Dobrý večer,
mám problém s notebookem. Několikrát jsem skenoval ANTI-MALWAREM (1-2x týdně) a pokaždé mi najde Backdoor.Agent.WD i když ho nechám pokaždé smazat. Navíc mi začínají v chromu vyskakovat reklamní okna na různé stránky. Můžu poprosit o pomoc?
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Backdoor.Agent.WD
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119358
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Backdoor.Agent.WD
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Backdoor.Agent.WD
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by Kateřina (administrator) on KATEŘINA-NB (19-01-2016 23:55:25)
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: Kateřina & test & Internet)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(The Privoxy team - http://www.privoxy.org) C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Kateřina\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Kateřina\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [198160 2010-12-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1009288 2012-09-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [fsm] => [X]
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Kateřina\AppData\Roaming\Seznam.cz\szninstall.exe [1009288 2012-09-13] ()
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Kateřina\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92152 2013-01-22] ()
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [Hoolapp Android] => "C:\Users\KATEIN~1\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {379d2040-133b-11e4-b833-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {aca4c9a8-3c0c-11e3-8451-20cf30341260} - E:\Startme.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {f4971c47-ee92-11df-ae68-806e6f6e6963} - D:\InstAll.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-27] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1383477661-2345097757-157039919-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1383477661-2345097757-157039919-1001] => 127.0.0.1:8118
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{87AC7FB8-4AB7-4739-8A1F-78620EA8ECD7}: [DhcpNameServer] 195.113.139.94 195.113.136.35
Tcpip\..\Interfaces\{E424CA01-207F-49D3-A3F0-E96F44C990A6}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
URLSearchHook: HKLM-x32 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {06D8CCDB-1E78-4528-B47F-55310EB1BC6B} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {17B13BD1-43E8-4C9A-BDE5-A15A7DC22470} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {5A66B3A6-26BC-4645-B0E9-2F5A4B5920C7} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {71EB794C-6256-4762-9E9A-E42C840FF3F7} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {74162FE7-373B-4C7D-A070-DF98AFC1C0C3} URL = hxxp://www.firmy.cz/phr/{searchTerms}?sourceid ... arch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {D7EE0BB5-107A-4BF3-8789-9E1C51A26968} URL =
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {DA295DBF-7D4E-4A9C-B038-C6B05E2BCA95} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {EBED24A3-98C0-4E36-9E63-3F8EECCC5B92} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-12-01] (RealPlayer)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-07] (Oracle Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-07] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Kateřina\AppData\Roaming\Mozilla\Firefox\Profiles\qlyt1jg4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2010-12-01] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2010-12-01] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2010-12-01] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2010-12-01] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2010-12-01] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2010-12-01] (RealNetworks, Inc.)
FF Extension: Adblock Plus - C:\Users\Kateřina\AppData\Roaming\Mozilla\Firefox\Profiles\qlyt1jg4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-23]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files (x86)\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files (x86)\Real\RealPlayer\browserrecord [2010-12-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2014-12-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared => not found
Chrome:
=======
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kateřina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-13]
CHR HKLM-x32\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files (x86)\RebateInformer\Chrome\rebateinformer_c.crx <not found>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2710816 2014-11-04] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 PrivoxyService; C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe [371200 2016-01-18] (The Privoxy team - http://www.privoxy.org) [File not signed] <==== ATTENTION
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57696 2010-07-12] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [380192 2014-11-04] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-09-24] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-24] (Duplex Secure Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-19 23:55 - 2016-01-19 23:55 - 00021196 _____ C:\Users\Kateřina\Desktop\FRST.txt
2016-01-19 23:54 - 2016-01-19 23:55 - 00000000 ____D C:\FRST
2016-01-19 23:54 - 2016-01-19 23:03 - 00112640 ____N (forum.viry.cz) C:\Users\Kateřina\Desktop\FRSTLauncher.exe
2016-01-19 22:54 - 2016-01-19 22:54 - 00112640 _____ (forum.viry.cz) C:\Users\Kateřina\Downloads\Nepotvrzeno 909027.crdownload
2016-01-19 22:51 - 2016-01-19 22:51 - 00112640 _____ (forum.viry.cz) C:\Users\Kateřina\Downloads\Nepotvrzeno 397017.crdownload
2016-01-19 22:47 - 2016-01-19 22:47 - 00112640 _____ (forum.viry.cz) C:\Users\Kateřina\Downloads\Nepotvrzeno 176012.crdownload
2016-01-19 22:44 - 2016-01-19 22:44 - 02370560 _____ (Farbar) C:\Users\Kateřina\Desktop\FRST64.exe
2016-01-19 21:39 - 2016-01-19 21:40 - 00000000 ____D C:\rsit
2016-01-19 21:39 - 2016-01-19 21:39 - 00000000 ____D C:\Program Files\trend micro
2016-01-19 21:38 - 2016-01-19 21:38 - 01222144 _____ C:\Users\Kateřina\Downloads\RSITx64.exe
2016-01-19 12:50 - 2016-01-19 12:50 - 00001187 _____ C:\Users\KateáŁ
2016-01-18 22:54 - 2016-01-18 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renault Karosa Citybus 12M - Omnibus Simulator
2016-01-18 22:09 - 2016-01-18 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolní Kounice v2.0
2016-01-18 17:12 - 2016-01-19 12:50 - 00003292 _____ C:\Windows\System32\Tasks\Jelbruss Secure Web Task
2016-01-18 17:12 - 2016-01-18 17:12 - 00001187 _____ C:\Users\Kateá6
2016-01-18 17:12 - 2016-01-18 17:12 - 00000000 ____D C:\Program Files (x86)\Jelbruss Secure Web
2016-01-18 11:35 - 2016-01-19 21:21 - 00000000 ____D C:\OMSI 2
2016-01-16 10:45 - 2016-01-16 10:45 - 00053503 _____ C:\Users\Kateřina\Downloads\DPP SvP Vychovatel 2016 V.I.P..pdf
2016-01-16 10:44 - 2016-01-16 10:45 - 00050097 _____ C:\Users\Kateřina\Downloads\Instrukce_ke_smlouve_Vychovatel_2016.pdf
2016-01-16 10:44 - 2016-01-16 10:45 - 00039957 _____ C:\Users\Kateřina\Downloads\Dohoda_o_srazkach_z_odmeny_UNI_2016.pdf
2016-01-15 08:14 - 2016-01-15 08:14 - 00000921 _____ C:\Users\Kateřina\Downloads\export.csv
2016-01-13 19:06 - 2016-01-13 19:07 - 25068282 _____ C:\Users\Kateřina\Downloads\Citybus_Great_Grundorf.rar
2016-01-13 19:05 - 2016-01-13 19:05 - 00468886 _____ C:\Users\Kateřina\Downloads\Grundorf.7z
2016-01-10 19:36 - 2016-01-10 19:36 - 00007350 _____ C:\Users\Kateřina\Downloads\Twin Peaks (Angelo Badalamenti).mid
2016-01-10 19:35 - 2016-01-10 19:35 - 00013894 _____ C:\Users\Kateřina\Downloads\X-Files (Mark Snow).mid
2016-01-10 19:34 - 2016-01-10 19:34 - 00011997 _____ C:\Users\Kateřina\Downloads\Terminator (Brad Fiedel).mid
2016-01-10 19:33 - 2016-01-10 19:33 - 00030176 _____ C:\Users\Kateřina\Downloads\Starwars - The Rebel Fleet - End Title (John Williams).mid
2016-01-10 19:33 - 2016-01-10 19:33 - 00011226 _____ C:\Users\Kateřina\Downloads\Superman (John Williams).mid
2016-01-10 19:32 - 2016-01-10 19:32 - 00070831 _____ C:\Users\Kateřina\Downloads\Star Wars - Remix.mid
2016-01-10 19:31 - 2016-01-10 19:31 - 00013483 _____ C:\Users\Kateřina\Downloads\Star Trek - Next Generation (Dennis McCarthy).mid
2016-01-10 19:30 - 2016-01-10 19:30 - 00009521 _____ C:\Users\Kateřina\Downloads\Space Rangers (Hans Zimmer & Mark Mancina).mid
2016-01-10 19:29 - 2016-01-10 19:29 - 00039240 _____ C:\Users\Kateřina\Downloads\Simpsons (Danny Elfman).mid
2016-01-10 19:28 - 2016-01-10 19:28 - 00025926 _____ C:\Users\Kateřina\Downloads\Robin Hood (Michael Kamen).mid
2016-01-10 19:26 - 2016-01-10 19:26 - 00038699 _____ C:\Users\Kateřina\Downloads\Mission Impossible (Lalo Schifrin).mid
2016-01-10 19:25 - 2016-01-10 19:25 - 00023734 _____ C:\Users\Kateřina\Downloads\Mac Gyver (Randy Edelman).mid
2016-01-10 19:24 - 2016-01-10 19:24 - 00020413 _____ C:\Users\Kateřina\Downloads\Lion King - Hakuna Matata (Hans Zimmer).mid
2016-01-10 19:23 - 2016-01-10 19:23 - 00071575 _____ C:\Users\Kateřina\Downloads\Indiana Jones - Raiders March (John Williams).mid
2016-01-10 19:22 - 2016-01-10 19:22 - 00009709 _____ C:\Users\Kateřina\Downloads\Emergency Room Theme (James Newton Howard).mid
2016-01-10 19:20 - 2016-01-10 19:20 - 00036159 _____ C:\Users\Kateřina\Downloads\Crockett Theme.mid
2016-01-10 19:19 - 2016-01-10 19:19 - 00026015 _____ C:\Users\Kateřina\Downloads\Beetlejuce (Danny Elfman).mid
2016-01-10 19:17 - 2016-01-10 19:17 - 00006064 _____ C:\Users\Kateřina\Downloads\Armageddon (Trevor Jones).mid
2016-01-10 16:47 - 2016-01-10 16:47 - 00030029 _____ C:\Users\Kateřina\Downloads\Back To Future (Alan Silvestri).mid
2016-01-09 16:52 - 2016-01-09 16:52 - 00001233 _____ C:\Users\Public\Desktop\Dokumentace k mapě Dolní Kounice.lnk
2016-01-05 18:57 - 2016-01-18 17:12 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-05 18:55 - 2016-01-19 23:00 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-05 18:55 - 2016-01-19 19:00 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-05 18:55 - 2016-01-05 18:55 - 00927824 _____ (Google Inc.) C:\Users\Kateřina\Downloads\ChromeSetup(1).exe
2016-01-05 18:55 - 2016-01-05 18:55 - 00003952 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-05 18:55 - 2016-01-05 18:55 - 00003700 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-05 09:42 - 2016-01-05 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-04 22:12 - 2016-01-19 21:26 - 00003034 _____ C:\Windows\System32\Tasks\MSIAfterburner
2016-01-03 21:36 - 2016-01-03 21:36 - 00163367 _____ C:\Users\Kateřina\Downloads\Forrest_Gump.pdf
2016-01-01 14:16 - 2016-01-01 14:16 - 00460512 _____ C:\Users\Kateřina\Downloads\restaurace-kocanda-jidelni-napojovy-listek-se-seznamem-alergenu-2015-09.pdf
2016-01-01 13:53 - 2016-01-01 13:53 - 00763122 _____ C:\Users\Kateřina\Downloads\Na Rychte_jidelni listek_10_2015_CZ_web.pdf
2015-12-30 17:09 - 2015-12-30 17:09 - 00030845 _____ C:\Users\Kateřina\Downloads\MIDIrar.rar
2015-12-27 17:47 - 2015-12-27 17:47 - 00006908 _____ C:\Users\Kateřina\Downloads\00088-04.mid
2015-12-27 17:44 - 2015-12-27 17:44 - 00002819 _____ C:\Users\Kateřina\Downloads\00588-03.mid
2015-12-26 11:08 - 2015-12-26 11:08 - 00298398 _____ C:\Users\Kateřina\Downloads\20-Guitar_Pro-Drum_Patterns.zip
2015-12-25 11:48 - 2015-12-25 11:48 - 00030146 _____ C:\Users\Kateřina\Downloads\Frank_Sinatra_-_My_Way.mid
2015-12-24 11:32 - 2015-12-24 12:40 - 1218386282 _____ C:\Users\Kateřina\Downloads\Omsi-1.04(Full-Version).rar
2015-12-24 11:26 - 2015-12-24 11:26 - 01942458 _____ C:\Users\Kateřina\Downloads\fa66cw_764d_v100.zip
2015-12-24 11:23 - 2015-12-24 11:30 - 121929962 _____ C:\Users\Kateřina\Downloads\Nepotvrzeno 462501.crdownload
2015-12-23 13:51 - 2015-12-23 13:52 - 00927824 _____ (Google Inc.) C:\Users\Kateřina\Downloads\ChromeSetup.exe
2015-12-22 17:12 - 2016-01-19 12:50 - 00000055 _____ C:\Users\Kate
2015-12-22 08:37 - 2015-12-22 08:37 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-12-22 08:36 - 2015-12-22 08:37 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2015-12-22 08:36 - 2015-12-22 08:36 - 00001086 _____ C:\Users\Kateřina\Desktop\MSI Afterburner.lnk
2015-12-22 08:36 - 2015-12-22 08:36 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-12-22 08:35 - 2016-01-19 21:26 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2015-12-22 08:33 - 2015-12-22 08:34 - 38095191 _____ C:\Users\Kateřina\Downloads\[Guru3D]-MSIAfterburner.zip
2015-12-21 14:55 - 2015-12-21 14:57 - 76738918 _____ C:\Users\Kateřina\Downloads\Mercedes-O520-Cito-OMSI-v1.zip
2015-12-21 14:55 - 2015-12-21 14:55 - 00474787 _____ C:\Users\Kateřina\Downloads\Texture.zip
2015-12-21 13:54 - 2015-12-21 13:59 - 237804311 _____ C:\Users\Kateřina\Downloads\Karosa_B93X_1.1.rar
2015-12-21 13:50 - 2015-12-21 13:51 - 06937995 _____ C:\Users\Kateřina\Downloads\Zvuky.rar
2015-12-21 13:50 - 2015-12-21 13:50 - 00076924 _____ C:\Users\Kateřina\Downloads\IBIS-2.osc
2015-12-21 13:50 - 2015-12-21 13:50 - 00010470 _____ C:\Users\Kateřina\Downloads\B931_nafta.rar
2015-12-21 13:49 - 2015-12-21 13:53 - 180557025 _____ C:\Users\Kateřina\Downloads\Karosa_B931.rar
2015-12-21 13:47 - 2015-12-21 13:49 - 107667074 _____ C:\Users\Kateřina\Downloads\Karosa B732 1.0 (1).rar
2015-12-21 13:43 - 2015-12-21 13:43 - 22751163 _____ C:\Users\Kateřina\Downloads\SU_doors_15_10_mod_NightHauler.rar
2015-12-21 12:52 - 2015-12-21 12:52 - 00009135 _____ C:\Users\Kateřina\Downloads\VbusBlog.ru.rar
2015-12-21 12:49 - 2015-12-21 12:49 - 00000673 _____ C:\Users\Kateřina\Downloads\st01.rar
2015-12-21 12:38 - 2015-12-21 12:38 - 02403299 _____ C:\Users\Kateřina\Downloads\Sceneryobjects.rar
2015-12-21 12:36 - 2015-12-21 12:36 - 06560523 _____ C:\Users\Kateřina\Downloads\CZmod.rar
2015-12-21 11:31 - 2015-12-21 11:40 - 181994504 _____ C:\Users\Kateřina\Downloads\UL_objekty_vse (1).rar
2015-12-21 11:31 - 2015-12-21 11:39 - 160607402 _____ C:\Users\Kateřina\Downloads\ul_addon (1).rar
2015-12-21 11:31 - 2015-12-21 11:37 - 90149658 _____ C:\Users\Kateřina\Downloads\rencitybus.rar
2015-12-21 11:31 - 2015-12-21 11:32 - 09957213 _____ C:\Users\Kateřina\Downloads\patch_unl_map (1).rar
2015-12-21 11:31 - 2015-12-21 11:31 - 00046230 _____ C:\Users\Kateřina\Downloads\citybus_oth.rar
2015-12-21 11:31 - 2015-12-21 11:31 - 00019912 _____ C:\Users\Kateřina\Downloads\HOF_Usti (1).rar
2015-12-21 11:31 - 2015-12-21 11:31 - 00014461 _____ C:\Users\Kateřina\Downloads\patch_citybus.rar
2015-12-21 11:23 - 2015-12-21 11:27 - 73578015 _____ C:\Users\Kateřina\Downloads\Omsi2-Mercedes_o530G.7z
2015-12-20 17:51 - 2015-12-20 17:51 - 00000000 ____D C:\Users\Kateřina\Documents\REAPER Media
2015-12-20 15:39 - 2015-12-20 17:42 - 2201046572 _____ C:\Users\Kateřina\Downloads\OMSI-2-Karlovy-Vary-4.0-full-standart-version.7z
2015-12-20 15:34 - 2015-12-20 15:36 - 26782009 _____ C:\Users\Kateřina\Downloads\KAROSA_B952E.rar
2015-12-20 15:24 - 2015-12-20 18:27 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\REAPER
2015-12-20 15:21 - 2015-12-20 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER
2015-12-20 15:20 - 2015-12-21 10:40 - 00000000 ____D C:\Program Files (x86)\REAPER
2015-12-20 10:03 - 2015-12-20 10:03 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-20 10:03 - 2015-12-20 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-20 10:02 - 2016-01-04 22:12 - 00000000 ____D C:\Program Files\CCleaner
2015-12-20 10:01 - 2015-12-20 10:01 - 06805512 _____ (Piriform Ltd) C:\Users\Kateřina\Downloads\ccsetup512pro.exe
2015-12-20 09:15 - 2015-12-20 09:22 - 128180619 _____ C:\Users\Kateřina\Downloads\Irisbus_Citybus_18M.rar
2015-12-20 08:12 - 2015-12-20 08:14 - 70157388 _____ C:\Users\Kateřina\Downloads\IKARUS_280_02.7z
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-19 23:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-19 22:33 - 2015-08-13 14:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-19 12:49 - 2009-07-14 05:45 - 00015360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-19 12:49 - 2009-07-14 05:45 - 00015360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-19 12:46 - 2013-03-19 08:00 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\Seznam.cz
2016-01-19 12:44 - 2015-12-07 21:57 - 00003112 _____ C:\Windows\System32\Tasks\RDReminder
2016-01-19 12:40 - 2013-01-24 19:31 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2016-01-19 12:40 - 2010-11-30 12:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-19 12:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 23:32 - 2012-01-25 21:16 - 00003994 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F8DB9CC9-B2DA-4578-B80B-0A6994178AFE}
2016-01-17 22:50 - 2010-11-12 13:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-17 22:40 - 2014-07-28 09:37 - 00000000 ____D C:\Users\Kateřina\Desktop\Vašek
2016-01-16 17:13 - 2015-09-12 11:07 - 00000298 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2016-01-14 21:40 - 2014-12-25 10:49 - 00000016 _____ C:\Windows\SysWOW64\w3data.vss
2016-01-14 21:40 - 2014-12-25 10:49 - 00000016 _____ C:\Windows\SysWOW64\msvcsv60.dll
2016-01-14 21:40 - 2014-12-25 10:49 - 00000016 _____ C:\Windows\msocreg32.dat
2016-01-13 18:34 - 2015-05-17 14:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 18:33 - 2015-05-17 14:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-09 17:41 - 2010-11-16 18:39 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\Skype
2016-01-06 19:13 - 2015-09-12 11:07 - 00000282 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2016-01-05 18:52 - 2010-11-16 17:18 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\ICQ
2016-01-05 18:18 - 2015-05-17 15:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 09:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-31 14:00 - 2014-10-21 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2015-12-23 22:35 - 2010-11-16 19:11 - 00000000 ____D C:\Users\Kateřina\Documents\Fotky
2015-12-23 14:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Vss
2015-12-22 13:18 - 2015-12-13 20:47 - 00000000 ____D C:\Users\Kateřina\Documents\Bandicam
2015-12-22 12:08 - 2015-09-13 16:09 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Seznam.cz
2015-12-22 08:38 - 2015-03-27 16:16 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-12-22 08:38 - 2015-03-27 16:16 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-12-22 08:37 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-22 08:27 - 2010-11-12 14:41 - 00000000 ____D C:\Windows\pss
2015-12-21 13:33 - 2010-12-12 16:21 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\Software Informer
2015-12-21 13:12 - 2011-07-05 23:05 - 00000000 ____D C:\ProgramData\AVG10
2015-12-21 13:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-21 10:27 - 2015-04-04 17:48 - 00000000 ____D C:\Program Files\m-r-software
2015-12-20 10:54 - 2014-07-24 14:30 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\DAEMON Tools Lite
2015-12-20 10:53 - 2010-12-22 21:04 - 00000000 ____D C:\Windows\Minidump
2015-12-20 10:53 - 2010-11-12 20:27 - 00000000 ____D C:\Windows\Panther
2015-12-20 10:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2015-12-20 09:22 - 2015-08-13 14:10 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-20 09:22 - 2015-08-13 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-20 09:22 - 2015-08-13 14:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-20 09:19 - 2015-12-12 12:16 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\NCH Software
2015-12-20 09:19 - 2015-12-12 12:16 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-12-20 09:18 - 2015-12-12 12:16 - 00000000 ____D C:\ProgramData\NCH Software
2015-12-20 09:17 - 2015-12-12 12:22 - 00000000 ____D C:\Users\Kateřina\Documents\intelliScore
2015-12-20 08:16 - 2010-11-16 17:10 - 00000000 _____ C:\Users\Kateřina\AppData\LocalLow\prvlcl.dat
2015-12-20 06:30 - 2011-07-05 23:05 - 00000000 ____D C:\Windows\system32\Drivers\AVG
==================== Files in the root of some directories =======
2013-07-13 08:08 - 2013-07-13 08:08 - 4188160 _____ () C:\Program Files (x86)\GUT6CFC.tmp
2015-03-29 11:55 - 2015-03-29 11:55 - 0009662 _____ () C:\Users\Kateřina\AppData\Roaming\em_64x64.ico
2015-03-27 12:53 - 2015-03-27 12:53 - 0000000 _____ () C:\Users\Kateřina\AppData\Roaming\F14E.tmp
2015-03-27 12:53 - 2015-03-27 12:53 - 0775168 _____ () C:\Users\Kateřina\AppData\Roaming\F14E.tmp.exe
2014-08-30 17:01 - 2014-08-30 17:01 - 0000044 _____ () C:\Users\Kateřina\AppData\Roaming\s.vbs
2014-11-03 20:38 - 2014-11-03 20:38 - 0000017 _____ () C:\Users\Kateřina\AppData\Local\resmon.resmoncfg
2015-10-20 19:06 - 2015-10-20 19:06 - 0000000 _____ () C:\Users\Kateřina\AppData\Local\{0C9A916B-CEAA-45D3-ACAF-E4C6013EBC48}
2014-09-21 21:00 - 2014-09-21 21:00 - 0000000 _____ () C:\Users\Kateřina\AppData\Local\{95A8F0F6-679E-4833-9E06-7A8FDA0F0954}
2010-11-16 18:40 - 2010-11-16 18:40 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some files in TEMP:
====================
C:\Users\Internet\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Internet\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Kateřina\AppData\Local\Temp\hp_u2_1377.exe
C:\Users\Kateřina\AppData\Local\Temp\jre-8u66-windows-au.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
Space Synthesizer 2.0 (HKLM-x32\...\Space Synthesizer_is1) (Version: - )
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: AVG Anti-Virus Business Edition 2011 (Enabled - Out of date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Business Edition 2011 (Enabled - Out of date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
FW: AVG Firewall (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Kate�ina\Desktop" je 12864 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount
"C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare
C:\Program Files\Elantech\ETDCtrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN GO
"C:\ProgramData\GameXN\GameXNGO.exe" /startup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer
"C:\Program Files (x86)\Software Informer\softinfo.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard
"C:\Program Files (x86)\TrojanHunter 4.2\THGuard.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Users\Kate�ina\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk
C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Kateřina (administrator) on KATEŘINA-NB (19-01-2016 23:55:25)
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: Kateřina & test & Internet)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(The Privoxy team - http://www.privoxy.org) C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Kateřina\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Kateřina\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [198160 2010-12-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1009288 2012-09-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [fsm] => [X]
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Kateřina\AppData\Roaming\Seznam.cz\szninstall.exe [1009288 2012-09-13] ()
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Kateřina\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92152 2013-01-22] ()
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [Hoolapp Android] => "C:\Users\KATEIN~1\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {379d2040-133b-11e4-b833-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {aca4c9a8-3c0c-11e3-8451-20cf30341260} - E:\Startme.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {f4971c47-ee92-11df-ae68-806e6f6e6963} - D:\InstAll.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-27] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1383477661-2345097757-157039919-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1383477661-2345097757-157039919-1001] => 127.0.0.1:8118
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{87AC7FB8-4AB7-4739-8A1F-78620EA8ECD7}: [DhcpNameServer] 195.113.139.94 195.113.136.35
Tcpip\..\Interfaces\{E424CA01-207F-49D3-A3F0-E96F44C990A6}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
URLSearchHook: HKLM-x32 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {06D8CCDB-1E78-4528-B47F-55310EB1BC6B} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {17B13BD1-43E8-4C9A-BDE5-A15A7DC22470} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {5A66B3A6-26BC-4645-B0E9-2F5A4B5920C7} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {71EB794C-6256-4762-9E9A-E42C840FF3F7} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {74162FE7-373B-4C7D-A070-DF98AFC1C0C3} URL = hxxp://www.firmy.cz/phr/{searchTerms}?sourceid ... arch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {D7EE0BB5-107A-4BF3-8789-9E1C51A26968} URL =
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {DA295DBF-7D4E-4A9C-B038-C6B05E2BCA95} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> {EBED24A3-98C0-4E36-9E63-3F8EECCC5B92} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-12-01] (RealPlayer)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-07] (Oracle Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-07] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Kateřina\AppData\Roaming\Mozilla\Firefox\Profiles\qlyt1jg4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2010-12-01] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2010-12-01] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2010-12-01] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2010-12-01] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-12-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2010-12-01] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll [2010-12-01] (RealNetworks, Inc.)
FF Extension: Adblock Plus - C:\Users\Kateřina\AppData\Roaming\Mozilla\Firefox\Profiles\qlyt1jg4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-23]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files (x86)\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files (x86)\Real\RealPlayer\browserrecord [2010-12-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2014-12-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared => not found
Chrome:
=======
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kateřina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-13]
CHR HKLM-x32\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files (x86)\RebateInformer\Chrome\rebateinformer_c.crx <not found>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2710816 2014-11-04] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 PrivoxyService; C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe [371200 2016-01-18] (The Privoxy team - http://www.privoxy.org) [File not signed] <==== ATTENTION
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57696 2010-07-12] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [380192 2014-11-04] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-09-24] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-24] (Duplex Secure Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-19 23:55 - 2016-01-19 23:55 - 00021196 _____ C:\Users\Kateřina\Desktop\FRST.txt
2016-01-19 23:54 - 2016-01-19 23:55 - 00000000 ____D C:\FRST
2016-01-19 23:54 - 2016-01-19 23:03 - 00112640 ____N (forum.viry.cz) C:\Users\Kateřina\Desktop\FRSTLauncher.exe
2016-01-19 22:54 - 2016-01-19 22:54 - 00112640 _____ (forum.viry.cz) C:\Users\Kateřina\Downloads\Nepotvrzeno 909027.crdownload
2016-01-19 22:51 - 2016-01-19 22:51 - 00112640 _____ (forum.viry.cz) C:\Users\Kateřina\Downloads\Nepotvrzeno 397017.crdownload
2016-01-19 22:47 - 2016-01-19 22:47 - 00112640 _____ (forum.viry.cz) C:\Users\Kateřina\Downloads\Nepotvrzeno 176012.crdownload
2016-01-19 22:44 - 2016-01-19 22:44 - 02370560 _____ (Farbar) C:\Users\Kateřina\Desktop\FRST64.exe
2016-01-19 21:39 - 2016-01-19 21:40 - 00000000 ____D C:\rsit
2016-01-19 21:39 - 2016-01-19 21:39 - 00000000 ____D C:\Program Files\trend micro
2016-01-19 21:38 - 2016-01-19 21:38 - 01222144 _____ C:\Users\Kateřina\Downloads\RSITx64.exe
2016-01-19 12:50 - 2016-01-19 12:50 - 00001187 _____ C:\Users\KateáŁ
2016-01-18 22:54 - 2016-01-18 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renault Karosa Citybus 12M - Omnibus Simulator
2016-01-18 22:09 - 2016-01-18 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolní Kounice v2.0
2016-01-18 17:12 - 2016-01-19 12:50 - 00003292 _____ C:\Windows\System32\Tasks\Jelbruss Secure Web Task
2016-01-18 17:12 - 2016-01-18 17:12 - 00001187 _____ C:\Users\Kateá6
2016-01-18 17:12 - 2016-01-18 17:12 - 00000000 ____D C:\Program Files (x86)\Jelbruss Secure Web
2016-01-18 11:35 - 2016-01-19 21:21 - 00000000 ____D C:\OMSI 2
2016-01-16 10:45 - 2016-01-16 10:45 - 00053503 _____ C:\Users\Kateřina\Downloads\DPP SvP Vychovatel 2016 V.I.P..pdf
2016-01-16 10:44 - 2016-01-16 10:45 - 00050097 _____ C:\Users\Kateřina\Downloads\Instrukce_ke_smlouve_Vychovatel_2016.pdf
2016-01-16 10:44 - 2016-01-16 10:45 - 00039957 _____ C:\Users\Kateřina\Downloads\Dohoda_o_srazkach_z_odmeny_UNI_2016.pdf
2016-01-15 08:14 - 2016-01-15 08:14 - 00000921 _____ C:\Users\Kateřina\Downloads\export.csv
2016-01-13 19:06 - 2016-01-13 19:07 - 25068282 _____ C:\Users\Kateřina\Downloads\Citybus_Great_Grundorf.rar
2016-01-13 19:05 - 2016-01-13 19:05 - 00468886 _____ C:\Users\Kateřina\Downloads\Grundorf.7z
2016-01-10 19:36 - 2016-01-10 19:36 - 00007350 _____ C:\Users\Kateřina\Downloads\Twin Peaks (Angelo Badalamenti).mid
2016-01-10 19:35 - 2016-01-10 19:35 - 00013894 _____ C:\Users\Kateřina\Downloads\X-Files (Mark Snow).mid
2016-01-10 19:34 - 2016-01-10 19:34 - 00011997 _____ C:\Users\Kateřina\Downloads\Terminator (Brad Fiedel).mid
2016-01-10 19:33 - 2016-01-10 19:33 - 00030176 _____ C:\Users\Kateřina\Downloads\Starwars - The Rebel Fleet - End Title (John Williams).mid
2016-01-10 19:33 - 2016-01-10 19:33 - 00011226 _____ C:\Users\Kateřina\Downloads\Superman (John Williams).mid
2016-01-10 19:32 - 2016-01-10 19:32 - 00070831 _____ C:\Users\Kateřina\Downloads\Star Wars - Remix.mid
2016-01-10 19:31 - 2016-01-10 19:31 - 00013483 _____ C:\Users\Kateřina\Downloads\Star Trek - Next Generation (Dennis McCarthy).mid
2016-01-10 19:30 - 2016-01-10 19:30 - 00009521 _____ C:\Users\Kateřina\Downloads\Space Rangers (Hans Zimmer & Mark Mancina).mid
2016-01-10 19:29 - 2016-01-10 19:29 - 00039240 _____ C:\Users\Kateřina\Downloads\Simpsons (Danny Elfman).mid
2016-01-10 19:28 - 2016-01-10 19:28 - 00025926 _____ C:\Users\Kateřina\Downloads\Robin Hood (Michael Kamen).mid
2016-01-10 19:26 - 2016-01-10 19:26 - 00038699 _____ C:\Users\Kateřina\Downloads\Mission Impossible (Lalo Schifrin).mid
2016-01-10 19:25 - 2016-01-10 19:25 - 00023734 _____ C:\Users\Kateřina\Downloads\Mac Gyver (Randy Edelman).mid
2016-01-10 19:24 - 2016-01-10 19:24 - 00020413 _____ C:\Users\Kateřina\Downloads\Lion King - Hakuna Matata (Hans Zimmer).mid
2016-01-10 19:23 - 2016-01-10 19:23 - 00071575 _____ C:\Users\Kateřina\Downloads\Indiana Jones - Raiders March (John Williams).mid
2016-01-10 19:22 - 2016-01-10 19:22 - 00009709 _____ C:\Users\Kateřina\Downloads\Emergency Room Theme (James Newton Howard).mid
2016-01-10 19:20 - 2016-01-10 19:20 - 00036159 _____ C:\Users\Kateřina\Downloads\Crockett Theme.mid
2016-01-10 19:19 - 2016-01-10 19:19 - 00026015 _____ C:\Users\Kateřina\Downloads\Beetlejuce (Danny Elfman).mid
2016-01-10 19:17 - 2016-01-10 19:17 - 00006064 _____ C:\Users\Kateřina\Downloads\Armageddon (Trevor Jones).mid
2016-01-10 16:47 - 2016-01-10 16:47 - 00030029 _____ C:\Users\Kateřina\Downloads\Back To Future (Alan Silvestri).mid
2016-01-09 16:52 - 2016-01-09 16:52 - 00001233 _____ C:\Users\Public\Desktop\Dokumentace k mapě Dolní Kounice.lnk
2016-01-05 18:57 - 2016-01-18 17:12 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-05 18:55 - 2016-01-19 23:00 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-05 18:55 - 2016-01-19 19:00 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-05 18:55 - 2016-01-05 18:55 - 00927824 _____ (Google Inc.) C:\Users\Kateřina\Downloads\ChromeSetup(1).exe
2016-01-05 18:55 - 2016-01-05 18:55 - 00003952 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-05 18:55 - 2016-01-05 18:55 - 00003700 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-05 09:42 - 2016-01-05 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-04 22:12 - 2016-01-19 21:26 - 00003034 _____ C:\Windows\System32\Tasks\MSIAfterburner
2016-01-03 21:36 - 2016-01-03 21:36 - 00163367 _____ C:\Users\Kateřina\Downloads\Forrest_Gump.pdf
2016-01-01 14:16 - 2016-01-01 14:16 - 00460512 _____ C:\Users\Kateřina\Downloads\restaurace-kocanda-jidelni-napojovy-listek-se-seznamem-alergenu-2015-09.pdf
2016-01-01 13:53 - 2016-01-01 13:53 - 00763122 _____ C:\Users\Kateřina\Downloads\Na Rychte_jidelni listek_10_2015_CZ_web.pdf
2015-12-30 17:09 - 2015-12-30 17:09 - 00030845 _____ C:\Users\Kateřina\Downloads\MIDIrar.rar
2015-12-27 17:47 - 2015-12-27 17:47 - 00006908 _____ C:\Users\Kateřina\Downloads\00088-04.mid
2015-12-27 17:44 - 2015-12-27 17:44 - 00002819 _____ C:\Users\Kateřina\Downloads\00588-03.mid
2015-12-26 11:08 - 2015-12-26 11:08 - 00298398 _____ C:\Users\Kateřina\Downloads\20-Guitar_Pro-Drum_Patterns.zip
2015-12-25 11:48 - 2015-12-25 11:48 - 00030146 _____ C:\Users\Kateřina\Downloads\Frank_Sinatra_-_My_Way.mid
2015-12-24 11:32 - 2015-12-24 12:40 - 1218386282 _____ C:\Users\Kateřina\Downloads\Omsi-1.04(Full-Version).rar
2015-12-24 11:26 - 2015-12-24 11:26 - 01942458 _____ C:\Users\Kateřina\Downloads\fa66cw_764d_v100.zip
2015-12-24 11:23 - 2015-12-24 11:30 - 121929962 _____ C:\Users\Kateřina\Downloads\Nepotvrzeno 462501.crdownload
2015-12-23 13:51 - 2015-12-23 13:52 - 00927824 _____ (Google Inc.) C:\Users\Kateřina\Downloads\ChromeSetup.exe
2015-12-22 17:12 - 2016-01-19 12:50 - 00000055 _____ C:\Users\Kate
2015-12-22 08:37 - 2015-12-22 08:37 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-12-22 08:36 - 2015-12-22 08:37 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2015-12-22 08:36 - 2015-12-22 08:36 - 00001086 _____ C:\Users\Kateřina\Desktop\MSI Afterburner.lnk
2015-12-22 08:36 - 2015-12-22 08:36 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-12-22 08:35 - 2016-01-19 21:26 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2015-12-22 08:33 - 2015-12-22 08:34 - 38095191 _____ C:\Users\Kateřina\Downloads\[Guru3D]-MSIAfterburner.zip
2015-12-21 14:55 - 2015-12-21 14:57 - 76738918 _____ C:\Users\Kateřina\Downloads\Mercedes-O520-Cito-OMSI-v1.zip
2015-12-21 14:55 - 2015-12-21 14:55 - 00474787 _____ C:\Users\Kateřina\Downloads\Texture.zip
2015-12-21 13:54 - 2015-12-21 13:59 - 237804311 _____ C:\Users\Kateřina\Downloads\Karosa_B93X_1.1.rar
2015-12-21 13:50 - 2015-12-21 13:51 - 06937995 _____ C:\Users\Kateřina\Downloads\Zvuky.rar
2015-12-21 13:50 - 2015-12-21 13:50 - 00076924 _____ C:\Users\Kateřina\Downloads\IBIS-2.osc
2015-12-21 13:50 - 2015-12-21 13:50 - 00010470 _____ C:\Users\Kateřina\Downloads\B931_nafta.rar
2015-12-21 13:49 - 2015-12-21 13:53 - 180557025 _____ C:\Users\Kateřina\Downloads\Karosa_B931.rar
2015-12-21 13:47 - 2015-12-21 13:49 - 107667074 _____ C:\Users\Kateřina\Downloads\Karosa B732 1.0 (1).rar
2015-12-21 13:43 - 2015-12-21 13:43 - 22751163 _____ C:\Users\Kateřina\Downloads\SU_doors_15_10_mod_NightHauler.rar
2015-12-21 12:52 - 2015-12-21 12:52 - 00009135 _____ C:\Users\Kateřina\Downloads\VbusBlog.ru.rar
2015-12-21 12:49 - 2015-12-21 12:49 - 00000673 _____ C:\Users\Kateřina\Downloads\st01.rar
2015-12-21 12:38 - 2015-12-21 12:38 - 02403299 _____ C:\Users\Kateřina\Downloads\Sceneryobjects.rar
2015-12-21 12:36 - 2015-12-21 12:36 - 06560523 _____ C:\Users\Kateřina\Downloads\CZmod.rar
2015-12-21 11:31 - 2015-12-21 11:40 - 181994504 _____ C:\Users\Kateřina\Downloads\UL_objekty_vse (1).rar
2015-12-21 11:31 - 2015-12-21 11:39 - 160607402 _____ C:\Users\Kateřina\Downloads\ul_addon (1).rar
2015-12-21 11:31 - 2015-12-21 11:37 - 90149658 _____ C:\Users\Kateřina\Downloads\rencitybus.rar
2015-12-21 11:31 - 2015-12-21 11:32 - 09957213 _____ C:\Users\Kateřina\Downloads\patch_unl_map (1).rar
2015-12-21 11:31 - 2015-12-21 11:31 - 00046230 _____ C:\Users\Kateřina\Downloads\citybus_oth.rar
2015-12-21 11:31 - 2015-12-21 11:31 - 00019912 _____ C:\Users\Kateřina\Downloads\HOF_Usti (1).rar
2015-12-21 11:31 - 2015-12-21 11:31 - 00014461 _____ C:\Users\Kateřina\Downloads\patch_citybus.rar
2015-12-21 11:23 - 2015-12-21 11:27 - 73578015 _____ C:\Users\Kateřina\Downloads\Omsi2-Mercedes_o530G.7z
2015-12-20 17:51 - 2015-12-20 17:51 - 00000000 ____D C:\Users\Kateřina\Documents\REAPER Media
2015-12-20 15:39 - 2015-12-20 17:42 - 2201046572 _____ C:\Users\Kateřina\Downloads\OMSI-2-Karlovy-Vary-4.0-full-standart-version.7z
2015-12-20 15:34 - 2015-12-20 15:36 - 26782009 _____ C:\Users\Kateřina\Downloads\KAROSA_B952E.rar
2015-12-20 15:24 - 2015-12-20 18:27 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\REAPER
2015-12-20 15:21 - 2015-12-20 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER
2015-12-20 15:20 - 2015-12-21 10:40 - 00000000 ____D C:\Program Files (x86)\REAPER
2015-12-20 10:03 - 2015-12-20 10:03 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-20 10:03 - 2015-12-20 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-20 10:02 - 2016-01-04 22:12 - 00000000 ____D C:\Program Files\CCleaner
2015-12-20 10:01 - 2015-12-20 10:01 - 06805512 _____ (Piriform Ltd) C:\Users\Kateřina\Downloads\ccsetup512pro.exe
2015-12-20 09:15 - 2015-12-20 09:22 - 128180619 _____ C:\Users\Kateřina\Downloads\Irisbus_Citybus_18M.rar
2015-12-20 08:12 - 2015-12-20 08:14 - 70157388 _____ C:\Users\Kateřina\Downloads\IKARUS_280_02.7z
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-19 23:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-19 22:33 - 2015-08-13 14:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-19 12:49 - 2009-07-14 05:45 - 00015360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-19 12:49 - 2009-07-14 05:45 - 00015360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-19 12:46 - 2013-03-19 08:00 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\Seznam.cz
2016-01-19 12:44 - 2015-12-07 21:57 - 00003112 _____ C:\Windows\System32\Tasks\RDReminder
2016-01-19 12:40 - 2013-01-24 19:31 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2016-01-19 12:40 - 2010-11-30 12:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-19 12:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 23:32 - 2012-01-25 21:16 - 00003994 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F8DB9CC9-B2DA-4578-B80B-0A6994178AFE}
2016-01-17 22:50 - 2010-11-12 13:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-17 22:40 - 2014-07-28 09:37 - 00000000 ____D C:\Users\Kateřina\Desktop\Vašek
2016-01-16 17:13 - 2015-09-12 11:07 - 00000298 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2016-01-14 21:40 - 2014-12-25 10:49 - 00000016 _____ C:\Windows\SysWOW64\w3data.vss
2016-01-14 21:40 - 2014-12-25 10:49 - 00000016 _____ C:\Windows\SysWOW64\msvcsv60.dll
2016-01-14 21:40 - 2014-12-25 10:49 - 00000016 _____ C:\Windows\msocreg32.dat
2016-01-13 18:34 - 2015-05-17 14:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 18:33 - 2015-05-17 14:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-09 17:41 - 2010-11-16 18:39 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\Skype
2016-01-06 19:13 - 2015-09-12 11:07 - 00000282 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2016-01-05 18:52 - 2010-11-16 17:18 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\ICQ
2016-01-05 18:18 - 2015-05-17 15:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 09:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-31 14:00 - 2014-10-21 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2015-12-23 22:35 - 2010-11-16 19:11 - 00000000 ____D C:\Users\Kateřina\Documents\Fotky
2015-12-23 14:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Vss
2015-12-22 13:18 - 2015-12-13 20:47 - 00000000 ____D C:\Users\Kateřina\Documents\Bandicam
2015-12-22 12:08 - 2015-09-13 16:09 - 00000000 ____D C:\Users\Internet\AppData\Roaming\Seznam.cz
2015-12-22 08:38 - 2015-03-27 16:16 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-12-22 08:38 - 2015-03-27 16:16 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-12-22 08:37 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-22 08:27 - 2010-11-12 14:41 - 00000000 ____D C:\Windows\pss
2015-12-21 13:33 - 2010-12-12 16:21 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\Software Informer
2015-12-21 13:12 - 2011-07-05 23:05 - 00000000 ____D C:\ProgramData\AVG10
2015-12-21 13:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-12-21 10:27 - 2015-04-04 17:48 - 00000000 ____D C:\Program Files\m-r-software
2015-12-20 10:54 - 2014-07-24 14:30 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\DAEMON Tools Lite
2015-12-20 10:53 - 2010-12-22 21:04 - 00000000 ____D C:\Windows\Minidump
2015-12-20 10:53 - 2010-11-12 20:27 - 00000000 ____D C:\Windows\Panther
2015-12-20 10:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2015-12-20 09:22 - 2015-08-13 14:10 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-20 09:22 - 2015-08-13 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-20 09:22 - 2015-08-13 14:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-20 09:19 - 2015-12-12 12:16 - 00000000 ____D C:\Users\Kateřina\AppData\Roaming\NCH Software
2015-12-20 09:19 - 2015-12-12 12:16 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-12-20 09:18 - 2015-12-12 12:16 - 00000000 ____D C:\ProgramData\NCH Software
2015-12-20 09:17 - 2015-12-12 12:22 - 00000000 ____D C:\Users\Kateřina\Documents\intelliScore
2015-12-20 08:16 - 2010-11-16 17:10 - 00000000 _____ C:\Users\Kateřina\AppData\LocalLow\prvlcl.dat
2015-12-20 06:30 - 2011-07-05 23:05 - 00000000 ____D C:\Windows\system32\Drivers\AVG
==================== Files in the root of some directories =======
2013-07-13 08:08 - 2013-07-13 08:08 - 4188160 _____ () C:\Program Files (x86)\GUT6CFC.tmp
2015-03-29 11:55 - 2015-03-29 11:55 - 0009662 _____ () C:\Users\Kateřina\AppData\Roaming\em_64x64.ico
2015-03-27 12:53 - 2015-03-27 12:53 - 0000000 _____ () C:\Users\Kateřina\AppData\Roaming\F14E.tmp
2015-03-27 12:53 - 2015-03-27 12:53 - 0775168 _____ () C:\Users\Kateřina\AppData\Roaming\F14E.tmp.exe
2014-08-30 17:01 - 2014-08-30 17:01 - 0000044 _____ () C:\Users\Kateřina\AppData\Roaming\s.vbs
2014-11-03 20:38 - 2014-11-03 20:38 - 0000017 _____ () C:\Users\Kateřina\AppData\Local\resmon.resmoncfg
2015-10-20 19:06 - 2015-10-20 19:06 - 0000000 _____ () C:\Users\Kateřina\AppData\Local\{0C9A916B-CEAA-45D3-ACAF-E4C6013EBC48}
2014-09-21 21:00 - 2014-09-21 21:00 - 0000000 _____ () C:\Users\Kateřina\AppData\Local\{95A8F0F6-679E-4833-9E06-7A8FDA0F0954}
2010-11-16 18:40 - 2010-11-16 18:40 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some files in TEMP:
====================
C:\Users\Internet\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Internet\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Kateřina\AppData\Local\Temp\hp_u2_1377.exe
C:\Users\Kateřina\AppData\Local\Temp\jre-8u66-windows-au.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
Space Synthesizer 2.0 (HKLM-x32\...\Space Synthesizer_is1) (Version: - )
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: AVG Anti-Virus Business Edition 2011 (Enabled - Out of date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Business Edition 2011 (Enabled - Out of date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
FW: AVG Firewall (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Kate�ina\Desktop" je 12864 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount
"C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare
C:\Program Files\Elantech\ETDCtrl.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN GO
"C:\ProgramData\GameXN\GameXNGO.exe" /startup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer
"C:\Program Files (x86)\Software Informer\softinfo.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard
"C:\Program Files (x86)\TrojanHunter 4.2\THGuard.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Users\Kate�ina\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk
C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (7.07 KiB) Staženo 58 x
Re: Backdoor.Agent.WD
pokial sa objavi Rudy jednorazovo zaskocim
Velikost slozky "C:\Users\Kate�ina\Desktop" je 12864 MB
poupratuj !! velkost by nemala presiahnut 300MB
Velikost slozky "C:\Users\Kate�ina\Desktop" je 12864 MB
poupratuj !! velkost by nemala presiahnut 300MB
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Backdoor.Agent.WD
Díky, hned to opravím 
-
Rudy
- Site Admin
- Příspěvky: 119358
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Backdoor.Agent.WD
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [fsm] => [X]
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {379d2040-133b-11e4-b833-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {aca4c9a8-3c0c-11e3-8451-20cf30341260} - E:\Startme.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {f4971c47-ee92-11df-ae68-806e6f6e6963} - D:\InstAll.exe
URLSearchHook: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
C:\Program Files (x86)\Skype\Toolbars
Toolbar: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kateřina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files (x86)\RebateInformer\Chrome\rebateinformer_c.crx <not found>
R2 PrivoxyService; C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe [371200 2016-01-18] (The Privoxy team - http://www.privoxy.org) [File not signed] <==== ATTENTION
C:\Program Files (x86)\GUT6CFC.tmp
C:\Users\Kateřina\AppData\Roaming\F14E.tmp
C:\Users\Kateřina\AppData\Roaming\F14E.tmp.exe
C:\Users\Kateřina\AppData\Roaming\s.vbs
C:\Users\Internet\AppData\Local\Temp
Task: {1FE80465-6A23-4695-8A7E-6EC37B182E33} - System32\Tasks\Jelbruss Secure Web Task => C:\Program Files (x86)\Jelbruss Secure Web\jswtask.exe [2016-01-18] (West CH Soft) <==== ATTENTION
Task: {D1DBE529-FC41-43D0-8396-E6210BC7722B} - \Get Plus Uplifter -> No File <==== ATTENTION
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Backdoor.Agent.WD
Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Kateřina (2016-01-20 18:27:05) Run:1
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: Kateřina & test & Internet)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [fsm] => [X]
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {379d2040-133b-11e4-b833-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {aca4c9a8-3c0c-11e3-8451-20cf30341260} - E:\Startme.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {f4971c47-ee92-11df-ae68-806e6f6e6963} - D:\InstAll.exe
URLSearchHook: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
C:\Program Files (x86)\Skype\Toolbars
Toolbar: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: AVG Internet Security) - C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kateřina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files (x86)\RebateInformer\Chrome\rebateinformer_c.crx <not found>
R2 PrivoxyService; C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe [371200 2016-01-18] (The Privoxy team - http://www.privoxy.org) [File not signed] <==== ATTENTION
C:\Program Files (x86)\GUT6CFC.tmp
C:\Users\Kateřina\AppData\Roaming\F14E.tmp
C:\Users\Kateřina\AppData\Roaming\F14E.tmp.exe
C:\Users\Kateřina\AppData\Roaming\s.vbs
C:\Users\Internet\AppData\Local\Temp
Task: {1FE80465-6A23-4695-8A7E-6EC37B182E33} - System32\Tasks\Jelbruss Secure Web Task => C:\Program Files (x86)\Jelbruss Secure Web\jswtask.exe [2016-01-18] (West CH Soft) <==== ATTENTION
Task: {D1DBE529-FC41-43D0-8396-E6210BC7722B} - \Get Plus Uplifter -> No File <==== ATTENTION
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\Software\Microsoft\Windows\CurrentVersion\Run\\fsm => value removed successfully
"HKU\S-1-5-21-1383477661-2345097757-157039919-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379d2040-133b-11e4-b833-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{379d2040-133b-11e4-b833-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1383477661-2345097757-157039919-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aca4c9a8-3c0c-11e3-8451-20cf30341260}" => key removed successfully
HKCR\CLSID\{aca4c9a8-3c0c-11e3-8451-20cf30341260} => key not found.
"HKU\S-1-5-21-1383477661-2345097757-157039919-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4971c47-ee92-11df-ae68-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{f4971c47-ee92-11df-ae68-806e6f6e6963} => key not found.
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value removed successfully
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars => moved successfully
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{51A86BB3-6602-4C85-92A5-130EE4864F13} => value removed successfully
HKCR\CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13} => key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data" => key removed successfully
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\gcswf32.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => not found.
C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\Users\Kateřina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal" => key removed successfully
PrivoxyService => Service stopped successfully.
PrivoxyService => service removed successfully
C:\Program Files (x86)\GUT6CFC.tmp => moved successfully
C:\Users\Kateřina\AppData\Roaming\F14E.tmp => moved successfully
C:\Users\Kateřina\AppData\Roaming\F14E.tmp.exe => moved successfully
C:\Users\Kateřina\AppData\Roaming\s.vbs => moved successfully
C:\Users\Internet\AppData\Local\Temp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FE80465-6A23-4695-8A7E-6EC37B182E33} => key not found.
C:\Windows\System32\Tasks\Jelbruss Secure Web Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbruss Secure Web Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1DBE529-FC41-43D0-8396-E6210BC7722B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1DBE529-FC41-43D0-8396-E6210BC7722B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Get Plus Uplifter => key not found.
==== End of Fixlog 18:27:12 ====
Ran by Kateřina (2016-01-20 18:27:05) Run:1
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: Kateřina & test & Internet)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\Run: [fsm] => [X]
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {379d2040-133b-11e4-b833-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {aca4c9a8-3c0c-11e3-8451-20cf30341260} - E:\Startme.exe
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\...\MountPoints2: {f4971c47-ee92-11df-ae68-806e6f6e6963} - D:\InstAll.exe
URLSearchHook: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
C:\Program Files (x86)\Skype\Toolbars
Toolbar: HKU\S-1-5-21-1383477661-2345097757-157039919-1001 -> No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15] (Skype Technologies S.A.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: AVG Internet Security) - C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Kateřina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [odbbfaealmlpnodchplhdomkgpdkeeal] - C:\Program Files (x86)\RebateInformer\Chrome\rebateinformer_c.crx <not found>
R2 PrivoxyService; C:\Program Files (x86)\Jelbruss Secure Web\privoxy.exe [371200 2016-01-18] (The Privoxy team - http://www.privoxy.org) [File not signed] <==== ATTENTION
C:\Program Files (x86)\GUT6CFC.tmp
C:\Users\Kateřina\AppData\Roaming\F14E.tmp
C:\Users\Kateřina\AppData\Roaming\F14E.tmp.exe
C:\Users\Kateřina\AppData\Roaming\s.vbs
C:\Users\Internet\AppData\Local\Temp
Task: {1FE80465-6A23-4695-8A7E-6EC37B182E33} - System32\Tasks\Jelbruss Secure Web Task => C:\Program Files (x86)\Jelbruss Secure Web\jswtask.exe [2016-01-18] (West CH Soft) <==== ATTENTION
Task: {D1DBE529-FC41-43D0-8396-E6210BC7722B} - \Get Plus Uplifter -> No File <==== ATTENTION
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\Software\Microsoft\Windows\CurrentVersion\Run\\fsm => value removed successfully
"HKU\S-1-5-21-1383477661-2345097757-157039919-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379d2040-133b-11e4-b833-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{379d2040-133b-11e4-b833-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1383477661-2345097757-157039919-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aca4c9a8-3c0c-11e3-8451-20cf30341260}" => key removed successfully
HKCR\CLSID\{aca4c9a8-3c0c-11e3-8451-20cf30341260} => key not found.
"HKU\S-1-5-21-1383477661-2345097757-157039919-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4971c47-ee92-11df-ae68-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{f4971c47-ee92-11df-ae68-806e6f6e6963} => key not found.
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value removed successfully
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars => moved successfully
HKU\S-1-5-21-1383477661-2345097757-157039919-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{51A86BB3-6602-4C85-92A5-130EE4864F13} => value removed successfully
HKCR\CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13} => key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data" => key removed successfully
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\gcswf32.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => not found.
C:\Users\Kateřina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll => not found.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\Users\Kateřina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal" => key removed successfully
PrivoxyService => Service stopped successfully.
PrivoxyService => service removed successfully
C:\Program Files (x86)\GUT6CFC.tmp => moved successfully
C:\Users\Kateřina\AppData\Roaming\F14E.tmp => moved successfully
C:\Users\Kateřina\AppData\Roaming\F14E.tmp.exe => moved successfully
C:\Users\Kateřina\AppData\Roaming\s.vbs => moved successfully
C:\Users\Internet\AppData\Local\Temp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FE80465-6A23-4695-8A7E-6EC37B182E33} => key not found.
C:\Windows\System32\Tasks\Jelbruss Secure Web Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbruss Secure Web Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1DBE529-FC41-43D0-8396-E6210BC7722B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1DBE529-FC41-43D0-8396-E6210BC7722B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Get Plus Uplifter => key not found.
==== End of Fixlog 18:27:12 ====
-
Rudy
- Site Admin
- Příspěvky: 119358
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Backdoor.Agent.WD
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Backdoor.Agent.WD
Počítač mi začal házet připojení k proxy serveru, které jsem musela smazat (přenastavit). Jinak vypadá to, že vše je ok, reklamy nevyskakují a počítač šlape jako hodinky. Děkuji
-
Rudy
- Site Admin
- Příspěvky: 119358
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Backdoor.Agent.WD
To je možné. Z logu, bohužel, většinou nepoznám, je-li takové nastavení regulérní, nebo ne. Nemáte zač!Weny píše:Počítač mi začal házet připojení k proxy...
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?