - 00011264 _____ () C:\Users\Fufan\AppData\Local\Temp\nsv3325.tmp\System.dll
2016-01-17 10:20 - 2016-01-17 10:20 - 00029696 _____ () C:\Users\Fufan\AppData\Local\Temp\nsv3325.tmp\registry.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00835584 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\gstreamer.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00093696 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstaudioconvert.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00094208 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstaudioresample.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00057344 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstautodetect.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00096256 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstcoreplugins.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00062976 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstdecodebin2.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00067072 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstdirectsound.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00158208 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00312832 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstoggdec.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00038912 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstwaveform.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00073728 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstwavparse.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00101888 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstwebmdec.dll
2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2011-01-18 21:21 - 2011-01-18 21:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2015-12-18 01:46 - 2015-12-15 10:51 - 61564536 _____ () C:\Program Files (x86)\Opera\34.0.2036.39\opera.dll
2015-12-18 01:46 - 2015-12-15 10:51 - 01983096 _____ () C:\Program Files (x86)\Opera\34.0.2036.39\libglesv2.dll
2015-12-18 01:46 - 2015-12-15 10:51 - 00081528 _____ () C:\Program Files (x86)\Opera\34.0.2036.39\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-01-16 01:09 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15464 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-722700253-2852286510-886327887-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-722700253-2852286510-886327887-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0DE6B6B0A387FCD998900BBB3E1B3B16"
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "join.me.launcher"
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "Sony PC Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{761C031D-F79E-4C77-BDE3-F68E865AF3FE}] => (Allow) D:\Games\NBA 2k14\nba2k14.exe
FirewallRules: [{E863A904-69DA-4C3D-AD69-E830EEAFC24E}] => (Allow) D:\Games\NBA 2k14\nba2k14.exe
FirewallRules: [UDP Query User{CCA9D085-F42C-4A18-B567-1121889279A1}D:\games\pro evolution soccer 2015\pes2015.exe] => (Block) D:\games\pro evolution soccer 2015\pes2015.exe
FirewallRules: [TCP Query User{1E6538A1-2689-42A3-AC90-CEB987CB707C}D:\games\pro evolution soccer 2015\pes2015.exe] => (Block) D:\games\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{603A82BF-AACB-4D58-96A8-D28DD75B6F0B}C:\aprograms\operaportable\app\opera\opera.exe] => (Block) C:\aprograms\operaportable\app\opera\opera.exe
FirewallRules: [TCP Query User{25535FAB-D53A-4B35-9722-7689239B4744}C:\aprograms\operaportable\app\opera\opera.exe] => (Block) C:\aprograms\operaportable\app\opera\opera.exe
FirewallRules: [{8BF506E6-42C7-433F-8698-8001F148F479}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{2A60BAAC-70EA-4E2D-9BC8-BAF31E040CFA}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [UDP Query User{3956B795-AED5-4CDF-B90A-BD851B5BCC31}C:\users\fufan\appdata\local\join.me\join.me.exe] => (Allow) C:\users\fufan\appdata\local\join.me\join.me.exe
FirewallRules: [TCP Query User{415AA156-6808-4C32-8547-D23C7C34BB5B}C:\users\fufan\appdata\local\join.me\join.me.exe] => (Allow) C:\users\fufan\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{7D8B0952-31FD-45B0-A7A6-6AC0CC03E4E6}C:\aprograms\operaportable\app\opera\opera.exe] => (Allow) C:\aprograms\operaportable\app\opera\opera.exe
FirewallRules: [TCP Query User{54A08AC5-1D2C-4A70-BD99-FF726B2D885F}C:\aprograms\operaportable\app\opera\opera.exe] => (Allow) C:\aprograms\operaportable\app\opera\opera.exe
FirewallRules: [{636F06B0-C46C-4D1C-A338-F948BA656305}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A99DAF4A-4248-42E5-A3CB-FBC8DF53D744}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3DF5F6CB-BC69-40C6-9B67-FA811EE2FB8B}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39FB86BE-6E6B-4CFE-8E1A-CA94C612AEB8}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B129396A-F5C0-4652-889A-18F58DDA5DCD}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{150779CA-B431-4C64-B0CB-CC2A44AD5B5E}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{5FA4747F-F2B1-419B-AEE3-E33251AFAF3D}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8325617A-208D-4E20-A5F0-E4BBDBC632C2}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe
FirewallRules: [{BE569D7E-9F78-4A6C-AC67-E7D172481377}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4C5C55D3-6471-46B0-8C69-F90DE933EB3F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B36B7768-F50C-44E2-99F3-8D7CF8C97D7E}] => (Allow) LPort=2869
FirewallRules: [{8B6F2C2C-8018-43A7-B7AC-26177AFB6846}] => (Allow) LPort=1900
FirewallRules: [{5B3CF587-354A-4C45-9A75-28C42D5E9E63}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{91E76949-866F-4FFA-A05B-B0085FDC8DA9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FF0E14E4-C858-4882-BB0F-5B5456352724}] => (Allow) LPort=5353
FirewallRules: [{4664F37F-1F3E-4729-9525-81A1AED2C27C}] => (Allow) LPort=8182
FirewallRules: [{7E1797CD-5486-4FEC-8F55-F55F2E4A4B67}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{37DB2A9E-33D1-409C-8582-57ECDEABA08A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{D645D86C-401B-4B36-88F9-4E9207A8FB73}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{52E818E7-B1E9-4299-9CC5-8620804488B8}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{1A9032D2-EAD1-4F88-A40A-080F3A948710}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{77E3778E-E648-4DB8-BFFE-1150E069D0C2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{82510982-F1F8-4525-8445-C6E49158AC91}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9B775783-2299-48D5-B680-4D840DCDC897}] => (Allow) LPort=5432
FirewallRules: [{F838A498-534B-42F9-94DA-75F44BDB5882}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

16-01-2016 12:21:54 Avira System Speedup 2.0.10
16-01-2016 13:41:31 Revo Uninstaller Pro's restore point -

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2016 10:13:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0x1790
Čas spuštění chybující aplikace: 0xElanTPCfg64.exe0
Cesta k chybující aplikaci: ElanTPCfg64.exe1
Cesta k chybujícímu modulu: ElanTPCfg64.exe2
ID zprávy: ElanTPCfg64.exe3
Úplný název chybujícího balíčku: ElanTPCfg64.exe4
ID aplikace související s chybujícím balíčkem: ElanTPCfg64.exe5

Error: (01/16/2016 11:45:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro LAVFilters.Dependencies,type="win32",version="1.0.0.0"1 se nezdařilo.
Závislé sestavení LAVFilters.Dependencies,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (01/16/2016 11:45:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro LAVFilters.Dependencies,type="win32",version="1.0.0.0"1 se nezdařilo.
Závislé sestavení LAVFilters.Dependencies,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (01/16/2016 09:43:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0x17c0
Čas spuštění chybující aplikace: 0xElanTPCfg64.exe0
Cesta k chybující aplikaci: ElanTPCfg64.exe1
Cesta k chybujícímu modulu: ElanTPCfg64.exe2
ID zprávy: ElanTPCfg64.exe3
Úplný název chybujícího balíčku: ElanTPCfg64.exe4
ID aplikace související s chybujícím balíčkem: ElanTPCfg64.exe5

Error: (01/16/2016 07:17:57 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Perf_iCrcPerfMonMgr8

Error: (01/16/2016 07:17:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/16/2016 07:17:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: aspnet_stateaspnet_counters.dll8

Error: (01/16/2016 07:17:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (01/16/2016 07:17:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (01/16/2016 05:48:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0x4a8
Čas spuštění chybující aplikace: 0xElanTPCfg64.exe0
Cesta k chybující aplikaci: ElanTPCfg64.exe1
Cesta k chybujícímu modulu: ElanTPCfg64.exe2
ID zprávy: ElanTPCfg64.exe3
Úplný název chybujícího balíčku: ElanTPCfg64.exe4
ID aplikace související s chybujícím balíčkem: ElanTPCfg64.exe5

System errors:
=============
Error: (01/17/2016 10:19:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (01/17/2016 10:19:20 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%1330

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (01/17/2016 10:18:11 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (01/17/2016 10:18:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Služba inteligentního přenosu na pozadí přestala během spouštění reagovat.

Error: (01/17/2016 10:18:09 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/17/2016 10:15:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Avira Mail Protection závisí na službě Avira Real-Time Protection, která neuspěla při spuštění v důsledku následující chyby:
%%1070

Error: (01/17/2016 10:15:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Avira Web Protection závisí na službě Avira Real-Time Protection, která neuspěla při spuštění v důsledku následující chyby:
%%1070

Error: (01/17/2016 10:15:21 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Avira Real-Time Protection přestala během spouštění reagovat.

Error: (01/17/2016 10:15:21 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Avira Real-Time Protection přestala během spouštění reagovat.

Error: (01/17/2016 10:13:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SDScannerService neuspěla při spuštění v důsledku následující chyby:
%%1053

CodeIntegrity:
===================================
Date: 2016-01-16 00:54:30.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-15 22:32:15.647
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:15.632
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:15.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:15.534
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:15.512
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:15.481
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:04.952
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 21:26:52.145
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 21:26:52.129
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 77%
Total physical RAM: 4001.06 MB
Available physical RAM: 915.65 MB
Total Virtual: 8097.06 MB
Available Virtual: 3325.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:292.26 GB) (Free:183.18 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:380.6 GB) (Free:26.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=292.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=785 MB) - (Type=27)
Partition 4: (Not Active) - (Size=380.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Willy · #6 Příspěvek od **Willy** » 17 led 2016 14:01

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Fufan (administrator) on FUFAN-PC (17-01-2016 13:58:26)
Running from C:\Users\Fufan\Desktop
Loaded Profiles: Fufan & postgres (Available Profiles: UpdatusUser & Fufan & postgres)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\ExpressGateUtil\VAWinService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(PokerStars) D:\Poker\Software\PokerStars\PokerStars.exe
() D:\Poker\Software\PokerStars\br\PokerStarsBr.exe
() D:\Poker\Software\PokerStars\gameutil1.exe
() D:\Poker\Software\PokerStars\br\PokerStarsBr.exe
() D:\Poker\Software\PokerStars\br\PokerStarsBr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(PortableApps.com) C:\aPrograms\OperaPortable\OperaPortable.exe
(Opera Software) C:\aPrograms\OperaPortable\App\Opera\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.39\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
(forum.viry.cz) C:\aPrograms\OperaPortable\Data\profile\temporary_downloads\FRSTLauncher (1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Hold'em Manager) D:\Poker\Software\Holdem Manager 2\HoldemManager.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Hold'em Manager) D:\Poker\Software\Holdem Manager 2\HudFuncsApp.exe
(HoldemManager) D:\Poker\Software\Holdem Manager 2\ThirtyTwoBitIPC.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-02-25] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-16] (AVAST Software)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-12-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [14960 2016-01-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Fufan\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [join.me.launcher] => C:\Users\Fufan\AppData\Local\join.me.launcher\join.me.launcher.exe [173840 2015-08-31] (LogMeIn, Inc)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [sbdrelbcoh] => explorer "hxxp://odzowik.ru/?utm_source=uoua03n&utm_content=aa03a6f78677f94106be130c8e4c2031&utm_term=6DC49692170194F275F2D26FEF64C054" <===== ATTENTION
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\MountPoints2: {6e115b34-4010-11e5-9bc5-14dae94f3cc2} - "H:\startme.exe"
HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-16] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-01]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2015-08-09]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\Fufan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2015-08-09]
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Fufan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2015-11-23]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
Startup: C:\Users\Fufan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2016-01-10]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36 192.168.1.1
Tcpip\..\Interfaces\{055feabc-9a53-4202-8d7d-0470206db219}: [DhcpNameServer] 213.46.172.37 213.46.172.36 192.168.1.1
Tcpip\..\Interfaces\{c6d8e8eb-e3a8-43a7-aa44-1fc749d6916f}: [DhcpNameServer] 213.46.172.37 213.46.172.36 192.168.1.1
Tcpip\..\Interfaces\{f058086d-e4dc-4f2d-9daf-ea63ed244de6}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-722700253-2852286510-886327887-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-722700253-2852286510-886327887-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-722700253-2852286510-886327887-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-722700253-2852286510-886327887-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBJV0BUAkSQhgaIw9cTA0QEVAOeABeBxRBGFEVcQ1ZVwhAF1QFIk0FA1ADB0VXfVBdFElXTwhgIU1dE1wVVVp6L0w=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ASUT
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {1098E622-C0EC-45E9-A858-253A56F7DACB} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_16194
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {1CC16CC5-2C5B-4400-913A-CFF723DF6816} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_16194
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {1DAB9224-C5B1-47ED-9E50-989BAF0575CC} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {20C883A6-2E53-4012-AD1D-807E8BBA1965} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_16194
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {4410D974-842D-45CF-9658-2679C310521C} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {62488AFC-6AB0-42D0-BA8A-8005EEADE6DF} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_16194
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {64858E45-BD9F-4502-B3B9-A1E1FA0964DB} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {ADF108A5-C1CA-442C-AE31-991F2815DDB8} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {D39EFA40-A424-4C0D-9369-BAD401033F75} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {E985C715-8CD0-4916-91B6-8780622C6451} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-17] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-16] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-04-01] (Google Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-17] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-20] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-16] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-04-01] (Google Inc.)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-04-01] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-20] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> No Name - {F3FB69AE-9F85-413A-BA2F-12FD030B621A} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default
FF DefaultSearchEngine: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF Keyword.URL: hxxps://www.google.com/search?trackid=sp-006
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF SearchPlugin: C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\searchplugins\google-avast.xml [2016-01-16]
FF Extension: Avira Browser Safety - C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\Extensions\abs@avira.com [2016-01-16]
FF Extension: Домашняя страница Mail.Ru - C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\Extensions\homepage@mail.ru [2015-12-23]
FF Extension: Поиск@Mail.Ru - C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\Extensions\search@mail.ru [2015-12-23] [not signed]
FF Extension: Catered to You - C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\Extensions\{a0dc82f0-66da-4db4-a4e2-60af4d372c1c}.xpi [2015-10-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-03]
CHR Extension: (Dokumenty Google) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-03]
CHR Extension: (Disk Google) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-03]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2016-01-03]
CHR Extension: (YouTube) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-03]
CHR Extension: (Vyhledávání Google) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-03]
CHR Extension: (eShield) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp [2016-01-03]
CHR Extension: (Tabulky Google) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-04]
CHR Extension: (Skype) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-03]
CHR Extension: (Gmail) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-03]
CHR Extension: () - C:\Users\Fufan\AppData\Local\Web Rush\Component [2016-01-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-722700253-2852286510-886327887-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Fufan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-01-03]
CHR HKU\S-1-5-21-722700253-2852286510-886327887-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-722700253-2852286510-886327887-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-16]

Opera:
=======
OPR StartupUrls: "hxxp://ngitexo.ru/?utm_content=8428ab81ddf0bcddc0a7e05ca3e782c6&utm_source=startpm&utm_term=6DC49692170194F275F2D26FEF64C054"
OPR Extension: (Catered to You) - C:\Users\Fufan\AppData\Roaming\Opera Software\Opera Stable\Extensions\haapdflikokncfodkkmednpceiediklb [2015-12-18]
OPR Extension: (Adblock Plus) - C:\Users\Fufan\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-01-06]

LastRegBack: 2016-01-08 12:27

==================== End of FRST.txt ============================

#7 Příspěvek od **altrok** » 17 led 2016 14:11

Odinstalujte

Bing Bar - pokud nepouzivate
Seznam Software - pokud nepouzivate, protoze velice casto byva instalovan jako adware

Rozhodnete se, jaky antivir si v PC nechate a zbytek odinstalujte. V PC ma byt prave jeden antivir, nikoliv 10.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Fufan\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [sbdrelbcoh] => explorer "hxxp://odzowik.ru/?utm_source=uoua03n&utm_content=aa03a6f78677f94106be130c8e4c2031&utm_term=6DC49692170194F275F2D26FEF64C054" <===== ATTENTION
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\MountPoints2: {6e115b34-4010-11e5-9bc5-14dae94f3cc2} - "H:\startme.exe" 
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-722700253-2852286510-886327887-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h ... wVVVp6L0w=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> OldSearch URL = 
FF DefaultSearchUrl: hxxps://www.google.com/search?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search?trackid=sp-006
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Extension: Catered to You - C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\Extensions\{a0dc82f0-66da-4db4-a4e2-60af4d372c1c}.xpi [2015-10-31] [not signed]
OPR StartupUrls: "hxxp://ngitexo.ru/?utm_content=8428ab81ddf0bcddc0a7e05ca3e782c6&utm_source=startpm&utm_term=6DC49692170194F275F2D26FEF64C054"
OPR Extension: (Catered to You) - C:\Users\Fufan\AppData\Roaming\Opera Software\Opera Stable\Extensions\haapdflikokncfodkkmednpceiediklb [2015-12-18]
EmptyTemp:
End

Willy · #8 Příspěvek od **Willy** » 17 led 2016 17:24

Více jich mám proto, že WinDefend je násilně vypnutej.

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Fufan (2016-01-17 17:15:19) Run:1
Running from C:\Users\Fufan\Desktop
Loaded Profiles: Fufan & postgres (Available Profiles: UpdatusUser & Fufan & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Fufan\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Fufan\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [sbdrelbcoh] => explorer "hxxp://odzowik.ru/?utm_source=uoua03n&utm_content=aa03a6f78677f94106be130c8e4c2031&utm_term=6DC49692170194F275F2D26FEF64C054" <===== ATTENTION
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\MountPoints2: {6e115b34-4010-11e5-9bc5-14dae94f3cc2} - "H:\startme.exe"
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-722700253-2852286510-886327887-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h ... wVVVp6L0w=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> OldSearch URL =
FF DefaultSearchUrl: hxxps://www.google.com/search?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search?trackid=sp-006
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Extension: Catered to You - C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\Extensions\{a0dc82f0-66da-4db4-a4e2-60af4d372c1c}.xpi [2015-10-31] [not signed]
OPR StartupUrls: "hxxp://ngitexo.ru/?utm_content=8428ab81ddf0bcddc0a7e05ca3e782c6&utm_source=startpm&utm_term=6DC49692170194F275F2D26FEF64C054"
OPR Extension: (Catered to You) - C:\Users\Fufan\AppData\Roaming\Opera Software\Opera Stable\Extensions\haapdflikokncfodkkmednpceiediklb [2015-12-18]
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdatePSTShortCut => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateLBPShortCut => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GoShortCut => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value removed successfully
HKU\S-1-5-21-722700253-2852286510-886327887-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value not found.
HKU\S-1-5-21-722700253-2852286510-886327887-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value not found.
HKU\S-1-5-21-722700253-2852286510-886327887-1001\Software\Microsoft\Windows\CurrentVersion\Run\\sbdrelbcoh => value removed successfully
"HKU\S-1-5-21-722700253-2852286510-886327887-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e115b34-4010-11e5-9bc5-14dae94f3cc2}" => key removed successfully
HKCR\CLSID\{6e115b34-4010-11e5-9bc5-14dae94f3cc2} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-722700253-2852286510-886327887-1006\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-722700253-2852286510-886327887-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-722700253-2852286510-886327887-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
HKCR\CLSID\OldSearch => key not found.
Firefox DefaultSearchUrl removed successfully
Firefox "Keyword.URL" removed successfully
Firefox "homepage" removed successfully
C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\Extensions\{a0dc82f0-66da-4db4-a4e2-60af4d372c1c}.xpi => moved successfully
OPR StartupUrls: "hxxp://ngitexo.ru/?utm_content=8428ab81ddf0bcddc0a7e05ca3e782c6&utm_source=startpm&utm_term=6DC49692170194F275F2D26FEF64C054" => removed successfully
C:\Users\Fufan\AppData\Roaming\Opera Software\Opera Stable\Extensions\haapdflikokncfodkkmednpceiediklb => moved successfully
EmptyTemp: => 194.7 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 17:16:38 ====

#9 Příspěvek od **altrok** » 17 led 2016 17:29

Jaky antivir hodlate pouzivat?

Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

Spuste dvojklikem a extrahujte na plochu
kliknete na Next
Aktualizujte virovou databazi klikem na Update a pokracujte na Next
Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
kliknete na Cleanup a souhlaste s restartem - Yes
obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

Willy · #10 Příspěvek od **Willy** » 17 led 2016 20:28

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.01.17.03
rootkit: v2016.01.09.01

Windows 10 x64 NTFS
Internet Explorer 11.63.10586.0
Fufan :: FUFAN-PC [administrator]

17.1.2016 18:23:03
mbar-log-2016-01-17 (18-23-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 520222
Time elapsed: 41 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Fufan\9wpg258hz\HoldemManager.com (RiskWare.MisusedLegit.AI) -> Delete on reboot. [2691b2888d0c82b46bd0d476946d30d0]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

#11 Příspěvek od **altrok** » 17 led 2016 21:25

Jaky antivir hodlate pouzivat?

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

Willy · #12 Příspěvek od **Willy** » 17 led 2016 22:19

Který by jste doporučoval?

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Fufan (2016-01-17 22:11:27)
Running from C:\Users\Fufan\Desktop
Windows 10 Home (X64) (2015-11-18 00:48:36)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-722700253-2852286510-886327887-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-722700253-2852286510-886327887-503 - Limited - Disabled)
Fufan (S-1-5-21-722700253-2852286510-886327887-1001 - Administrator - Enabled) => C:\Users\Fufan
Guest (S-1-5-21-722700253-2852286510-886327887-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-722700253-2852286510-886327887-1003 - Limited - Enabled)
postgres (S-1-5-21-722700253-2852286510-886327887-1006 - Limited - Enabled) => C:\Users\postgres.Fufan-PC
UpdatusUser (S-1-5-21-722700253-2852286510-886327887-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis (HKLM-x32\...\{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}) (Version: 15.4.5722.2 - Microsoft Corporation)
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
888poker (HKLM-x32\...\888poker) (Version: - )
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
Aktualizace NVIDIA 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
AMP WinOFF 5.0.1 (HKLM-x32\...\AMP WinOFF) (Version: 5.0.1 - Alberto Martinez Perez)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.44 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4710 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4710 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Avid License Control (HKLM-x32\...\{89A9B9EE-839E-4820-9450-2912C82F46AF}) (Version: 6.0.1 - Avid Technology, Inc.)
Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version: - Oberon Media Inc.)
Calculator (HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Calculator) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cooking Dash (HKLM-x32\...\Cooking Dash) (Version: - Oberon Media Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1123_32710 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ELAN Touchpad 15.9.6.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.9.6.1 - ELAN Microelectronic Corp.)
ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.88.405 - Asus)
ExpressGate Cloud (x32 Version: 2.1.88.405 - Asus) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Flopzilla (HKLM-x32\...\{855D22BD-5785-4DE7-8026-96920539C3C7}) (Version: 1.7.6 - Flopzilla)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fresco Logic USB3.0 Host Controller (HKLM\...\{5B9F1BB4-4C06-41E8-877D-B458742B0D0A}) (Version: 3.0.116.3 - Fresco Logic Inc.)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version: - Oberon Media Inc.)
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version: - Oberon Media Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Quest 3 (HKLM-x32\...\Jewel Quest 3) (Version: - Oberon Media Inc.)
join.me (HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\JoinMe) (Version: 2.4.2.1167 - LogMeIn, Inc.)
join.me.launcher (x32 Version: 1.0.573.0 - LogMeIn, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.138 - PandoraTV)
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Luxor 3 (HKLM-x32\...\Luxor 3) (Version: - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version: - Oberon Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneNote 2016 pro domácnosti - cs-cz (HKLM\...\OneNoteFreeRetail - cs-cz) (Version: 16.0.6366.2036 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA Ovladače grafiky 311.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.44 - NVIDIA Corporation)
Odds calculator (HKLM-x32\...\odds-calculator-desktop.71249E51277F5CE3F1C9178228D3FD8E8D6DCCCF.1) (Version: 1.0.17 - UNKNOWN)
Odds calculator (x32 Version: 1.0.17 - UNKNOWN) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Opera Stable 34.0.2036.39 (HKLM-x32\...\Opera 34.0.2036.39) (Version: 34.0.2036.39 - Opera Software)
Ovládací panel NVIDIA 353.54 (Version: 353.54 - NVIDIA Corporation) Hidden
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version: - Oberon Media Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{44998978-7DDB-4AD0-BDF5-D226FBC029FE}) (Version: 7.1.2 - Avid)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.13.201509231442 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UpdateAdmin (HKLM-x32\...\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}) (Version: 2.0.2011 - DownloadAdmin) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX kontrola za daljinske veze (HKLM-x32\...\{8985AE5E-622A-4980-8BF8-0A1830643220}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem (HKLM-x32\...\{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-i juhtelement kaugühendustele (HKLM-x32\...\{216ACEC1-4556-4717-A8DE-3F7F5F9C6F63}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version: - Oberon Media Inc.)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-722700253-2852286510-886327887-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Fufan\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E0CD00-0041-4D8A-9477-9C92E0EFE891} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0168DDD5-4BB3-4A85-99BA-B9AADC53BC5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {02A88E6F-739B-4C90-A3BA-9E12EEEB1D0E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-16] (AVAST Software)
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {0CC818E1-665A-412D-9FC9-42CCBBA9842A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {13E07B75-7765-44C9-A0FD-EABC03236015} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {1FBB9AC0-D9F6-4030-8117-D66FA2D3EDF3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {25A16F3A-D4CC-4F86-9A55-7ACE7F8E85B5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3048F251-EBB1-484C-BADE-6A9634BBBFF3} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {31FA36FA-D5EF-48DA-A70E-11B410A56B34} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {3B7BAE2A-01CD-4265-9FF0-CE3C6AE5C4D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {3C62B858-8822-4574-83E2-ED2E0CB4838C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4C5C67AA-FB0B-431C-9288-05F04FAD7580} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-11-24] (CyberLink)
Task: {506AD046-B18C-4EBF-91F0-F6185B6862F1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5DEA8D85-716F-4FED-9C31-C5F010E4A186} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-01-04] (Avira Operations GmbH & Co. KG)
Task: {68CB20EF-E7CE-4513-858F-FA64F96FA64F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {6A5A10F8-DB70-49BC-A635-DB578AA3D832} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-fbuc@seznam.cz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {76DD189E-D720-4BAF-8D6E-7E7D7FE7B4E3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {91CA17A4-803E-49F9-B97B-0B31CF34BB49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {964D70F5-BE08-4A3A-B5A0-CF79F94E87EF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A988EFDD-652B-4DC3-A59C-77A5E86A062D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A9C022E0-CF62-4227-B32F-6486BFB352CA} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe [2010-07-29] ()
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {B0921B4E-78CE-45A0-8F59-FF4461117996} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B0A682C6-B35D-4906-BD98-26A08609BC5C} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {B213A2A8-E094-4134-BA55-86C94F85DFB9} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {BAECEBBE-A8FD-47D2-A41A-D7CE711B6CB8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BD80CADC-4C03-46BF-A645-6C0F0763C32D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {BF9C7064-5A87-4ECC-9C1B-9E072FC97D1A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CA5D12C9-6E13-4B06-BE61-371DE1E6F59D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D3FCA291-916E-41DE-BF0C-C170C50719A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {D508EA0D-6F20-4D3F-B63C-F48C4672E55D} - System32\Tasks\Web Rush => Rundll32.exe "C:\Users\Fufan\AppData\Local\Web Rush\xBin\WebRush.dll",#3 <==== ATTENTION
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {E07E7D5A-C2A2-4DAD-AF85-A8A724AE8A3A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] ()
Task: {E46A5CE1-4284-4415-891E-49814036E7F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {E48DE60D-20ED-4D8D-9330-2B2950080148} - System32\Tasks\Opera scheduled Autoupdate 1450399619 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-15] (Opera Software)
Task: {E6872CDB-8563-4CDD-99CB-88A12D90329E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-16] (Microsoft Corporation)
Task: {E6D70B07-30B3-4414-A113-388179A66583} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {E81A1064-00DF-4E20-9955-09230680FAFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {EA4008AD-9775-426D-BA87-73108DB77ACC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F086CA91-77E3-4A62-AB48-437C3930344F} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-03-07] (ASUS)
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FC59A24D-A0AB-4C5F-9AF7-80B8FED82F0F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Fufan\Desktop\Universal Replayer.lnk -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.universal-replayer.net/jws/universal_replayer.jnlp "C:\Users\Fufan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\16a3839d-2970f4cd"

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-18 01:16 - 2015-07-13 18:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-31 18:51 - 2011-03-31 06:47 - 00023040 _____ () C:\WINDOWS\System32\xrhk2alm.dll
2010-08-21 02:47 - 2010-08-21 02:47 - 00077312 _____ () C:\ExpressGateUtil\VAWinService.exe
2015-12-05 14:19 - 2015-12-04 03:52 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2011-04-01 10:24 - 2010-09-17 09:52 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-04-01 10:24 - 2010-09-17 09:52 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2015-12-03 10:52 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-09 16:51 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-04-03 03:21 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2015-12-03 10:52 - 2015-11-22 11:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-18 01:48 - 2015-12-18 01:50 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-08-09 07:59 - 2009-04-17 11:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-12-18 01:54 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 01:54 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-15 17:51 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-15 17:51 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-15 17:51 - 2016-01-05 02:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-15 17:51 - 2016-01-05 02:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-29 23:04 - 2010-11-29 23:04 - 00403968 _____ () C:\Program Files\Intel\TurboBoost\cs\SignalIslandUi.resources.dll
2010-09-24 00:53 - 2010-09-24 00:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-08-13 01:52 - 2010-08-13 01:52 - 00021504 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2016-01-16 01:56 - 2016-01-16 01:56 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-16 01:56 - 2016-01-16 01:56 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-17 17:21 - 2016-01-17 17:21 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011703\algo.dll
2016-01-16 01:56 - 2016-01-16 01:56 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-17 20:27 - 2016-01-17 20:27 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011704\algo.dll
2010-08-13 01:52 - 2010-08-13 01:52 - 00151552 _____ () C:\ExpressGateUtil\libexpat.dll
2010-08-13 01:52 - 2010-08-13 01:52 - 00057344 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2016-01-16 01:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-16 01:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-16 01:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-16 01:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-16 01:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-09-18 17:19 - 2014-02-18 09:11 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll
2015-09-18 17:20 - 2012-08-14 14:19 - 00999424 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll
2015-12-18 01:48 - 2015-12-18 01:50 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-18 01:48 - 2015-12-18 01:50 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-01-17 20:26 - 2016-01-17 20:26 - 00011264 _____ () C:\Users\Fufan\AppData\Local\Temp\nshDA6F.tmp\System.dll
2016-01-17 20:26 - 2016-01-17 20:26 - 00029696 _____ () C:\Users\Fufan\AppData\Local\Temp\nshDA6F.tmp\registry.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00835584 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\gstreamer.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00093696 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstaudioconvert.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00094208 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstaudioresample.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00057344 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstautodetect.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00096256 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstcoreplugins.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00062976 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstdecodebin2.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00067072 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstdirectsound.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00158208 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00312832 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstoggdec.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00038912 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstwaveform.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00073728 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstwavparse.dll
2013-07-04 21:10 - 2013-07-04 21:10 - 00101888 _____ () C:\aPrograms\OperaPortable\App\Opera\gstreamer\plugins\gstwebmdec.dll
2016-01-17 20:26 - 2016-01-17 20:26 - 00098816 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32api.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00110080 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\pywintypes27.dll
2016-01-17 20:26 - 2016-01-17 20:26 - 00364544 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\pythoncom27.dll
2016-01-17 20:26 - 2016-01-17 20:26 - 00046080 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\_socket.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 01208320 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\_ssl.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00320512 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32com.shell.shell.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00776704 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\_hashlib.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 01176576 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\wx._core_.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00806400 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\wx._gdi_.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00816128 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\wx._windows_.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 01067008 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\wx._controls_.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00733184 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\wx._misc_.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00682496 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\pysqlite2._sqlite.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00088064 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\_ctypes.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00119808 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32file.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00108544 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32security.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00007168 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\hashobjs_ext.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00017920 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\thumbnails_ext.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00079360 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\usb_ext.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00167936 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32gui.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00018432 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32event.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00128512 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\_elementtree.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00127488 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\pyexpat.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00013824 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\common.time34.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00036864 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\_psutil_windows.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00038912 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32inet.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00525640 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\windows._lib_cacheinvalidation.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00011264 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32crypt.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00077312 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\wx._html2.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00027136 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\_multiprocessing.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00020480 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\_yappi.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00035840 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32process.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00686080 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\unicodedata.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00123392 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\wx._wizard.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00024064 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32pipe.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00010240 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\select.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00025600 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32pdh.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00017408 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32profile.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00022528 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\win32ts.pyd
2016-01-17 20:26 - 2016-01-17 20:26 - 00078848 _____ () C:\Users\Fufan\AppData\Local\Temp\_MEI73642\wx._animate.pyd
2016-01-16 01:56 - 2016-01-16 01:56 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2011-01-18 21:21 - 2011-01-18 21:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2013-04-05 19:26 - 2013-04-05 19:26 - 02106368 _____ () C:\aPrograms\X Codec Pack\filters\x32\ac3filter.ax
2013-04-05 19:27 - 2013-04-05 19:27 - 01021440 _____ () C:\aPrograms\X Codec Pack\filters\x32\ac3filter_intl.dll
2011-02-11 03:26 - 2011-02-11 03:26 - 00237568 _____ () C:\aPrograms\KMPlayer\OptimFROG.dll
2012-10-31 09:59 - 2012-10-31 09:59 - 00538112 _____ () C:\aPrograms\KMPlayer\libmplay.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-01-16 01:09 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15464 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-722700253-2852286510-886327887-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-722700253-2852286510-886327887-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0DE6B6B0A387FCD998900BBB3E1B3B16"
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "join.me.launcher"
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\StartupApproved\Run: => "Sony PC Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{761C031D-F79E-4C77-BDE3-F68E865AF3FE}] => (Allow) D:\Games\NBA 2k14\nba2k14.exe
FirewallRules: [{E863A904-69DA-4C3D-AD69-E830EEAFC24E}] => (Allow) D:\Games\NBA 2k14\nba2k14.exe
FirewallRules: [UDP Query User{CCA9D085-F42C-4A18-B567-1121889279A1}D:\games\pro evolution soccer 2015\pes2015.exe] => (Block) D:\games\pro evolution soccer 2015\pes2015.exe
FirewallRules: [TCP Query User{1E6538A1-2689-42A3-AC90-CEB987CB707C}D:\games\pro evolution soccer 2015\pes2015.exe] => (Block) D:\games\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{603A82BF-AACB-4D58-96A8-D28DD75B6F0B}C:\aprograms\operaportable\app\opera\opera.exe] => (Block) C:\aprograms\operaportable\app\opera\opera.exe
FirewallRules: [TCP Query User{25535FAB-D53A-4B35-9722-7689239B4744}C:\aprograms\operaportable\app\opera\opera.exe] => (Block) C:\aprograms\operaportable\app\opera\opera.exe
FirewallRules: [{8BF506E6-42C7-433F-8698-8001F148F479}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{2A60BAAC-70EA-4E2D-9BC8-BAF31E040CFA}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [UDP Query User{3956B795-AED5-4CDF-B90A-BD851B5BCC31}C:\users\fufan\appdata\local\join.me\join.me.exe] => (Allow) C:\users\fufan\appdata\local\join.me\join.me.exe
FirewallRules: [TCP Query User{415AA156-6808-4C32-8547-D23C7C34BB5B}C:\users\fufan\appdata\local\join.me\join.me.exe] => (Allow) C:\users\fufan\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{7D8B0952-31FD-45B0-A7A6-6AC0CC03E4E6}C:\aprograms\operaportable\app\opera\opera.exe] => (Allow) C:\aprograms\operaportable\app\opera\opera.exe
FirewallRules: [TCP Query User{54A08AC5-1D2C-4A70-BD99-FF726B2D885F}C:\aprograms\operaportable\app\opera\opera.exe] => (Allow) C:\aprograms\operaportable\app\opera\opera.exe
FirewallRules: [{636F06B0-C46C-4D1C-A338-F948BA656305}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A99DAF4A-4248-42E5-A3CB-FBC8DF53D744}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3DF5F6CB-BC69-40C6-9B67-FA811EE2FB8B}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39FB86BE-6E6B-4CFE-8E1A-CA94C612AEB8}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B129396A-F5C0-4652-889A-18F58DDA5DCD}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{150779CA-B431-4C64-B0CB-CC2A44AD5B5E}] => (Allow) C:\Users\Fufan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{5FA4747F-F2B1-419B-AEE3-E33251AFAF3D}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8325617A-208D-4E20-A5F0-E4BBDBC632C2}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe
FirewallRules: [{BE569D7E-9F78-4A6C-AC67-E7D172481377}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4C5C55D3-6471-46B0-8C69-F90DE933EB3F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B36B7768-F50C-44E2-99F3-8D7CF8C97D7E}] => (Allow) LPort=2869
FirewallRules: [{8B6F2C2C-8018-43A7-B7AC-26177AFB6846}] => (Allow) LPort=1900
FirewallRules: [{5B3CF587-354A-4C45-9A75-28C42D5E9E63}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{91E76949-866F-4FFA-A05B-B0085FDC8DA9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FF0E14E4-C858-4882-BB0F-5B5456352724}] => (Allow) LPort=5353
FirewallRules: [{4664F37F-1F3E-4729-9525-81A1AED2C27C}] => (Allow) LPort=8182
FirewallRules: [{7E1797CD-5486-4FEC-8F55-F55F2E4A4B67}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{37DB2A9E-33D1-409C-8582-57ECDEABA08A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{D645D86C-401B-4B36-88F9-4E9207A8FB73}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{52E818E7-B1E9-4299-9CC5-8620804488B8}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{1A9032D2-EAD1-4F88-A40A-080F3A948710}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{77E3778E-E648-4DB8-BFFE-1150E069D0C2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{82510982-F1F8-4525-8445-C6E49158AC91}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9B775783-2299-48D5-B680-4D840DCDC897}] => (Allow) LPort=5432
FirewallRules: [{F838A498-534B-42F9-94DA-75F44BDB5882}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

16-01-2016 12:21:54 Avira System Speedup 2.0.10
16-01-2016 13:41:31 Revo Uninstaller Pro's restore point -
17-01-2016 16:10:51 Installed PokerStrategy.com Equilab.
17-01-2016 20:21:40 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2016 10:13:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro LAVFilters.Dependencies,type="win32",version="1.0.0.0"1 se nezdařilo.
Závislé sestavení LAVFilters.Dependencies,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (01/17/2016 10:13:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro LAVFilters.Dependencies,type="win32",version="1.0.0.0"1 se nezdařilo.
Závislé sestavení LAVFilters.Dependencies,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (01/17/2016 10:11:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro LAVFilters.Dependencies,type="win32",version="1.0.0.0"1 se nezdařilo.
Závislé sestavení LAVFilters.Dependencies,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (01/17/2016 10:11:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro LAVFilters.Dependencies,type="win32",version="1.0.0.0"1 se nezdařilo.
Závislé sestavení LAVFilters.Dependencies,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (01/17/2016 10:07:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0x2b2c
Čas spuštění chybující aplikace: 0xElanTPCfg64.exe0
Cesta k chybující aplikaci: ElanTPCfg64.exe1
Cesta k chybujícímu modulu: ElanTPCfg64.exe2
ID zprávy: ElanTPCfg64.exe3
Úplný název chybujícího balíčku: ElanTPCfg64.exe4
ID aplikace související s chybujícím balíčkem: ElanTPCfg64.exe5

Error: (01/17/2016 08:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0x17c4
Čas spuštění chybující aplikace: 0xElanTPCfg64.exe0
Cesta k chybující aplikaci: ElanTPCfg64.exe1
Cesta k chybujícímu modulu: ElanTPCfg64.exe2
ID zprávy: ElanTPCfg64.exe3
Úplný název chybujícího balíčku: ElanTPCfg64.exe4
ID aplikace související s chybujícím balíčkem: ElanTPCfg64.exe5

Error: (01/17/2016 08:21:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (01/17/2016 05:19:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ElanTPCfg64.exe, verze: 1.0.50.1, časové razítko: 0x49d9c165
Název chybujícího modulu: ETDApi.dll, verze: 11.9.0.0, časové razítko: 0x5448e4ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000008f72
ID chybujícího procesu: 0x14d0
Čas spuštění chybující aplikace: 0xElanTPCfg64.exe0
Cesta k chybující aplikaci: ElanTPCfg64.exe1
Cesta k chybujícímu modulu: ElanTPCfg64.exe2
ID zprávy: ElanTPCfg64.exe3
Úplný název chybujícího balíčku: ElanTPCfg64.exe4
ID aplikace související s chybujícím balíčkem: ElanTPCfg64.exe5

Error: (01/17/2016 04:11:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (01/17/2016 04:04:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: LockApp.exe, verze: 0.0.0.0, časové razítko: 0x5632d5a5
Název chybujícího modulu: combase.dll, verze: 10.0.10586.0, časové razítko: 0x5632d3ca
Kód výjimky: 0xc0000602
Posun chyby: 0x000000000018db3b
ID chybujícího procesu: 0x2900
Čas spuštění chybující aplikace: 0xLockApp.exe0
Cesta k chybující aplikaci: LockApp.exe1
Cesta k chybujícímu modulu: LockApp.exe2
ID zprávy: LockApp.exe3
Úplný název chybujícího balíčku: LockApp.exe4
ID aplikace související s chybujícím balíčkem: LockApp.exe5

System errors:
=============
Error: (01/17/2016 10:08:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Intel(R) Management and Security Application User Notification Service přestala během spouštění reagovat.

Error: (01/17/2016 10:08:40 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (01/17/2016 08:28:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (01/17/2016 08:28:54 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%1330

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (01/17/2016 08:23:15 PM) (Source: DCOM) (EventID: 10010) (User: Fufan-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (01/17/2016 08:23:13 PM) (Source: DCOM) (EventID: 10010) (User: Fufan-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (01/17/2016 08:23:13 PM) (Source: DCOM) (EventID: 10010) (User: Fufan-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (01/17/2016 08:23:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Úložiště uživatelských dat_3b4ec bylo dosaženo časového limitu (30000 ms).

Error: (01/17/2016 08:23:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Hostitel synchronizace_3b4ec bylo dosaženo časového limitu (30000 ms).

Error: (01/17/2016 08:22:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_3b4ec byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

CodeIntegrity:
===================================
Date: 2016-01-16 00:54:30.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-15 22:32:15.647
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:15.632
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:15.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:15.534
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:15.512
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:15.481
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 22:32:04.952
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 21:26:52.145
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-15 21:26:52.129
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 72%
Total physical RAM: 4001.06 MB
Available physical RAM: 1095.43 MB
Total Virtual: 8097.06 MB
Available Virtual: 4649.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:292.26 GB) (Free:183.3 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:380.6 GB) (Free:26.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=292.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=785 MB) - (Type=27)
Partition 4: (Not Active) - (Size=380.6 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Willy · #13 Příspěvek od **Willy** » 17 led 2016 22:19

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Fufan (administrator) on FUFAN-PC (17-01-2016 22:09:41)
Running from C:\Users\Fufan\Desktop
Loaded Profiles: Fufan & postgres (Available Profiles: UpdatusUser & Fufan & postgres)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\ExpressGateUtil\VAWinService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(PortableApps.com) C:\aPrograms\OperaPortable\OperaPortable.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Opera Software) C:\aPrograms\OperaPortable\App\Opera\opera.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3738336 2015-10-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-02-25] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-16] (AVAST Software)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-12-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [14960 2016-01-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-06] (Acresso Corporation)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [join.me.launcher] => C:\Users\Fufan\AppData\Local\join.me.launcher\join.me.launcher.exe [173840 2015-08-31] (LogMeIn, Inc)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-722700253-2852286510-886327887-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-722700253-2852286510-886327887-1006\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-16] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-01]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2015-08-09]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\Fufan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2015-08-09]
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Fufan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2015-11-23]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
Startup: C:\Users\Fufan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2016-01-10]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36 192.168.1.1
Tcpip\..\Interfaces\{055feabc-9a53-4202-8d7d-0470206db219}: [DhcpNameServer] 213.46.172.37 213.46.172.36 192.168.1.1
Tcpip\..\Interfaces\{c6d8e8eb-e3a8-43a7-aa44-1fc749d6916f}: [DhcpNameServer] 213.46.172.37 213.46.172.36 192.168.1.1
Tcpip\..\Interfaces\{f058086d-e4dc-4f2d-9daf-ea63ed244de6}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-722700253-2852286510-886327887-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-722700253-2852286510-886327887-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-722700253-2852286510-886327887-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-722700253-2852286510-886327887-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBJV0BUAkSQhgaIw9cTA0QEVAOeABeBxRBGFEVcQ1ZVwhAF1QFIk0FA1ADB0VXfVBdFElXTwhgIU1dE1wVVVp6L0w=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ASUT
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {1DAB9224-C5B1-47ED-9E50-989BAF0575CC} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> {D39EFA40-A424-4C0D-9369-BAD401033F75} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-17] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-16] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-04-01] (Google Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-17] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-20] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-16] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-04-01] (Google Inc.)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-04-01] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-20] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-722700253-2852286510-886327887-1001 -> No Name - {F3FB69AE-9F85-413A-BA2F-12FD030B621A} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default
FF DefaultSearchEngine: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF SearchEngineOrder.1: Google (avast)
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF SearchPlugin: C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\searchplugins\google-avast.xml [2016-01-16]
FF Extension: Avira Browser Safety - C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\Extensions\abs@avira.com [2016-01-16]
FF Extension: Домашняя страница Mail.Ru - C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\Extensions\homepage@mail.ru [2015-12-23]
FF Extension: Поиск@Mail.Ru - C:\Users\Fufan\AppData\Roaming\Mozilla\Firefox\Profiles\o3b13dwu.default\Extensions\search@mail.ru [2015-12-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-03]
CHR Extension: (Dokumenty Google) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-03]
CHR Extension: (Disk Google) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-03]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2016-01-03]
CHR Extension: (YouTube) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-03]
CHR Extension: (Vyhledávání Google) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-03]
CHR Extension: (eShield) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp [2016-01-03]
CHR Extension: (Tabulky Google) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-04]
CHR Extension: (Skype) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-03]
CHR Extension: (Gmail) - C:\Users\Fufan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-03]
CHR Extension: () - C:\Users\Fufan\AppData\Local\Web Rush\Component [2016-01-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-722700253-2852286510-886327887-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Fufan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-01-03]
CHR HKU\S-1-5-21-722700253-2852286510-886327887-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-722700253-2852286510-886327887-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-16]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Fufan\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-01-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-16] (AVAST Software)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [251160 2015-12-08] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-29] (ELAN Microelectronics Corp.)
R2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [File not signed]
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [24224 2016-01-04] (Avira Operations GmbH & Co. KG)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-16] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
R3 FLxHCIh; C:\Windows\System32\drivers\FLxHCIh.sys [81920 2011-02-25] (Fresco Logic)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2015-09-26] (Sony Mobile Communications)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U4 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-17 18:23 - 2016-01-17 18:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-17 18:22 - 2016-01-17 20:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-17 18:22 - 2016-01-17 18:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-17 18:21 - 2016-01-17 18:21 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-17 18:20 - 2016-01-17 20:22 - 00000000 ____D C:\Users\Fufan\Desktop\mbar
2016-01-17 17:15 - 2016-01-17 17:16 - 00007430 _____ C:\Users\Fufan\Desktop\Fixlog.txt
2016-01-17 16:55 - 2016-01-17 16:55 - 00000000 ____D C:\Users\Fufan\AppData\Local\Equilab
2016-01-17 16:12 - 2016-01-17 16:12 - 00001798 _____ C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
2016-01-17 16:12 - 2016-01-17 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
2016-01-17 16:09 - 2016-01-17 16:09 - 00000000 ____D C:\Users\Fufan\AppData\Local\Downloaded Installations
2016-01-17 13:47 - 2016-01-17 13:58 - 00070752 _____ C:\Users\Fufan\Desktop\Addition.txt
2016-01-17 13:47 - 2016-01-17 13:47 - 00093395 _____ C:\Users\Fufan\Desktop\FRST3.txt
2016-01-17 13:45 - 2016-01-17 22:09 - 00032719 _____ C:\Users\Fufan\Desktop\FRST.txt
2016-01-17 13:45 - 2016-01-17 22:09 - 00000000 ____D C:\FRST
2016-01-17 13:43 - 2016-01-17 13:43 - 00112640 _____ (forum.viry.cz) C:\Users\Fufan\Downloads\FRSTLauncher.exe
2016-01-17 13:41 - 2016-01-17 13:39 - 02370560 _____ (Farbar) C:\Users\Fufan\Desktop\FRST64.exe
2016-01-17 10:21 - 2016-01-17 10:21 - 00000000 ____D C:\Users\Fufan\AppData\Local\{48B9B523-796F-4324-9556-6829DCBC005E}
2016-01-16 22:18 - 2016-01-16 22:18 - 00000000 ____D C:\Users\Fufan\AppData\LocalLow\uTorrent
2016-01-16 13:39 - 2016-01-16 13:39 - 00000886 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-01-16 13:39 - 2016-01-16 13:39 - 00000000 ____D C:\Users\Fufan\AppData\Local\VS Revo Group
2016-01-16 13:39 - 2016-01-16 13:39 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-01-16 13:39 - 2016-01-16 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-01-16 13:39 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-01-16 12:54 - 2016-01-16 12:54 - 00000000 ____D C:\Users\Fufan\AppData\Local\Avira
2016-01-16 12:45 - 2016-01-16 12:45 - 00000058 _____ C:\WINDOWS\ntbtlog.txt
2016-01-16 12:38 - 2016-01-16 12:38 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-16 12:23 - 2016-01-16 12:23 - 00001218 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-01-16 12:21 - 2016-01-16 12:53 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-01-16 12:21 - 2016-01-16 12:21 - 00003450 _____ C:\WINDOWS\System32\Tasks\Avira System Speedup Tray
2016-01-16 12:17 - 2016-01-17 17:18 - 00000000 ____D C:\Program Files (x86)\Avira
2016-01-16 12:17 - 2016-01-17 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-01-16 12:17 - 2016-01-16 12:21 - 00000000 ____D C:\ProgramData\Avira
2016-01-16 12:17 - 2016-01-16 12:17 - 00001281 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-01-16 11:46 - 2016-01-16 11:46 - 00000000 ____D C:\Users\Fufan\AppData\Local\{BEABC63B-4A47-49D8-9C70-4021DC2AF623}
2016-01-16 01:58 - 2016-01-16 01:56 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-01-16 01:57 - 2016-01-16 01:57 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-01-16 01:57 - 2016-01-16 01:57 - 00001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-16 01:57 - 2016-01-16 01:57 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\AVAST Software
2016-01-16 01:56 - 2016-01-17 17:21 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-01-16 01:56 - 2016-01-16 01:57 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-01-16 01:56 - 2016-01-16 01:57 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-01-16 01:56 - 2016-01-16 01:56 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-01-16 01:56 - 2016-01-16 01:56 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-01-16 01:56 - 2016-01-16 01:56 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-01-16 01:56 - 2016-01-16 01:56 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-01-16 01:56 - 2016-01-16 01:56 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-01-16 01:56 - 2016-01-16 01:56 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-01-16 01:56 - 2016-01-16 01:56 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-01-16 01:56 - 2016-01-16 01:56 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-16 01:56 - 2016-01-16 01:56 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-16 01:36 - 2016-01-16 01:36 - 00002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-01-16 01:36 - 2016-01-16 01:36 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-16 01:36 - 2016-01-16 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-16 01:36 - 2016-01-16 01:36 - 00000000 ____D C:\Program Files\CCleaner
2016-01-16 01:28 - 2016-01-16 01:28 - 00001462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-01-16 01:28 - 2016-01-16 01:28 - 00001450 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-01-16 01:28 - 2016-01-16 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-01-16 01:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-01-16 01:09 - 2016-01-16 01:08 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160116-010926.backup
2016-01-16 01:08 - 2015-12-17 16:31 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160116-010835.backup
2016-01-16 00:38 - 2016-01-16 19:12 - 00000000 ____D C:\AdwCleaner
2016-01-16 00:29 - 2016-01-16 00:29 - 00005120 _____ C:\Users\Fufan\AppData\Roaming\GiftBag.db
2016-01-16 00:27 - 2016-01-16 00:27 - 00002341 _____ C:\Users\Public\Desktop\软件管理.lnk
2016-01-16 00:27 - 2016-01-16 00:27 - 00000000 _____ C:\Users\Fufan\Desktop\$电脑管家-清理垃圾$.qmgc
2016-01-16 00:24 - 2016-01-16 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ
2016-01-15 22:26 - 2015-12-21 13:35 - 03317760 ____R C:\Users\Fufan\Desktop\PS.exe
2016-01-15 22:23 - 2016-01-15 22:23 - 00002485 _____ C:\Users\Fufan\Desktop\MiniGet Smart Downloader.lnk
2016-01-15 17:51 - 2016-01-05 03:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-15 17:51 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-15 17:51 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-15 17:51 - 2016-01-05 03:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-15 17:51 - 2016-01-05 03:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-15 17:51 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-15 17:51 - 2016-01-05 03:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-15 17:51 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-15 17:51 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-15 17:51 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-15 17:51 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-15 17:51 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-15 17:51 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-15 17:51 - 2016-01-05 03:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-15 17:51 - 2016-01-05 03:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-15 17:51 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-15 17:51 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-15 17:51 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-15 17:51 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-15 17:51 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-15 17:51 - 2016-01-05 03:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-15 17:51 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-15 17:51 - 2016-01-05 03:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-15 17:51 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-15 17:51 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-15 17:51 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-15 17:51 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-15 17:51 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-15 17:51 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-15 17:51 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-15 17:51 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-15 17:51 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-15 17:51 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-15 17:51 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-15 17:51 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-15 17:51 - 2016-01-05 02:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-15 17:51 - 2016-01-05 02:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-15 17:51 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-15 17:51 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-15 17:51 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-15 17:51 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-15 17:51 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-15 17:51 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-15 17:51 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-15 17:51 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-15 17:51 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-15 17:51 - 2016-01-05 02:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-15 17:51 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-15 17:51 - 2016-01-05 02:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-15 17:51 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-15 17:51 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-15 17:51 - 2016-01-05 02:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-15 17:51 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-15 17:51 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-15 17:51 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-15 17:51 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-15 17:51 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-15 17:51 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-15 17:51 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-15 17:51 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-15 17:51 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-15 17:51 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-15 17:51 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-15 17:51 - 2016-01-05 02:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-15 17:51 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-15 17:51 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-15 17:51 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-15 17:51 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-15 17:51 - 2016-01-05 02:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-15 17:51 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-15 17:51 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-15 17:51 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-15 17:51 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-15 17:51 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-15 17:51 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-15 17:51 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-15 17:51 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-15 17:51 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-15 17:51 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-15 17:51 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-15 17:51 - 2016-01-05 02:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-15 17:51 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-15 17:51 - 2016-01-05 02:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-15 17:51 - 2016-01-05 02:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-15 17:51 - 2016-01-05 02:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-15 17:51 - 2016-01-05 02:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-15 17:51 - 2016-01-05 02:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-15 17:51 - 2016-01-05 02:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-15 17:35 - 2016-01-15 17:35 - 00000000 ____D C:\Users\Fufan\AppData\Local\{C5EDBF67-233A-4201-A0E7-0D9E80C6D763}
2016-01-12 17:46 - 2016-01-12 17:46 - 00000687 _____ C:\awh57EC.tmp
2016-01-12 16:03 - 2016-01-12 16:03 - 00000000 ____D C:\Users\Fufan\AppData\Local\{07FD03D4-6007-4CF2-B4ED-8E9F7B3DB321}
2016-01-11 23:36 - 2016-01-11 23:36 - 00000000 ____D C:\Users\Fufan\AppData\Local\{F6C678A0-EE9F-4FA9-AFAD-127543CFEA68}
2016-01-11 11:29 - 2016-01-11 11:29 - 00000000 ____D C:\Users\Fufan\AppData\Local\{0342F09F-879F-4404-8C0C-58DA4D556769}
2016-01-10 23:19 - 2016-01-10 23:20 - 00000000 ____D C:\Users\Fufan\AppData\Local\{39234012-C559-40C3-8372-E73C4BD6C662}
2016-01-10 11:19 - 2016-01-10 11:19 - 00000000 ____D C:\Users\Fufan\AppData\Local\{30C1B345-FD1C-43F6-8461-36E3E19EB714}
2016-01-10 11:09 - 2016-01-10 11:09 - 01103290 _____ C:\Users\Fufan\Downloads\VXEOBXdR20160109180920.zip
2016-01-09 23:19 - 2016-01-09 23:19 - 00000000 ____D C:\Users\Fufan\AppData\Local\{5308C002-413A-4977-A756-E90A7E201489}
2016-01-08 17:18 - 2016-01-08 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-08 10:20 - 2016-01-08 10:20 - 00000000 ____D C:\Users\Fufan\AppData\Local\{5F3687B9-4C34-4E26-AC38-9D02EC3B9FEA}
2016-01-07 13:53 - 2016-01-07 13:53 - 00000000 ____D C:\Users\Fufan\AppData\Local\{36B44BF6-85D2-4D5C-812E-FF42043F86FA}
2016-01-06 13:47 - 2016-01-06 13:47 - 00000000 ____D C:\Users\Fufan\AppData\Local\{08CD0C49-30D5-4E04-AF80-7EE412B3F9AB}
2016-01-05 15:40 - 2016-01-05 15:40 - 00000687 _____ C:\awh5E1F.tmp
2016-01-05 15:27 - 2016-01-05 15:27 - 00000000 ____D C:\Users\Fufan\AppData\Local\{5709B7AC-3B6F-4418-AE94-CEC174A4141B}
2016-01-04 12:46 - 2016-01-04 12:46 - 00000000 ____D C:\Users\Fufan\AppData\Local\{E0DE7A40-956F-43D8-B3E3-8702EDE684CF}
2016-01-04 00:46 - 2016-01-04 00:46 - 00000000 ____D C:\Users\Fufan\AppData\Local\{3CE7308D-D14B-4658-88C0-F86FE5041567}
2016-01-03 12:45 - 2016-01-03 12:46 - 00000000 ____D C:\Users\Fufan\AppData\Local\{E02CFEB0-40EE-4132-AA76-25B85274EDF8}
2016-01-02 22:40 - 2016-01-15 17:46 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-02 22:40 - 2016-01-02 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-02 22:39 - 2016-01-17 00:02 - 00000958 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-02 22:39 - 2016-01-02 22:39 - 00004024 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-01-02 16:01 - 2016-01-02 16:01 - 00172429 _____ C:\Users\Fufan\Downloads\Vip0MjhT20160102094912.zip
2016-01-02 13:40 - 2016-01-02 13:41 - 00000000 ____D C:\Users\Fufan\AppData\Local\{E75E45B8-C54E-4DC2-92C9-D2E5FCF79CAB}
2016-01-01 12:15 - 2016-01-01 12:15 - 00000000 ____D C:\Users\Fufan\AppData\Local\{44CEFBA7-81A2-40E5-AFCB-5F54AB069FFF}
2016-01-01 00:14 - 2016-01-01 00:14 - 00000000 ____D C:\Users\Fufan\AppData\Local\{61E5EC94-3DF8-4B48-955D-77263191FC77}
2015-12-31 12:14 - 2015-12-31 12:14 - 00000000 ____D C:\Users\Fufan\AppData\Local\{FEBD0597-BAD2-4744-AD22-3E23B94A667B}
2015-12-30 20:27 - 2015-12-30 20:27 - 00002117 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-12-30 20:27 - 2015-12-30 20:27 - 00002115 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-12-30 20:27 - 2015-12-30 20:27 - 00002105 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-12-30 20:27 - 2015-12-30 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-12-30 17:06 - 2015-12-30 17:07 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2015-12-30 17:06 - 2015-12-30 17:06 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\Sony
2015-12-30 15:35 - 2015-12-30 15:35 - 00000000 ____D C:\Users\Fufan\AppData\Local\{D7DAABAE-8CD3-4973-BC8D-97C518273989}
2015-12-29 15:25 - 2015-12-29 15:25 - 09479872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-12-29 14:47 - 2015-12-29 14:47 - 00000000 ____D C:\Users\Fufan\AppData\Local\{3B3145B4-FC27-4B3F-A9AB-07454B5D66A7}
2015-12-28 13:19 - 2015-12-28 13:19 - 00000000 ____D C:\Users\Fufan\AppData\Local\{6B71ABF6-5920-4C30-B1E7-766560610D48}
2015-12-27 11:13 - 2015-12-27 11:13 - 00000000 ____D C:\Users\Fufan\AppData\Local\{9241AE03-0011-4CF0-898B-9E5569DE3DFF}
2015-12-26 23:13 - 2015-12-26 23:13 - 00000000 ____D C:\Users\Fufan\AppData\Local\{5B8C8293-C2B9-44F4-AA45-905D9CDA67E7}
2015-12-26 01:20 - 2015-12-26 01:20 - 00000000 ____D C:\Users\Fufan\AppData\Local\{EB41C138-CA3C-4B56-82CA-BA6350B061A4}
2015-12-25 13:20 - 2015-12-25 13:20 - 00000000 ____D C:\Users\Fufan\AppData\Local\{ACCB51BB-AD4A-4B75-876E-7D815AE13678}
2015-12-25 01:13 - 2015-12-25 01:13 - 00000000 ____D C:\Users\Fufan\AppData\Local\{322858AF-C8AA-4976-AF31-90AF3CD68E9C}
2015-12-24 12:39 - 2015-12-24 12:39 - 00000000 ____D C:\Users\Fufan\AppData\Local\{077E4E84-5569-4959-8AB5-89F4325FF198}
2015-12-23 23:30 - 2015-12-23 23:30 - 00000000 ____D C:\Users\Fufan\AppData\Local\{F4572E5D-0648-4749-91D3-31BDD9BF7A14}
2015-12-23 21:08 - 2015-12-23 21:15 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\AION
2015-12-23 21:08 - 2015-12-23 21:14 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\WarThunder
2015-12-23 21:08 - 2015-12-23 21:08 - 00000564 _____ C:\yoursearching.xml
2015-12-23 21:08 - 2015-12-23 21:08 - 00000000 ____D C:\Users\Fufan\AppData\Local\AION
2015-12-23 20:54 - 2015-12-23 20:54 - 00000000 ____D C:\Users\Fufan\AppData\Local\Вoйти в Интeрнет
2015-12-23 20:51 - 2015-12-23 20:51 - 00001010 _____ C:\Users\Fufan\Desktop\Calculator.lnk
2015-12-23 20:51 - 2015-12-23 20:51 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\Calculator
2015-12-23 20:49 - 2015-12-23 20:49 - 00000000 ____D C:\Users\Fufan\AppData\Local\Поиcк в Интeрнете
2015-12-23 20:48 - 2016-01-16 14:24 - 00000000 ____D C:\Users\Fufan\AppData\Local\SystemDir
2015-12-23 20:46 - 2015-12-23 21:17 - 00000000 ____D C:\Users\Fufan\AppData\Local\Mail.Ru
2015-12-23 20:46 - 2015-12-23 20:46 - 00000000 ____D C:\ProgramData\Mail.Ru
2015-12-23 20:35 - 2015-12-23 20:35 - 00000000 ____D C:\Users\Fufan\Downloads\Torrentex
2015-12-23 12:27 - 2015-12-23 12:27 - 00000932 _____ C:\Users\Public\Desktop\PokerStars.eu.lnk
2015-12-23 12:27 - 2015-12-23 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
2015-12-23 11:30 - 2015-12-23 11:30 - 00000000 ____D C:\Users\Fufan\AppData\Local\{F07CE120-B5D6-4AE7-9DAD-2C668F1A2AC8}
2015-12-23 01:03 - 2015-12-23 01:03 - 00000687 _____ C:\awhBD2D.tmp
2015-12-22 22:55 - 2015-12-22 22:55 - 00000000 ____D C:\Users\Fufan\Desktop\HM2logs
2015-12-22 18:17 - 2015-12-22 18:18 - 00000146 _____ C:\test.txt
2015-12-22 18:17 - 2015-12-22 18:18 - 00000000 ____D C:\Temp
2015-12-22 14:35 - 2015-12-22 14:35 - 00000000 ____D C:\Users\Fufan\AppData\Local\{1E40E69B-27C7-4CFE-9915-8A1B28340D64}
2015-12-21 22:44 - 2015-12-21 22:44 - 70619074 _____ C:\Users\Fufan\Downloads\2013 01 28 CG Jakub session NL50.wmv
2015-12-21 22:27 - 2015-12-23 12:21 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2015-12-21 21:15 - 2015-12-21 21:16 - 85581461 _____ C:\Users\Fufan\Downloads\2015 02 01 - kubiiik - Rozbor statistik II.webm
2015-12-21 21:14 - 2015-12-21 21:15 - 94010310 _____ C:\Users\Fufan\Downloads\2015 01 25 - kubiiik a Tadoch - Rozbor statistik I..webm
2015-12-21 15:21 - 2015-12-21 15:21 - 00000000 ____D C:\Users\Fufan\AppData\Local\{19F21991-BB29-4CF9-B841-1515FD1A334A}
2015-12-21 14:25 - 2015-12-21 14:26 - 374993310 _____ C:\Users\Fufan\Downloads\2015-11-22 - Tadoch - live session FF NL25.webm
2015-12-21 14:25 - 2015-12-21 14:26 - 130389849 _____ C:\Users\Fufan\Downloads\2012 10 28 CG Jakub session.flv
2015-12-21 13:17 - 2015-12-21 13:24 - 00000000 ____D C:\Users\Fufan\AppData\Local\Combonator
2015-12-21 13:17 - 2015-12-21 13:17 - 00000820 _____ C:\Users\Public\Desktop\combonator.lnk
2015-12-21 13:17 - 2015-12-21 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combonator
2015-12-21 12:16 - 2015-12-21 12:16 - 12487112 _____ C:\Users\Fufan\Downloads\2013 01 24-Tadoch-EV-Equity-Edge.wmv
2015-12-21 00:32 - 2015-12-21 00:32 - 00000000 ____D C:\Users\Fufan\AppData\Local\{863C9DAA-FADA-4E88-83AB-CCEEB2573B1F}
2015-12-20 23:22 - 2015-12-20 23:32 - 00002085 _____ C:\Users\Fufan\URPreferences.xml
2015-12-20 23:22 - 2015-12-20 23:22 - 00002514 _____ C:\Users\Fufan\Desktop\Universal Replayer.lnk
2015-12-20 23:22 - 2015-12-20 23:22 - 00000000 ____D C:\Users\Fufan\AppData\Local\Sun
2015-12-20 23:13 - 2015-12-20 23:13 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-12-20 23:13 - 2015-12-20 23:13 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\Sun
2015-12-20 23:13 - 2015-12-20 23:13 - 00000000 ____D C:\Users\Fufan\AppData\LocalLow\Sun
2015-12-20 23:13 - 2015-12-20 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-20 23:12 - 2015-12-20 23:13 - 00000000 ____D C:\ProgramData\Oracle
2015-12-20 23:12 - 2015-12-20 23:12 - 00000000 ____D C:\Users\Fufan\AppData\LocalLow\Oracle
2015-12-20 23:12 - 2015-12-20 23:12 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-20 23:09 - 2015-12-20 23:09 - 00000000 ____D C:\Users\Fufan\AppData\Local\MediaGrafix
2015-12-20 22:39 - 2015-12-20 22:40 - 125360543 _____ C:\Users\Fufan\Downloads\2012 10 01 CG Tadoch raise na flopu.flv
2015-12-20 12:31 - 2015-12-20 12:31 - 00000000 ____D C:\Users\Fufan\AppData\Local\{F91E3D48-1B84-45CF-AAB5-453C6D379EC7}
2015-12-19 23:25 - 2015-12-19 23:25 - 00000000 ____D C:\Users\Fufan\AppData\Local\{CEE816C0-3CAC-416E-8DFE-384056CE4290}
2015-12-19 15:43 - 2015-12-19 16:03 - 00000336 _____ C:\Users\Fufan\Desktop\Poznatky.txt
2015-12-19 11:24 - 2015-12-19 11:24 - 00000000 ____D C:\Users\Fufan\AppData\Local\{9146670A-546A-4226-A150-113BB7396A5D}
2015-12-19 10:07 - 2015-12-19 10:07 - 00000687 _____ C:\awh6F1D.tmp
2015-12-18 13:34 - 2015-12-18 13:34 - 00000000 ____D C:\Users\Fufan\AppData\Local\{6404992F-F861-4ED8-8D22-86D2889EA2E9}
2015-12-18 12:31 - 2015-12-18 12:31 - 00000808 _____ C:\Users\Fufan\Desktop\StackView.lnk
2015-12-18 12:31 - 2015-12-18 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StackView
2015-12-18 12:31 - 2004-03-09 00:00 - 00224016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tabctl32.ocx
2015-12-18 12:31 - 2004-03-09 00:00 - 00212240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\richtx32.ocx
2015-12-18 12:31 - 2004-03-09 00:00 - 00152848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2015-12-18 01:54 - 2015-12-07 05:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 01:54 - 2015-12-07 05:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 01:54 - 2015-12-07 05:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 01:54 - 2015-12-07 05:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 01:54 - 2015-12-07 05:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 01:54 - 2015-12-07 05:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 01:54 - 2015-12-07 05:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 01:54 - 2015-12-07 05:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 01:54 - 2015-12-07 05:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 01:54 - 2015-12-07 05:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 01:54 - 2015-12-07 05:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 01:54 - 2015-12-07 05:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 01:54 - 2015-12-07 05:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 01:54 - 2015-12-07 05:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 01:54 - 2015-12-07 05:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 01:54 - 2015-12-07 05:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 01:54 - 2015-12-07 05:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 01:54 - 2015-12-07 05:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 01:54 - 2015-12-07 05:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 01:54 - 2015-12-07 05:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 01:54 - 2015-12-07 05:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 01:54 - 2015-12-07 05:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 01:54 - 2015-12-07 05:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 01:54 - 2015-12-07 05:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 01:54 - 2015-12-07 05:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 01:54 - 2015-12-07 05:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 01:54 - 2015-12-07 05:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 01:54 - 2015-12-07 05:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 01:54 - 2015-12-07 05:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 01:54 - 2015-12-07 05:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 01:54 - 2015-12-07 05:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 01:54 - 2015-12-07 05:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 01:54 - 2015-12-07 05:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 01:54 - 2015-12-07 05:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 01:54 - 2015-12-07 04:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 01:54 - 2015-12-07 04:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 01:54 - 2015-12-07 04:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 01:54 - 2015-12-07 04:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 01:54 - 2015-12-07 04:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 01:54 - 2015-12-07 04:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 01:54 - 2015-12-07 04:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 01:54 - 2015-12-07 04:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 01:54 - 2015-12-07 04:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 01:54 - 2015-12-07 04:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 01:54 - 2015-12-07 04:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 01:54 - 2015-12-07 04:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 01:54 - 2015-12-07 04:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 01:54 - 2015-12-07 04:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 01:54 - 2015-12-07 04:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 01:54 - 2015-12-07 04:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 01:54 - 2015-12-07 04:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 01:54 - 2015-12-07 04:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 01:54 - 2015-12-07 04:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 01:54 - 2015-12-07 04:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 01:54 - 2015-12-07 04:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 01:54 - 2015-12-07 04:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 01:54 - 2015-12-07 04:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 01:54 - 2015-12-07 04:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 01:54 - 2015-12-07 04:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 01:54 - 2015-12-07 04:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 01:54 - 2015-12-07 04:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 01:54 - 2015-12-07 04:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 01:54 - 2015-12-07 04:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 01:54 - 2015-12-07 04:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 01:54 - 2015-12-07 04:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 01:54 - 2015-12-07 04:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 01:54 - 2015-12-07 04:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-18 01:49 - 2015-12-18 01:49 - 00000000 ____D C:\Users\postgres.Fufan-PC\AppData\Roaming\Opera Software
2015-12-18 01:47 - 2015-12-23 21:10 - 00001480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-18 01:47 - 2015-12-18 01:47 - 00003946 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1450399619
2015-12-18 01:47 - 2015-12-18 01:47 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\Opera Software
2015-12-18 01:47 - 2015-12-18 01:47 - 00000000 ____D C:\Users\Fufan\AppData\Local\Opera Software
2015-12-18 01:46 - 2015-12-18 01:47 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-18 01:45 - 2015-12-18 01:45 - 00000687 _____ C:\awh233F.tmp
2015-12-18 01:33 - 2015-12-18 01:33 - 00000000 ____D C:\Users\Fufan\AppData\Local\{CABF0D12-2D17-44A1-808F-AB38C057D2A4}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-17 22:08 - 2015-08-11 12:58 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\Skype
2016-01-17 20:27 - 2015-12-16 22:41 - 00000000 ___RD C:\Users\Fufan\Disk Google
2016-01-17 20:26 - 2015-08-08 08:20 - 00000000 ___HD C:\ASUS.DAT
2016-01-17 20:25 - 2015-08-08 10:51 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-17 20:24 - 2015-11-18 01:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-17 20:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-17 20:23 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-17 20:22 - 2015-08-08 21:37 - 00000000 ____D C:\Users\Fufan\9wpg258hz
2016-01-17 18:01 - 2015-08-08 21:43 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\HoldemManager
2016-01-17 17:19 - 2015-08-09 16:51 - 00003076 _____ C:\WINDOWS\system32\AutoRunFilter.ini
2016-01-17 17:18 - 2015-09-07 12:33 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-17 17:15 - 2015-12-13 14:29 - 00000000 ____D C:\Users\Fufan\AppData\LocalLow\Temp
2016-01-17 17:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-01-17 17:15 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-01-17 17:03 - 2015-09-12 16:50 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\Seznam.cz
2016-01-17 17:03 - 2015-09-12 16:50 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-01-17 13:54 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-17 11:36 - 2015-08-11 09:32 - 00000000 ____D C:\Users\Fufan\AppData\Local\Adobe
2016-01-17 10:17 - 2015-08-08 21:59 - 00000000 ____D C:\Users\Fufan\AppData\Local\PokerStars.EU
2016-01-17 00:13 - 2015-08-13 12:31 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\uTorrent
2016-01-16 22:29 - 2015-11-21 16:20 - 00000000 ____D C:\Users\Fufan\Documents\888poker
2016-01-16 17:55 - 2015-08-11 12:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-16 17:53 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-16 13:52 - 2015-10-30 19:31 - 00808766 _____ C:\WINDOWS\system32\perfh005.dat
2016-01-16 13:52 - 2015-10-30 19:31 - 00178272 _____ C:\WINDOWS\system32\perfc005.dat
2016-01-16 13:52 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-16 13:52 - 2015-08-10 11:55 - 01942344 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-16 13:39 - 2015-08-08 21:48 - 00000000 ____D C:\aPrograms
2016-01-16 13:29 - 2015-08-08 08:20 - 00000000 ____D C:\Users\Fufan\AppData\Local\VirtualStore
2016-01-16 13:10 - 2015-11-22 23:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-16 12:51 - 2015-08-09 16:51 - 00001643 _____ C:\WINDOWS\system32\ServiceFilter.ini
2016-01-16 12:49 - 2015-11-18 01:11 - 05054696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-16 12:43 - 2015-12-03 22:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-16 12:43 - 2015-11-22 14:51 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\AIMP3
2016-01-16 12:43 - 2015-11-18 01:10 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-16 12:17 - 2015-09-18 16:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-16 02:15 - 2015-08-08 10:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-16 02:10 - 2015-08-08 10:04 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-16 01:28 - 2015-11-22 23:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-16 01:17 - 2015-11-22 23:40 - 00000164 _____ C:\WINDOWS\wininit.ini
2016-01-16 00:49 - 2015-08-09 23:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-16 00:49 - 2015-08-09 23:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-16 00:47 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-15 22:10 - 2015-12-01 21:17 - 00000867 _____ C:\Users\Public\Desktop\HoldemManager2.lnk
2016-01-15 18:06 - 2015-08-11 17:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-15 18:05 - 2015-08-09 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-15 17:59 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-15 17:48 - 2015-08-23 11:04 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 17:47 - 2015-08-23 11:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 17:41 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-08 17:18 - 2015-08-11 12:58 - 00000000 ____D C:\Users\Fufan\AppData\Local\Skype
2016-01-08 17:18 - 2015-08-11 12:57 - 00000000 ____D C:\ProgramData\Skype
2016-01-07 17:02 - 2015-12-16 22:41 - 00001815 _____ C:\Users\Fufan\Desktop\Disk Google.lnk
2016-01-06 17:16 - 2015-08-23 17:18 - 00000000 ____D C:\Users\Fufan\AppData\Roaming\Audacity
2016-01-03 12:44 - 2015-08-08 08:41 - 00000000 ____D C:\Users\Fufan\AppData\Local\Google
2016-01-03 02:40 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 22:40 - 2011-04-01 09:58 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-31 17:52 - 2015-08-08 08:20 - 00095648 _____ C:\Users\Fufan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-31 15:18 - 2015-12-02 16:49 - 00000000 ____D C:\FlashInstaller
2015-12-30 17:02 - 2015-08-11 16:54 - 00002101 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-12-30 17:02 - 2015-08-11 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-12-30 17:02 - 2015-08-09 16:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-29 19:20 - 2015-11-29 11:43 - 00000000 ____D C:\Users\Fufan\AppData\Local\ElevatedDiagnostics
2015-12-20 23:22 - 2015-11-18 01:19 - 00000000 ____D C:\Users\Fufan
2015-12-20 23:13 - 2015-09-26 12:35 - 00000000 ____D C:\Users\Fufan\.oracle_jre_usage
2015-12-18 23:26 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-18 01:45 - 2015-08-09 16:44 - 00000000 ____D C:\Program Files (x86)\AmIcoSingLun
2015-12-18 01:41 - 2015-09-12 16:50 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-12-18 01:39 - 2015-11-18 01:19 - 00000000 ____D C:\Users\postgres.Fufan-PC

==================== Files in the root of some directories =======

2015-10-23 12:16 - 2015-10-23 12:16 - 0000604 ____H () C:\Program Files (x86)\_Z2
2016-01-16 00:29 - 2016-01-16 00:29 - 0005120 _____ () C:\Users\Fufan\AppData\Roaming\GiftBag.db
2015-08-11 16:54 - 2015-08-11 16:54 - 29593968 _____ (Sony Mobile Communications ) C:\Users\Fufan\AppData\Local\pcc.exe
2015-09-10 17:55 - 2015-09-10 17:55 - 0004868 _____ () C:\ProgramData\flwjycbm.bab
2011-04-01 10:21 - 2010-07-07 00:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2015-08-22 20:12 - 2015-08-22 20:12 - 0004958 _____ () C:\ProgramData\kmytnfun.aqy
2015-08-09 08:00 - 2015-08-09 08:01 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2015-08-09 08:03 - 2015-08-09 08:03 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-08-09 08:02 - 2015-08-09 08:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2015-08-09 16:57 - 2015-08-09 07:59 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2015-08-09 07:59 - 2015-08-09 08:00 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2015-08-09 16:55 - 2015-08-09 16:56 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-08 12:27

==================== End of FRST.txt ============================

#14 Příspěvek od **altrok** » 17 led 2016 22:41

Z placenych doporucuju ESET Smart Security. Z free alternativ Avast nebo Aviru. Svuj nazor si muzete vytvorit sam na zaklade srovnavacich testu, ktere pro navstevniky tohoto fora Tatry03 shromazduje http://forum.viry.cz/viewtopic.php?f=14 ... 7#p1432987

Po restartu dejte vedet, jak se PC chova.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
Folder: C:\Users\Fufan\9wpg258hz
Task: {D508EA0D-6F20-4D3F-B63C-F48C4672E55D} - System32\Tasks\Web Rush => Rundll32.exe "C:\Users\Fufan\AppData\Local\Web Rush\xBin\WebRush.dll",#3 <==== ATTENTION
C:\Users\Fufan\AppData\Local\Web Rush
U4 aspnet_state; no ImagePath
CMD: del C:\awh*.tmp
2016-01-12 17:46 - 2016-01-12 17:46 - 00000687 _____ C:\awh57EC.tmp
2015-09-10 17:55 - 2015-09-10 17:55 - 0004868 _____ () C:\ProgramData\flwjycbm.bab
2011-04-01 10:21 - 2010-07-07 00:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2015-08-22 20:12 - 2015-08-22 20:12 - 0004958 _____ () C:\ProgramData\kmytnfun.aqy
End

Willy · #15 Příspěvek od **Willy** » 17 led 2016 23:53

Paráda, reklama je pryč, ale WinDefender pořád nechce se spustit

VIRY.CZ

Čínská reklama

Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama

Re: Čínská reklama