dobrý den prosím o kontrolu logu.. je to pc dcery a avast psal trojana a 6 dalších
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Daniela (2016-05-13 14:32:18)
Running from C:\Users\Daniela\Desktop
Windows 8.1 (X64) (2014-12-04 13:03:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1255584756-4119768593-4182788369-500 - Administrator - Disabled) => C:\Users\Administrator
Daniela (S-1-5-21-1255584756-4119768593-4182788369-1002 - Administrator - Enabled) => C:\Users\Daniela
Guest (S-1-5-21-1255584756-4119768593-4182788369-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1255584756-4119768593-4182788369-1006 - Limited - Enabled)
UpdatusUser (S-1-5-21-1255584756-4119768593-4182788369-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.32.2.3320 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.32.5 - AVG Technologies) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Dropbox (HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Deskjet 1510 series Nápověda (HKLM-x32\...\{FB815CBF-148E-42A4-8741-4924C28C118F}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 4.11.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 4.11.9 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
qksee (HKLM-x32\...\qksee) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Seznam Software (HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\SeznamInstall) (Version: - Seznam.cz)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Studie vylepšování produktu HP Deskjet 1510 series (HKLM\...\{45124A5E-2F92-4D57-A914-82DC6684C1BB}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version: 2.0.18 - Winzipper Pvt Ltd.) <==== ATTENTION
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
Základní software zařízení HP Deskjet 1510 series (HKLM\...\{BF7E34C1-4669-46ED-A8DA-244125F41B89}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FA15CA5-9767-42CC-9984-A66FC9D0FEC4} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {20BA5710-680B-42AB-8C2F-9E720D2B0841} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {28AA329D-0316-40FC-84E4-4B9AE0BC8269} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {43196A74-FEE4-4BF5-A94A-7D3564FBB46F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {465B3370-D81A-4939-951A-139C1482CF9C} - System32\Tasks\GuntonyBrowserUpdateCore => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ATTENTION
Task: {46DC8F0F-CDE4-4E47-8401-EDC808815D23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {53554A70-A094-4148-975C-10B3802821E2} - System32\Tasks\{EF662483-D77B-4372-8CC8-C17D9C2F1E2C} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\setup.exe" -c /uninstall PROPLUSR /dll OSETUP.DLL
Task: {5FF62542-1B99-48F4-8A15-750A8A9BA1FD} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe [2016-02-03] () <==== ATTENTION
Task: {60BF7669-9752-4DAE-BBD8-1300F29DE542} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {60F8EEDF-9F5C-43A9-A37B-F18294B18150} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {622674FC-12E9-4C3E-8779-1B3E0C87F7C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6ABE9E40-D090-42E8-B02A-7E0B47416E09} - System32\Tasks\{12DAFFAE-841C-44D7-AD17-5FA1ED2C89D1} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.81.104/cs/abandoninstall?page=tsMain
Task: {727EC1DA-1B43-4B3A-A5D6-3D872D80CE0C} - System32\Tasks\GuntonyCheckTask => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ATTENTION
Task: {75D6307C-9D52-48F2-A5FA-FEC8F6EC71FB} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {773E8CE1-AE10-4CAE-A9D8-785459B34421} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {7B0459E6-27D5-4E12-8117-B9DC87905B45} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {89C3947E-2DCE-4932-A588-10D1E0704BAE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
Task: {8CBECDE7-DAEA-402A-B484-4963CA52E779} - System32\Tasks\GuntonyBrowserUpdateUA => C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [2016-05-12] () <==== ATTENTION
Task: {8E36C85C-A7BB-4764-A741-5921CDC005AD} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {9002B54E-4A16-4BDE-8150-DFA03CFB3CCB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {99D50F33-E36A-40D1-A856-E005C4E1E095} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {B10045BE-DD17-4F18-B248-ACA945A2E3E2} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {C19BDA04-47D2-414F-B16D-79AAE357D00D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {D4B1AD5D-31EF-4448-AC3A-71820E98C8C0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-22] (AVAST Software)
Task: {D94B0763-FB4A-41F5-A470-D69B67C32AD5} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-03-29] (AVG Technologies CZ, s.r.o.)
Task: {E46E6732-6582-46DC-A28A-ACD3D6D859F7} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\1EC1C11E53A58706232F0913F9AEC842\Update\BrowserUpdate.exe [2016-04-08] (Tencent) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Guntony\Guntony\chrome.exe (Google Inc.)
==================== Loaded Modules (Whitelisted) ==============
2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-12-03 23:21 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-27 13:36 - 2013-03-27 13:36 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-03-27 13:33 - 2013-03-27 13:33 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-03-27 13:39 - 2013-03-27 13:39 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2016-02-09 14:40 - 2016-02-09 14:40 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-13 13:01 - 2016-05-12 10:08 - 00302976 _____ () C:\ProgramData\Guntony\protect\protect.exe
2015-07-22 13:28 - 2015-07-22 13:28 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-22 13:28 - 2015-07-22 13:28 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-18 15:28 - 2016-04-18 15:28 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16041800\algo.dll
2016-05-13 13:06 - 2016-05-13 13:06 - 02906112 _____ () C:\Program Files\AVAST Software\Avast\defs\16051300\algo.dll
2016-04-14 08:34 - 2016-02-15 04:21 - 00582144 _____ () C:\Program Files (x86)\qksee\curlpp.dll
2016-04-14 08:34 - 2016-04-13 07:12 - 00063088 _____ () C:\Program Files (x86)\qksee\zlib1.dll
2016-04-14 08:34 - 2015-12-30 07:34 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll
2016-04-14 08:34 - 2016-01-26 10:27 - 00066560 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll
2013-08-16 12:03 - 2013-08-16 12:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-08-19 19:16 - 2013-08-19 19:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-07-22 13:28 - 2015-07-22 13:28 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-02-21 10:52 - 2016-04-14 08:38 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-05-13 13:01 - 2016-04-22 04:36 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2016-05-13 13:01 - 2015-06-30 04:50 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2016-05-13 13:01 - 2015-06-30 04:50 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2016-05-13 13:01 - 2016-04-22 04:36 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2016-02-09 14:41 - 2016-02-09 14:41 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-13 13:01 - 2016-05-12 10:08 - 01708416 _____ () C:\Program Files (x86)\Guntony\Guntony\libglesv2.dll
2016-05-13 13:01 - 2016-05-12 10:08 - 00080256 _____ () C:\Program Files (x86)\Guntony\Guntony\libegl.dll
2013-12-10 09:13 - 2013-12-10 09:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-05-13 13:01 - 2016-05-12 10:08 - 17530752 _____ () C:\Program Files (x86)\Guntony\Guntony\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2014-12-28 19:40 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniela\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "gmsd_re_002020050"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\StartupApproved\StartupFolder: => "Odeslat do OneNote.lnk"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\StartupApproved\Run: => "FlashPlayerManager"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{60123136-3E5B-456C-AC40-735AFF9A3221}] => (Allow) C:\Users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A21BCC1F-F7BF-4C3A-9FFF-1BECD9FF2F4B}] => (Allow) C:\Users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AFCC5D4B-08D5-4153-B455-0F410A6864EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{799C3698-F1E7-4A70-9B17-501DF8B7C84A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A8990748-5DB7-41FF-A862-DE6C35317089}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9DF568BF-1BE4-40F8-B58A-90F91C8AEB20}] => (Allow) LPort=1900
FirewallRules: [{D9FDE7C5-91CF-4946-B79E-C7E264DA859C}] => (Allow) LPort=2869
FirewallRules: [{AF702977-4330-41DC-B7EB-971528C7BDD5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{14BD621E-8799-4454-AF46-224C6AEF8A51}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0034CFFE-AAF1-4CF4-91C0-A6C046CBF132}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C6523D3B-F18B-4222-BD38-9D44FC73228E}] => (Allow) C:\Users\Daniela\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36AFCCA7-D16D-48FF-9497-836B308D7216}] => (Allow) C:\Users\Daniela\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EB2AB03C-96F4-4D35-9D66-CB2AB30FEB17}] => (Allow) C:\Users\Daniela\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8FF5BFEA-3644-4E47-B762-4F0CDD0B981C}] => (Allow) C:\Users\Daniela\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{69B68258-CDA3-480B-B7A9-EF630FECD86D}] => (Allow) C:\Users\Daniela\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B09CC9C2-7FFA-41EB-B05C-F8EDD2B36B71}] => (Allow) C:\Users\Daniela\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9F78B4BB-70E9-413B-B273-F474B990E3E6}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{B0677B1D-E632-42D0-A33A-BBB4A2FEABDD}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{F0334D92-6F3E-4863-A144-8A2210D659EA}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{B9CF430D-5647-4A7F-9088-3BDE33E5E7A5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{E32B5E90-6C19-47AA-AD7F-08753336F693}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D9F41EDA-1C5E-426E-B7E5-68BBF862F2D6}] => (Allow) C:\Users\Guest\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{95D049AB-7E09-4169-8799-20F7AD1848AD}] => (Allow) C:\Users\Guest\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{12532BF5-AA2B-45F8-B071-4E14C91841A2}] => (Allow) C:\Users\Guest\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F071EBE7-EC4F-414F-B443-D13434E69E5C}] => (Allow) C:\Users\Guest\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{78CC3562-B294-4DA9-8FBD-D6E0CDA2E1AC}] => (Allow) C:\Users\Guest\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{09E3BD24-482E-48BB-A6AD-FA461C1B6F54}] => (Allow) C:\Users\Guest\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{46917633-6663-44A9-85A5-8F3B5A65C6BA}C:\program files (x86)\electronic arts\eadm\core.exe] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{F50F6C52-1FDC-4935-BC0D-2C222F1B76B6}C:\program files (x86)\electronic arts\eadm\core.exe] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{B4D0CF86-593C-4AD7-952F-6BA4FF3D8A6D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E7E587BE-C040-4391-A870-3F3E145DA817}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{35D59718-4CF8-4B78-8E3B-4DB0C3919C45}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AC527D31-4368-4BC9-908F-DCBF937CCD64}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B8C9ECA8-BDAC-4DBD-9482-6B3156AF1DFF}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe
FirewallRules: [{67D67110-4F2B-4101-B606-C043DE479E82}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7F8F8BA7-4C08-4F5E-9033-BEE2BC7FCD5B}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
FirewallRules: [{A0830F38-2AB8-487D-896B-4DAA5624CA0D}] => (Allow) C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe
==================== Restore Points =========================
19-04-2016 18:21:46 Windows Update
28-04-2016 16:13:35 Naplánovaný kontrolní bod
08-05-2016 21:03:22 Naplánovaný kontrolní bod
11-05-2016 21:17:36 Windows Update
==================== Faulty Device Manager Devices =============
Name: Bluetooth module
Description: Bluetooth module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/13/2016 02:28:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANCA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (05/13/2016 02:28:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DANCA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.
Error: (05/13/2016 02:07:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: CCleaner64.exe, verze: 5.4.0.5151, časové razítko: 0x55008736
Název chybujícího modulu: CCleaner64.exe, verze: 5.4.0.5151, časové razítko: 0x55008736
Kód výjimky: 0x40000015
Posun chyby: 0x00000000001040bd
ID chybujícího procesu: 0x25c
Čas spuštění chybující aplikace: 0xCCleaner64.exe0
Cesta k chybující aplikaci: CCleaner64.exe1
Cesta k chybujícímu modulu: CCleaner64.exe2
ID zprávy: CCleaner64.exe3
Úplný název chybujícího balíčku: CCleaner64.exe4
ID aplikace související s chybujícím balíčkem: CCleaner64.exe5
System errors:
=============
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 59%
Total physical RAM: 3981.55 MB
Available physical RAM: 1631.84 MB
Total Virtual: 5444.61 MB
Available Virtual: 1084 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:372.16 GB) (Free:274.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:536.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2FDDAFA8)
Partition: GPT.
==================== End of Addition.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
win32 a trojan
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: win32 a trojan
Zdravím!
K logu Additional ještě potřebuji vidět log FRST. Děkuji.
K logu Additional ještě potřebuji vidět log FRST. Děkuji.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: win32 a trojan
omlouvám se..
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Daniela (administrator) on DANCA (13-05-2016 18:33:52)
Running from C:\Users\Daniela\Desktop
Loaded Profiles: Daniela (Available Profiles: UpdatusUser & Daniela & Administrator & Guest)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\trz96E.tmp
(Winzipper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(tsvr.com) C:\Users\Daniela\AppData\Roaming\TSv\TSvr.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(WFini LIMITED) C:\ProgramData\JwinpJ\WFini.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(YahooChrome) C:\ProgramData\yahoochrome\desktop25.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Qksee Pvt Ltd.) C:\Users\Daniela\AppData\Local\Temp\istEBBE.tmp\tools\qksee\uninstall.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
() C:\ProgramData\Guntony\protect\protect.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-03-27] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [FlashPlayerManager] => C:\Users\Daniela\AppData\Roaming\Adobe\nircmd.exe [43520 2012-10-29] (NirSoft)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27911888 2016-03-15] (Microsoft Corporation)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [BingSvc] => C:\Users\Daniela\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-28] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Daniela\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Daniela\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39a6-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39e3-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {eb13e75a-3a10-11e5-be98-e03f4938a403} - "F:\Mafia2.part01.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229dd-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229f6-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-22] (AVAST Software)
Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * aswBoot.exe /M:63dcc2bc45e /wow /dir:"C:\Program Files\AVAST Software\Avast"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0FD20D51-39DA-409B-99E3-D926EEC4A6A6}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/U223_FRPage
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002 -> {78139A6F-775A-4455-8A58-AFBC7ACA787B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-03-27] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-22] (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-22] (AVAST Software)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-1255584756-4119768593-4182788369-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniela\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://search.iminent.com/?appId=DDFB7BBF-D328-49CB-A4A3-A0F99356D105","hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=257&lng=cs","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchURL: Default -> hxxp://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxp://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Dokumenty Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Disk Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-02-29]
CHR Extension: (YouTube) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Trovi) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcobmeegekklpjhibpmiemfgdphajann [2016-04-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Bleaner) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2016-02-29]
CHR Extension: (lkledilgabpellhganjgplgemmoadagh) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkledilgabpellhganjgplgemmoadagh [2015-08-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-02-29]
CHR Extension: (Gmail) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-03-27] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-22] (Avast Software)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
S2 ggbugreport; C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe [1588408 2016-02-05] ()
R2 Guntony_protect; C:\ProgramData\Guntony\protect\protect.exe [302976 2016-05-12] ()
S2 Guntony_update; C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [473472 2016-05-12] ()
R2 IhPul; C:\Users\Daniela\AppData\Roaming\TSv\TSvr.exe [359680 2016-04-13] (tsvr.com)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-04-22] (Elex do Brasil Participações Ltda)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4584208 2016-03-29] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-03-29] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [49424 2016-03-29] (AVG Technologies CZ, s.r.o.)
R2 WdMan; C:\ProgramData\JwinpJ\WFini.exe [582328 2016-04-13] (WFini LIMITED)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [705688 2016-04-13] (Winzipper Pvt Ltd.) <==== ATTENTION
R2 yahoochrometechnology; C:\ProgramData\yahoochrome\desktop25.exe [236768 2016-05-02] (YahooChrome)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-03-27] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-22] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-27] (Qualcomm Atheros)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-18] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-18] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2016-03-06] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2013-01-09] (Intel(R) Corporation) [File not signed]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-04-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-04-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-04-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil Participações Ltda)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-22] (AVAST Software)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-22] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-13 15:58 - 2016-05-13 15:58 - 00499235 _____ C:\Users\Daniela\Desktop\DAF-Truckphone-64739-CS.pdf
2016-05-13 15:58 - 2016-05-13 15:58 - 00499235 _____ C:\Users\Daniela\Desktop\DAF-Truckphone-64739-CS (1).pdf
2016-05-13 14:32 - 2016-05-13 14:44 - 00033688 _____ C:\Users\Daniela\Desktop\Addition.txt
2016-05-13 14:29 - 2016-05-13 18:33 - 00024410 _____ C:\Users\Daniela\Desktop\FRST.txt
2016-05-13 14:25 - 2016-05-13 14:25 - 02381312 _____ (Farbar) C:\Users\Daniela\Desktop\FRST64.exe
2016-05-13 14:12 - 2016-05-13 14:12 - 02381312 _____ (Farbar) C:\Users\Daniela\Downloads\FRST64.exe
2016-05-13 14:06 - 2016-05-13 16:07 - 00000001 _____ C:\WINDOWS\SysWOW64\en.html
2016-05-13 13:06 - 2016-05-13 13:06 - 00000000 ____D C:\ProgramData\Guntony
2016-05-13 13:02 - 2016-05-13 13:02 - 00000000 ____D C:\WINDOWS\system32\log
2016-05-13 13:02 - 2016-05-13 13:02 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Elex-tech
2016-05-13 13:02 - 2016-04-22 04:38 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2016-05-13 13:02 - 2015-06-30 04:50 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2016-05-13 13:01 - 2016-05-13 18:15 - 00000000 ____D C:\Program Files (x86)\Guntony
2016-05-13 13:01 - 2016-05-13 14:01 - 00002130 _____ C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 13:01 - 2016-05-13 13:01 - 00014744 _____ C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateUA
2016-05-13 13:01 - 2016-05-13 13:01 - 00014738 _____ C:\WINDOWS\System32\Tasks\GuntonyCheckTask
2016-05-13 13:01 - 2016-05-13 13:01 - 00003804 _____ C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateCore
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Public\Documents\Guntony
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\Elex-tech
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Daniela\AppData\Local\Guntony
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-05-11 22:35 - 2016-05-11 22:35 - 00000162 ____H C:\Users\Daniela\Documents\~$MĚPIS3.odt
2016-05-11 22:30 - 2016-05-11 22:30 - 00009058 _____ C:\Users\Daniela\Documents\ZEMĚPIS3.odt
2016-05-11 21:13 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 21:13 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 21:13 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-11 21:13 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-11 21:13 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-11 21:13 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-10 18:51 - 2016-05-13 14:08 - 00000000 ____D C:\Users\Daniela\Desktop\holašovice
2016-05-10 17:20 - 2016-05-10 18:49 - 04432608 _____ C:\Users\Daniela\Desktop\Holašovice.pptm
2016-05-06 20:02 - 2016-05-06 20:02 - 00054240 _____ C:\Users\Daniela\Desktop\EKO.dotx
2016-05-05 19:23 - 2016-05-05 19:23 - 00010320 _____ C:\Users\Daniela\Desktop\Pokus-Fyzika.wlmp
2016-05-02 21:18 - 2016-05-02 21:18 - 00000000 ____D C:\ProgramData\yahoochrome
2016-04-30 21:09 - 2016-04-30 21:09 - 00001088 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-30 21:09 - 2016-04-30 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-30 21:08 - 2016-04-30 21:08 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-04-20 06:05 - 2016-04-20 06:05 - 00007208 _____ C:\Users\Daniela\Desktop\HOLAŠOVICE.odt
2016-04-14 21:03 - 2016-01-26 21:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-04-14 21:03 - 2016-01-22 07:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-04-14 21:03 - 2016-01-22 07:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-04-14 21:02 - 2016-02-05 17:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-14 21:02 - 2016-02-05 17:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-14 21:02 - 2016-02-05 17:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-14 21:02 - 2016-02-05 17:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-14 21:02 - 2016-02-05 16:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-04-14 21:02 - 2016-02-04 18:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-04-14 21:02 - 2016-02-04 18:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-04-14 21:02 - 2016-02-03 17:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-04-14 21:02 - 2016-02-02 19:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-04-14 21:02 - 2016-01-21 21:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-14 21:02 - 2016-01-21 20:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-14 21:01 - 2016-04-04 08:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-14 21:01 - 2016-04-02 15:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-14 21:01 - 2016-04-02 15:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-14 21:01 - 2016-03-10 21:19 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-14 21:01 - 2016-03-10 21:17 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-14 21:01 - 2016-03-10 21:17 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-14 21:01 - 2016-03-10 21:17 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-14 21:01 - 2016-03-10 21:17 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-14 21:01 - 2016-03-10 21:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-14 21:01 - 2016-03-10 19:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-14 21:01 - 2016-03-10 19:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-14 21:01 - 2016-03-10 18:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-14 21:01 - 2016-03-10 18:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-14 21:01 - 2016-02-09 03:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-14 21:01 - 2016-02-09 03:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-14 21:01 - 2016-02-08 22:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-14 21:01 - 2016-02-08 22:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-04-14 21:01 - 2016-02-08 22:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-04-14 21:01 - 2016-02-08 21:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-14 21:01 - 2016-02-08 21:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-04-14 21:01 - 2016-02-08 21:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-04-14 21:01 - 2016-02-08 21:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-04-14 21:01 - 2016-02-08 21:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-04-14 21:01 - 2016-02-08 21:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-04-14 21:01 - 2016-02-08 21:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-14 21:01 - 2016-02-08 21:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-14 21:01 - 2016-02-08 20:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-14 21:01 - 2016-02-08 19:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-04-14 21:01 - 2016-02-08 19:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-04-14 21:01 - 2016-02-08 19:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-14 21:01 - 2016-02-08 19:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-04-14 21:01 - 2016-02-08 19:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-04-14 21:01 - 2016-02-08 18:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-04-14 21:01 - 2016-02-08 18:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-04-14 21:01 - 2016-02-08 18:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-04-14 21:01 - 2016-02-08 18:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-14 21:01 - 2016-02-08 18:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-04-14 21:01 - 2016-02-08 18:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-14 21:01 - 2016-02-08 18:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-14 21:01 - 2016-02-08 18:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-04-14 21:01 - 2016-02-08 18:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-14 21:01 - 2016-02-07 01:05 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-04-14 21:01 - 2016-02-07 00:41 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-04-14 21:01 - 2016-02-05 21:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-04-14 21:01 - 2016-02-04 20:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-04-14 21:01 - 2016-02-04 19:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-04-14 21:01 - 2016-02-03 17:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-04-14 21:01 - 2016-02-02 19:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-04-14 21:01 - 2016-02-02 19:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-04-14 21:01 - 2016-02-02 19:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-04-14 21:01 - 2016-02-02 19:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-04-14 21:01 - 2016-02-02 18:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-04-14 21:01 - 2016-02-02 18:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-04-14 21:01 - 2016-02-02 18:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-04-14 21:01 - 2016-02-02 18:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-04-14 21:01 - 2016-02-02 18:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-04-14 21:01 - 2016-01-31 19:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-04-14 21:01 - 2016-01-21 00:40 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-04-14 21:01 - 2014-11-08 04:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-14 21:01 - 2014-11-08 04:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-14 21:00 - 2016-01-27 17:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-04-14 20:50 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-14 20:50 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-14 20:50 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-04-14 20:50 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-14 20:50 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-04-14 20:50 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-14 20:50 - 2016-03-31 01:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-14 20:50 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-14 20:50 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-14 20:50 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-04-14 20:50 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-14 20:50 - 2016-03-31 01:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-04-14 20:50 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-04-14 20:50 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-04-14 20:50 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-04-14 20:50 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-04-14 20:50 - 2016-03-31 01:43 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-04-14 20:50 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-04-14 20:50 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-14 20:50 - 2016-03-31 01:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-04-14 20:50 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-04-14 20:50 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-04-14 20:50 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-04-14 20:50 - 2016-03-31 01:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-04-14 20:50 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-14 20:50 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-14 20:50 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-04-14 20:50 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-14 20:50 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-14 20:50 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-04-14 20:49 - 2016-03-16 01:00 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-14 20:49 - 2016-03-15 16:14 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-14 20:49 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-14 20:49 - 2016-03-10 20:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-04-14 20:49 - 2016-03-10 20:21 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-14 20:49 - 2016-03-10 20:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-14 20:49 - 2016-03-10 19:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-04-14 20:49 - 2016-03-10 19:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-04-14 20:49 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-14 20:49 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-14 20:49 - 2016-03-03 03:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-14 20:49 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-14 20:48 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-14 20:48 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-14 20:48 - 2016-03-03 18:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-14 20:47 - 2016-03-29 16:05 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-04-14 08:34 - 2016-05-13 13:53 - 00000000 ____D C:\Program Files (x86)\qksee
2016-04-14 08:34 - 2016-05-13 13:00 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\qksee
2016-04-14 08:34 - 2016-04-24 20:26 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-04-14 08:34 - 2016-04-14 08:34 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\WinZiper
2016-04-14 08:34 - 2016-04-14 08:34 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\eCyber
2016-04-14 08:34 - 2016-04-14 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-04-14 08:34 - 2016-04-14 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
2016-04-14 08:33 - 2016-04-14 08:33 - 00015036 _____ C:\WINDOWS\System32\Tasks\Browser Updater Task(Core)
2016-04-14 08:33 - 2016-04-14 08:33 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\TSv
2016-04-14 08:33 - 2016-04-14 08:33 - 00000000 ____D C:\ProgramData\JwinpJ
2016-04-14 08:33 - 2016-04-14 08:33 - 00000000 ____D C:\Program Files (x86)\QQBrowser
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-13 18:33 - 2014-12-28 19:09 - 00000000 ____D C:\FRST
2016-05-13 18:05 - 2015-02-07 23:55 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-13 16:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 14:34 - 2014-11-30 13:24 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1255584756-4119768593-4182788369-1002
2016-05-13 14:15 - 2016-02-18 16:46 - 00228352 ___SH C:\Users\Daniela\Downloads\Thumbs.db
2016-05-13 14:11 - 2016-02-21 14:14 - 01185280 ___SH C:\Users\Daniela\Desktop\Thumbs.db
2016-05-13 14:06 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-13 14:01 - 2015-08-03 20:48 - 00002076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 14:01 - 2015-08-03 20:48 - 00002006 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-13 13:53 - 2016-02-18 19:58 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
2016-05-13 13:53 - 2014-11-25 21:08 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\Adobe
2016-05-13 13:07 - 2016-02-19 09:24 - 00000000 ____D C:\Users\Guest\AppData\Roaming\uTorrent
2016-05-13 13:02 - 2016-02-19 09:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Seznam.cz
2016-05-13 12:58 - 2014-12-16 17:47 - 00000062 _____ C:\Users\Guest\AppData\Roaming\sp_data.sys
2016-05-13 12:57 - 2015-02-07 23:55 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-13 12:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-13 12:55 - 2014-12-31 19:02 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88987B9B-75D2-4A9C-BF69-E8A2216B18E0}
2016-05-11 22:19 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-11 22:13 - 2014-11-29 09:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 21:35 - 2014-11-29 09:35 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 21:32 - 2016-03-31 12:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-11 21:00 - 2014-11-25 22:26 - 00003944 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 21:00 - 2014-11-25 22:26 - 00003708 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 16:39 - 2012-07-26 07:26 - 00000301 _____ C:\WINDOWS\win.ini
2016-05-10 14:39 - 2015-04-06 18:46 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-10 14:39 - 2015-04-06 18:46 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-10 14:38 - 2014-12-12 17:40 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-06 20:03 - 2014-11-25 21:04 - 00000000 ____D C:\Users\Daniela\AppData\Local\Packages
2016-05-03 03:15 - 2016-03-17 19:39 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-03 03:15 - 2016-03-17 19:39 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-01 16:51 - 2014-11-25 21:05 - 00000000 ____D C:\Users\Daniela\AppData\Local\VirtualStore
2016-05-01 11:07 - 2014-11-25 21:08 - 00000074 _____ C:\Users\Daniela\AppData\Roaming\sp_data.sys
2016-05-01 11:05 - 2014-12-14 01:35 - 00000000 ____D C:\Users\Daniela\OneDrive
2016-04-27 21:40 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-19 18:49 - 2016-03-13 21:09 - 00000000 ____D C:\Users\Daniela\Desktop\Nová složka
2016-04-19 17:10 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-19 17:10 - 2013-08-22 16:44 - 00483416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-19 17:07 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-19 17:05 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-04-14 14:54 - 2014-11-30 13:25 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
==================== Files in the root of some directories =======
2014-11-25 21:08 - 2016-05-01 11:07 - 0000074 _____ () C:\Users\Daniela\AppData\Roaming\sp_data.sys
2014-11-27 15:05 - 2014-11-27 15:05 - 0007168 _____ () C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-13 18:59 - 2015-10-13 18:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-23 17:30 - 2015-08-23 17:30 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2013-05-01 13:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-03 06:31
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Daniela (administrator) on DANCA (13-05-2016 18:33:52)
Running from C:\Users\Daniela\Desktop
Loaded Profiles: Daniela (Available Profiles: UpdatusUser & Daniela & Administrator & Guest)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\trz96E.tmp
(Winzipper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(tsvr.com) C:\Users\Daniela\AppData\Roaming\TSv\TSvr.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(WFini LIMITED) C:\ProgramData\JwinpJ\WFini.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(YahooChrome) C:\ProgramData\yahoochrome\desktop25.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Qksee Pvt Ltd.) C:\Users\Daniela\AppData\Local\Temp\istEBBE.tmp\tools\qksee\uninstall.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
() C:\ProgramData\Guntony\protect\protect.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-03-27] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [FlashPlayerManager] => C:\Users\Daniela\AppData\Roaming\Adobe\nircmd.exe [43520 2012-10-29] (NirSoft)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27911888 2016-03-15] (Microsoft Corporation)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [BingSvc] => C:\Users\Daniela\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-28] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Daniela\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Daniela\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39a6-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39e3-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {eb13e75a-3a10-11e5-be98-e03f4938a403} - "F:\Mafia2.part01.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229dd-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229f6-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-22] (AVAST Software)
Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * aswBoot.exe /M:63dcc2bc45e /wow /dir:"C:\Program Files\AVAST Software\Avast"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0FD20D51-39DA-409B-99E3-D926EEC4A6A6}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/U223_FRPage
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002 -> {78139A6F-775A-4455-8A58-AFBC7ACA787B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-03-27] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-22] (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-22] (AVAST Software)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-1255584756-4119768593-4182788369-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniela\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://search.iminent.com/?appId=DDFB7BBF-D328-49CB-A4A3-A0F99356D105","hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=257&lng=cs","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchURL: Default -> hxxp://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxp://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Dokumenty Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Disk Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-02-29]
CHR Extension: (YouTube) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Trovi) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcobmeegekklpjhibpmiemfgdphajann [2016-04-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Bleaner) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2016-02-29]
CHR Extension: (lkledilgabpellhganjgplgemmoadagh) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkledilgabpellhganjgplgemmoadagh [2015-08-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-02-29]
CHR Extension: (Gmail) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-03-27] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-22] (Avast Software)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
S2 ggbugreport; C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe [1588408 2016-02-05] ()
R2 Guntony_protect; C:\ProgramData\Guntony\protect\protect.exe [302976 2016-05-12] ()
S2 Guntony_update; C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [473472 2016-05-12] ()
R2 IhPul; C:\Users\Daniela\AppData\Roaming\TSv\TSvr.exe [359680 2016-04-13] (tsvr.com)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-04-22] (Elex do Brasil Participações Ltda)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4584208 2016-03-29] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-03-29] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [49424 2016-03-29] (AVG Technologies CZ, s.r.o.)
R2 WdMan; C:\ProgramData\JwinpJ\WFini.exe [582328 2016-04-13] (WFini LIMITED)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [705688 2016-04-13] (Winzipper Pvt Ltd.) <==== ATTENTION
R2 yahoochrometechnology; C:\ProgramData\yahoochrome\desktop25.exe [236768 2016-05-02] (YahooChrome)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-03-27] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-22] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-27] (Qualcomm Atheros)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-18] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-18] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2016-03-06] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2013-01-09] (Intel(R) Corporation) [File not signed]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-04-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-04-22] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-04-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil Participações Ltda)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-22] (AVAST Software)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-22] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-13 15:58 - 2016-05-13 15:58 - 00499235 _____ C:\Users\Daniela\Desktop\DAF-Truckphone-64739-CS.pdf
2016-05-13 15:58 - 2016-05-13 15:58 - 00499235 _____ C:\Users\Daniela\Desktop\DAF-Truckphone-64739-CS (1).pdf
2016-05-13 14:32 - 2016-05-13 14:44 - 00033688 _____ C:\Users\Daniela\Desktop\Addition.txt
2016-05-13 14:29 - 2016-05-13 18:33 - 00024410 _____ C:\Users\Daniela\Desktop\FRST.txt
2016-05-13 14:25 - 2016-05-13 14:25 - 02381312 _____ (Farbar) C:\Users\Daniela\Desktop\FRST64.exe
2016-05-13 14:12 - 2016-05-13 14:12 - 02381312 _____ (Farbar) C:\Users\Daniela\Downloads\FRST64.exe
2016-05-13 14:06 - 2016-05-13 16:07 - 00000001 _____ C:\WINDOWS\SysWOW64\en.html
2016-05-13 13:06 - 2016-05-13 13:06 - 00000000 ____D C:\ProgramData\Guntony
2016-05-13 13:02 - 2016-05-13 13:02 - 00000000 ____D C:\WINDOWS\system32\log
2016-05-13 13:02 - 2016-05-13 13:02 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Elex-tech
2016-05-13 13:02 - 2016-04-22 04:38 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2016-05-13 13:02 - 2015-06-30 04:50 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2016-05-13 13:01 - 2016-05-13 18:15 - 00000000 ____D C:\Program Files (x86)\Guntony
2016-05-13 13:01 - 2016-05-13 14:01 - 00002130 _____ C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 13:01 - 2016-05-13 13:01 - 00014744 _____ C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateUA
2016-05-13 13:01 - 2016-05-13 13:01 - 00014738 _____ C:\WINDOWS\System32\Tasks\GuntonyCheckTask
2016-05-13 13:01 - 2016-05-13 13:01 - 00003804 _____ C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateCore
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Public\Documents\Guntony
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\Elex-tech
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Daniela\AppData\Local\Guntony
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-05-11 22:35 - 2016-05-11 22:35 - 00000162 ____H C:\Users\Daniela\Documents\~$MĚPIS3.odt
2016-05-11 22:30 - 2016-05-11 22:30 - 00009058 _____ C:\Users\Daniela\Documents\ZEMĚPIS3.odt
2016-05-11 21:13 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 21:13 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 21:13 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-11 21:13 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-11 21:13 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-11 21:13 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-10 18:51 - 2016-05-13 14:08 - 00000000 ____D C:\Users\Daniela\Desktop\holašovice
2016-05-10 17:20 - 2016-05-10 18:49 - 04432608 _____ C:\Users\Daniela\Desktop\Holašovice.pptm
2016-05-06 20:02 - 2016-05-06 20:02 - 00054240 _____ C:\Users\Daniela\Desktop\EKO.dotx
2016-05-05 19:23 - 2016-05-05 19:23 - 00010320 _____ C:\Users\Daniela\Desktop\Pokus-Fyzika.wlmp
2016-05-02 21:18 - 2016-05-02 21:18 - 00000000 ____D C:\ProgramData\yahoochrome
2016-04-30 21:09 - 2016-04-30 21:09 - 00001088 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-30 21:09 - 2016-04-30 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-30 21:08 - 2016-04-30 21:08 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-04-20 06:05 - 2016-04-20 06:05 - 00007208 _____ C:\Users\Daniela\Desktop\HOLAŠOVICE.odt
2016-04-14 21:03 - 2016-01-26 21:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-04-14 21:03 - 2016-01-22 07:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-04-14 21:03 - 2016-01-22 07:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-04-14 21:02 - 2016-02-05 17:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-14 21:02 - 2016-02-05 17:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-14 21:02 - 2016-02-05 17:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-14 21:02 - 2016-02-05 17:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-14 21:02 - 2016-02-05 16:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-04-14 21:02 - 2016-02-04 18:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-04-14 21:02 - 2016-02-04 18:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-04-14 21:02 - 2016-02-03 17:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-04-14 21:02 - 2016-02-02 19:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-04-14 21:02 - 2016-01-21 21:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-14 21:02 - 2016-01-21 20:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-14 21:01 - 2016-04-04 08:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-14 21:01 - 2016-04-02 15:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-14 21:01 - 2016-04-02 15:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-14 21:01 - 2016-03-10 21:19 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-14 21:01 - 2016-03-10 21:17 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-14 21:01 - 2016-03-10 21:17 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-14 21:01 - 2016-03-10 21:17 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-14 21:01 - 2016-03-10 21:17 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-14 21:01 - 2016-03-10 21:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-14 21:01 - 2016-03-10 19:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-14 21:01 - 2016-03-10 19:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-14 21:01 - 2016-03-10 18:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-14 21:01 - 2016-03-10 18:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-14 21:01 - 2016-02-09 03:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-14 21:01 - 2016-02-09 03:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-14 21:01 - 2016-02-08 22:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-14 21:01 - 2016-02-08 22:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-04-14 21:01 - 2016-02-08 22:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-04-14 21:01 - 2016-02-08 21:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-14 21:01 - 2016-02-08 21:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-04-14 21:01 - 2016-02-08 21:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-04-14 21:01 - 2016-02-08 21:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-04-14 21:01 - 2016-02-08 21:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-04-14 21:01 - 2016-02-08 21:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-04-14 21:01 - 2016-02-08 21:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-14 21:01 - 2016-02-08 21:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-14 21:01 - 2016-02-08 20:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-14 21:01 - 2016-02-08 19:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-04-14 21:01 - 2016-02-08 19:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-04-14 21:01 - 2016-02-08 19:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-14 21:01 - 2016-02-08 19:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-04-14 21:01 - 2016-02-08 19:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-04-14 21:01 - 2016-02-08 18:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-04-14 21:01 - 2016-02-08 18:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-04-14 21:01 - 2016-02-08 18:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-04-14 21:01 - 2016-02-08 18:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-14 21:01 - 2016-02-08 18:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-04-14 21:01 - 2016-02-08 18:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-14 21:01 - 2016-02-08 18:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-14 21:01 - 2016-02-08 18:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-04-14 21:01 - 2016-02-08 18:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-14 21:01 - 2016-02-07 01:05 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-04-14 21:01 - 2016-02-07 00:41 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-04-14 21:01 - 2016-02-05 21:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-04-14 21:01 - 2016-02-04 20:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-04-14 21:01 - 2016-02-04 19:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-04-14 21:01 - 2016-02-03 17:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-04-14 21:01 - 2016-02-02 19:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-04-14 21:01 - 2016-02-02 19:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-04-14 21:01 - 2016-02-02 19:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-04-14 21:01 - 2016-02-02 19:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-04-14 21:01 - 2016-02-02 18:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-04-14 21:01 - 2016-02-02 18:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-04-14 21:01 - 2016-02-02 18:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-04-14 21:01 - 2016-02-02 18:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-04-14 21:01 - 2016-02-02 18:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-04-14 21:01 - 2016-01-31 19:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-04-14 21:01 - 2016-01-21 00:40 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-04-14 21:01 - 2014-11-08 04:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-14 21:01 - 2014-11-08 04:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-14 21:00 - 2016-01-27 17:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-04-14 20:50 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-14 20:50 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-14 20:50 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-04-14 20:50 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-14 20:50 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-04-14 20:50 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-14 20:50 - 2016-03-31 01:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-14 20:50 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-14 20:50 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-14 20:50 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-04-14 20:50 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-14 20:50 - 2016-03-31 01:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-04-14 20:50 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-04-14 20:50 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-04-14 20:50 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-04-14 20:50 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-04-14 20:50 - 2016-03-31 01:43 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-04-14 20:50 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-04-14 20:50 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-14 20:50 - 2016-03-31 01:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-04-14 20:50 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-04-14 20:50 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-04-14 20:50 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-04-14 20:50 - 2016-03-31 01:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-04-14 20:50 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-14 20:50 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-14 20:50 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-04-14 20:50 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-14 20:50 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-14 20:50 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-04-14 20:49 - 2016-03-16 01:00 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-14 20:49 - 2016-03-15 16:14 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-14 20:49 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-14 20:49 - 2016-03-10 20:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-04-14 20:49 - 2016-03-10 20:21 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-14 20:49 - 2016-03-10 20:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-14 20:49 - 2016-03-10 19:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-04-14 20:49 - 2016-03-10 19:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-04-14 20:49 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-14 20:49 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-14 20:49 - 2016-03-03 03:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-14 20:49 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-14 20:48 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-14 20:48 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-14 20:48 - 2016-03-03 18:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-14 20:47 - 2016-03-29 16:05 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-04-14 08:34 - 2016-05-13 13:53 - 00000000 ____D C:\Program Files (x86)\qksee
2016-04-14 08:34 - 2016-05-13 13:00 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\qksee
2016-04-14 08:34 - 2016-04-24 20:26 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-04-14 08:34 - 2016-04-14 08:34 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\WinZiper
2016-04-14 08:34 - 2016-04-14 08:34 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\eCyber
2016-04-14 08:34 - 2016-04-14 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-04-14 08:34 - 2016-04-14 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
2016-04-14 08:33 - 2016-04-14 08:33 - 00015036 _____ C:\WINDOWS\System32\Tasks\Browser Updater Task(Core)
2016-04-14 08:33 - 2016-04-14 08:33 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\TSv
2016-04-14 08:33 - 2016-04-14 08:33 - 00000000 ____D C:\ProgramData\JwinpJ
2016-04-14 08:33 - 2016-04-14 08:33 - 00000000 ____D C:\Program Files (x86)\QQBrowser
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-13 18:33 - 2014-12-28 19:09 - 00000000 ____D C:\FRST
2016-05-13 18:05 - 2015-02-07 23:55 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-13 16:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 14:34 - 2014-11-30 13:24 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1255584756-4119768593-4182788369-1002
2016-05-13 14:15 - 2016-02-18 16:46 - 00228352 ___SH C:\Users\Daniela\Downloads\Thumbs.db
2016-05-13 14:11 - 2016-02-21 14:14 - 01185280 ___SH C:\Users\Daniela\Desktop\Thumbs.db
2016-05-13 14:06 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-13 14:01 - 2015-08-03 20:48 - 00002076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 14:01 - 2015-08-03 20:48 - 00002006 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-13 13:53 - 2016-02-18 19:58 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
2016-05-13 13:53 - 2014-11-25 21:08 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\Adobe
2016-05-13 13:07 - 2016-02-19 09:24 - 00000000 ____D C:\Users\Guest\AppData\Roaming\uTorrent
2016-05-13 13:02 - 2016-02-19 09:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Seznam.cz
2016-05-13 12:58 - 2014-12-16 17:47 - 00000062 _____ C:\Users\Guest\AppData\Roaming\sp_data.sys
2016-05-13 12:57 - 2015-02-07 23:55 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-13 12:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-13 12:55 - 2014-12-31 19:02 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88987B9B-75D2-4A9C-BF69-E8A2216B18E0}
2016-05-11 22:19 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-11 22:13 - 2014-11-29 09:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 21:35 - 2014-11-29 09:35 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 21:32 - 2016-03-31 12:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-11 21:00 - 2014-11-25 22:26 - 00003944 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 21:00 - 2014-11-25 22:26 - 00003708 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 16:39 - 2012-07-26 07:26 - 00000301 _____ C:\WINDOWS\win.ini
2016-05-10 14:39 - 2015-04-06 18:46 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-10 14:39 - 2015-04-06 18:46 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-10 14:38 - 2014-12-12 17:40 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-06 20:03 - 2014-11-25 21:04 - 00000000 ____D C:\Users\Daniela\AppData\Local\Packages
2016-05-03 03:15 - 2016-03-17 19:39 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-03 03:15 - 2016-03-17 19:39 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-01 16:51 - 2014-11-25 21:05 - 00000000 ____D C:\Users\Daniela\AppData\Local\VirtualStore
2016-05-01 11:07 - 2014-11-25 21:08 - 00000074 _____ C:\Users\Daniela\AppData\Roaming\sp_data.sys
2016-05-01 11:05 - 2014-12-14 01:35 - 00000000 ____D C:\Users\Daniela\OneDrive
2016-04-27 21:40 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-19 18:49 - 2016-03-13 21:09 - 00000000 ____D C:\Users\Daniela\Desktop\Nová složka
2016-04-19 17:10 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-19 17:10 - 2013-08-22 16:44 - 00483416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-19 17:07 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-19 17:05 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-04-14 14:54 - 2014-11-30 13:25 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
==================== Files in the root of some directories =======
2014-11-25 21:08 - 2016-05-01 11:07 - 0000074 _____ () C:\Users\Daniela\AppData\Roaming\sp_data.sys
2014-11-27 15:05 - 2014-11-27 15:05 - 0007168 _____ () C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-13 18:59 - 2015-10-13 18:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-23 17:30 - 2015-08-23 17:30 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2013-05-01 13:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-03 06:31
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: win32 a trojan
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: win32 a trojan
# AdwCleaner v5.116 - Log soubor vytvořen 13/05/2016 o 20:41:32
# Aktualizováno 09/05/2016 by Xplode
# Databáze : 2016-05-13.1 [Server]
# Operační systém : Windows 8.1 (X64)
# Jméno uživatele : Daniela - DANCA
# Spuštěno z : C:\Users\Daniela\Desktop\adwcleaner_5.116.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum
***** [ Služby ] *****
[-] Služba smazáno : iSafeKrnl
[-] Služba smazáno : iSafeKrnlBoot
[-] Služba smazáno : iSafeKrnlKit
[-] Služba smazáno : iSafeKrnlMon
[-] Služba smazáno : iSafeKrnlR3
[-] Služba smazáno : iSafeNetFilter
[-] Služba smazáno : iSafeService
[-] Služba smazáno : winzipersvc
[-] Služba smazáno : IhPul
[-] Služba smazáno : WdMan
[-] Služba smazáno : ggbugreport
[-] Služba smazáno : Winsere
[-] Služba smazáno : qkseeService
***** [ Složky ] *****
[-] Složka smazáno : C:\ProgramData\JwinpJ
[#] Složka smazáno : C:\ProgramData\Application Data\JwinpJ
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
[#] Složka smazáno : C:\Program Files (x86)\Elex-tech
[-] Složka smazáno : C:\Program Files (x86)\globalUpdate
[-] Složka smazáno : C:\Program Files (x86)\GUPlayer
[-] Složka smazáno : C:\Program Files (x86)\predm
[-] Složka smazáno : C:\Program Files (x86)\WinZipper
[-] Složka smazáno : C:\Program Files (x86)\SearchesToYesbnd
[-] Složka smazáno : C:\Program Files (x86)\Winsere
[-] Složka smazáno : C:\Program Files (x86)\WinTaske
[-] Složka smazáno : C:\Program Files (x86)\qksee
[#] Složka smazáno : C:\Program Files (x86)\QQBrowser
[-] Složka smazáno : C:\Users\Daniela\AppData\Local\globalUpdate
[-] Složka smazáno : C:\Users\Daniela\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Složka smazáno : C:\Users\Daniela\AppData\Roaming\eCyber
[#] Složka smazáno : C:\Users\Daniela\AppData\Roaming\Elex-tech
[-] Složka smazáno : C:\Users\Daniela\AppData\Roaming\RHEng
[-] Složka smazáno : C:\Users\Daniela\AppData\Roaming\TSv
[-] Složka smazáno : C:\Users\Daniela\AppData\Roaming\qksee
[-] Složka smazáno : C:\Users\Daniela\AppData\Roaming\WinZiper
[-] Složka smazáno : C:\Users\Guest\AppData\Local\Crossbrowse
[#] Složka smazáno : C:\Users\Guest\AppData\Roaming\Elex-tech
[-] Složka smazáno : C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
***** [ Soubory ] *****
[-] Soubor smazáno : C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk
[-] Soubor smazáno : C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazáno : C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] Soubor smazáno : C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úkoly ] *****
[-] Úkol smazáno : amiupdaterExd
[-] Úkol smazáno : amiupdaterExi
[-] Úkol smazáno : WinTaske
[-] Úkol smazáno : Browser Updater Task(Core)
***** [ Registr ] *****
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Klávesa smazáno : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klávesa smazáno : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.001
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.z
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Klávesa smazáno : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.bmp
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.gif
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.ico
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.jpeg
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.jpg
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.png
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.tif
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Klávesa smazáno : HKCU\Software\ArenaHD
[-] Klávesa smazáno : HKCU\Software\GlobalUpdate
[-] Klávesa smazáno : HKCU\Software\HighDefAction
[-] Klávesa smazáno : HKCU\Software\Microsoft\Tinstalls
[-] Klávesa smazáno : HKCU\Software\TutoTag
[-] Klávesa smazáno : HKCU\Software\YorkNewCin
[-] Klávesa smazáno : HKCU\Software\Mail.Ru
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Crossrider
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Klávesa smazáno : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Klávesa smazáno : HKLM\SOFTWARE\ArenaHD
[-] Klávesa smazáno : HKLM\SOFTWARE\Elex-tech
[-] Klávesa smazáno : HKLM\SOFTWARE\hdcode
[-] Klávesa smazáno : HKLM\SOFTWARE\HighDefAction
[-] Klávesa smazáno : HKLM\SOFTWARE\TSv
[-] Klávesa smazáno : HKLM\SOFTWARE\yessearchesSoftware
[-] Klávesa smazáno : HKLM\SOFTWARE\YorkNewCin
[-] Klávesa smazáno : HKLM\SOFTWARE\qkseeSvc
[-] Klávesa smazáno : HKLM\SOFTWARE\qksee
[-] Klávesa smazáno : HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klávesa smazáno : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Klávesa smazáno : HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\ArenaHD
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\HighDefAction
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klávesa smazáno : HKU\.DEFAULT\Software\Elex-tech
[-] Klávesa smazáno : HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klávesa smazáno : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
***** [ Webové prohlížeče ] *****
[-] [C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] smazáno : hxxp://search.iminent.com/?appId=DDFB7BBF-D328-49CB-A4A3-A0F99356D105
[-] [C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] smazáno : hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=257&lng=cs
[-] [C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : lkadffjmnaiokkdncgdlecdegajoiemi
*************************
:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [9797 bytes] - [13/05/2016 20:41:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [10610 bytes] - [13/05/2016 20:36:14]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [9944 bytes] ##########
# Aktualizováno 09/05/2016 by Xplode
# Databáze : 2016-05-13.1 [Server]
# Operační systém : Windows 8.1 (X64)
# Jméno uživatele : Daniela - DANCA
# Spuštěno z : C:\Users\Daniela\Desktop\adwcleaner_5.116.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum
***** [ Služby ] *****
[-] Služba smazáno : iSafeKrnl
[-] Služba smazáno : iSafeKrnlBoot
[-] Služba smazáno : iSafeKrnlKit
[-] Služba smazáno : iSafeKrnlMon
[-] Služba smazáno : iSafeKrnlR3
[-] Služba smazáno : iSafeNetFilter
[-] Služba smazáno : iSafeService
[-] Služba smazáno : winzipersvc
[-] Služba smazáno : IhPul
[-] Služba smazáno : WdMan
[-] Služba smazáno : ggbugreport
[-] Služba smazáno : Winsere
[-] Služba smazáno : qkseeService
***** [ Složky ] *****
[-] Složka smazáno : C:\ProgramData\JwinpJ
[#] Složka smazáno : C:\ProgramData\Application Data\JwinpJ
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
[#] Složka smazáno : C:\Program Files (x86)\Elex-tech
[-] Složka smazáno : C:\Program Files (x86)\globalUpdate
[-] Složka smazáno : C:\Program Files (x86)\GUPlayer
[-] Složka smazáno : C:\Program Files (x86)\predm
[-] Složka smazáno : C:\Program Files (x86)\WinZipper
[-] Složka smazáno : C:\Program Files (x86)\SearchesToYesbnd
[-] Složka smazáno : C:\Program Files (x86)\Winsere
[-] Složka smazáno : C:\Program Files (x86)\WinTaske
[-] Složka smazáno : C:\Program Files (x86)\qksee
[#] Složka smazáno : C:\Program Files (x86)\QQBrowser
[-] Složka smazáno : C:\Users\Daniela\AppData\Local\globalUpdate
[-] Složka smazáno : C:\Users\Daniela\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Složka smazáno : C:\Users\Daniela\AppData\Roaming\eCyber
[#] Složka smazáno : C:\Users\Daniela\AppData\Roaming\Elex-tech
[-] Složka smazáno : C:\Users\Daniela\AppData\Roaming\RHEng
[-] Složka smazáno : C:\Users\Daniela\AppData\Roaming\TSv
[-] Složka smazáno : C:\Users\Daniela\AppData\Roaming\qksee
[-] Složka smazáno : C:\Users\Daniela\AppData\Roaming\WinZiper
[-] Složka smazáno : C:\Users\Guest\AppData\Local\Crossbrowse
[#] Složka smazáno : C:\Users\Guest\AppData\Roaming\Elex-tech
[-] Složka smazáno : C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
***** [ Soubory ] *****
[-] Soubor smazáno : C:\Users\Daniela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk
[-] Soubor smazáno : C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazáno : C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] Soubor smazáno : C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úkoly ] *****
[-] Úkol smazáno : amiupdaterExd
[-] Úkol smazáno : amiupdaterExi
[-] Úkol smazáno : WinTaske
[-] Úkol smazáno : Browser Updater Task(Core)
***** [ Registr ] *****
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Klávesa smazáno : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klávesa smazáno : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.001
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.z
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Klávesa smazáno : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.bmp
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.gif
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.ico
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.jpeg
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.jpg
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.png
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\qkseeViewer.tif
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Klávesa smazáno : HKCU\Software\ArenaHD
[-] Klávesa smazáno : HKCU\Software\GlobalUpdate
[-] Klávesa smazáno : HKCU\Software\HighDefAction
[-] Klávesa smazáno : HKCU\Software\Microsoft\Tinstalls
[-] Klávesa smazáno : HKCU\Software\TutoTag
[-] Klávesa smazáno : HKCU\Software\YorkNewCin
[-] Klávesa smazáno : HKCU\Software\Mail.Ru
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Crossrider
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Klávesa smazáno : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Klávesa smazáno : HKLM\SOFTWARE\ArenaHD
[-] Klávesa smazáno : HKLM\SOFTWARE\Elex-tech
[-] Klávesa smazáno : HKLM\SOFTWARE\hdcode
[-] Klávesa smazáno : HKLM\SOFTWARE\HighDefAction
[-] Klávesa smazáno : HKLM\SOFTWARE\TSv
[-] Klávesa smazáno : HKLM\SOFTWARE\yessearchesSoftware
[-] Klávesa smazáno : HKLM\SOFTWARE\YorkNewCin
[-] Klávesa smazáno : HKLM\SOFTWARE\qkseeSvc
[-] Klávesa smazáno : HKLM\SOFTWARE\qksee
[-] Klávesa smazáno : HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klávesa smazáno : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Klávesa smazáno : HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\ArenaHD
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\HighDefAction
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klávesa smazáno : HKU\.DEFAULT\Software\Elex-tech
[-] Klávesa smazáno : HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klávesa smazáno : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
***** [ Webové prohlížeče ] *****
[-] [C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] smazáno : hxxp://search.iminent.com/?appId=DDFB7BBF-D328-49CB-A4A3-A0F99356D105
[-] [C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] smazáno : hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=257&lng=cs
[-] [C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : lkadffjmnaiokkdncgdlecdegajoiemi
*************************
:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [9797 bytes] - [13/05/2016 20:41:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [10610 bytes] - [13/05/2016 20:36:14]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [9944 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: win32 a trojan
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: win32 a trojan
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Daniela (administrator) on DANCA (13-05-2016 21:56:39)
Running from C:\Users\Daniela\Desktop
Loaded Profiles: Daniela (Available Profiles: UpdatusUser & Daniela & Administrator & Guest)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(YahooChrome) C:\ProgramData\yahoochrome\desktop25.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\Guntony\protect\protect.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-03-27] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [FlashPlayerManager] => C:\Users\Daniela\AppData\Roaming\Adobe\nircmd.exe [43520 2012-10-29] (NirSoft)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27911888 2016-03-15] (Microsoft Corporation)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [BingSvc] => C:\Users\Daniela\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-28] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Daniela\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Daniela\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39a6-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39e3-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {eb13e75a-3a10-11e5-be98-e03f4938a403} - "F:\Mafia2.part01.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229dd-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229f6-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-22] (AVAST Software)
Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0FD20D51-39DA-409B-99E3-D926EEC4A6A6}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/U223_FRPage
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002 -> {78139A6F-775A-4455-8A58-AFBC7ACA787B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-03-27] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-22] (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-22] (AVAST Software)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-1255584756-4119768593-4182788369-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniela\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://search.iminent.com/?appId=DDFB7BBF-D328-49CB-A4A3-A0F99356D105","hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=257&lng=cs","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchURL: Default -> hxxp://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxp://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Dokumenty Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Disk Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-02-29]
CHR Extension: (YouTube) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Trovi) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcobmeegekklpjhibpmiemfgdphajann [2016-04-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (lkledilgabpellhganjgplgemmoadagh) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkledilgabpellhganjgplgemmoadagh [2015-08-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-02-29]
CHR Extension: (Gmail) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-03-27] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-22] (Avast Software)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
R2 Guntony_protect; C:\ProgramData\Guntony\protect\protect.exe [302976 2016-05-12] ()
S2 Guntony_update; C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [473472 2016-05-12] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4584208 2016-03-29] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-03-29] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [49424 2016-03-29] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 yahoochrometechnology; C:\ProgramData\yahoochrome\desktop25.exe [236768 2016-05-02] (YahooChrome)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-03-27] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-22] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-27] (Qualcomm Atheros)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-18] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-18] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2016-03-06] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2013-01-09] (Intel(R) Corporation) [File not signed]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-22] (AVAST Software)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-22] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-13 20:35 - 2016-05-13 20:41 - 00000000 ____D C:\AdwCleaner
2016-05-13 20:35 - 2016-05-13 20:35 - 03640384 _____ C:\Users\Daniela\Desktop\adwcleaner_5.116.exe
2016-05-13 18:46 - 2016-05-13 18:46 - 00000001 _____ C:\WINDOWS\SysWOW64\en.html
2016-05-13 15:58 - 2016-05-13 15:58 - 00499235 _____ C:\Users\Daniela\Desktop\DAF-Truckphone-64739-CS.pdf
2016-05-13 15:58 - 2016-05-13 15:58 - 00499235 _____ C:\Users\Daniela\Desktop\DAF-Truckphone-64739-CS (1).pdf
2016-05-13 14:32 - 2016-05-13 18:38 - 00035857 _____ C:\Users\Daniela\Desktop\Addition.txt
2016-05-13 14:29 - 2016-05-13 21:56 - 00021993 _____ C:\Users\Daniela\Desktop\FRST.txt
2016-05-13 14:25 - 2016-05-13 14:25 - 02381312 _____ (Farbar) C:\Users\Daniela\Desktop\FRST64.exe
2016-05-13 14:12 - 2016-05-13 14:12 - 02381312 _____ (Farbar) C:\Users\Daniela\Downloads\FRST64.exe
2016-05-13 13:06 - 2016-05-13 13:06 - 00000000 ____D C:\ProgramData\Guntony
2016-05-13 13:02 - 2016-05-13 20:43 - 00000000 ____D C:\WINDOWS\system32\log
2016-05-13 13:02 - 2016-05-13 13:02 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Elex-tech
2016-05-13 13:01 - 2016-05-13 20:35 - 00000000 ____D C:\Program Files (x86)\Guntony
2016-05-13 13:01 - 2016-05-13 14:01 - 00002130 _____ C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 13:01 - 2016-05-13 13:01 - 00014744 _____ C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateUA
2016-05-13 13:01 - 2016-05-13 13:01 - 00014738 _____ C:\WINDOWS\System32\Tasks\GuntonyCheckTask
2016-05-13 13:01 - 2016-05-13 13:01 - 00003804 _____ C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateCore
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Public\Documents\Guntony
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\Elex-tech
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Daniela\AppData\Local\Guntony
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-05-11 22:35 - 2016-05-11 22:35 - 00000162 ____H C:\Users\Daniela\Documents\~$MĚPIS3.odt
2016-05-11 22:30 - 2016-05-11 22:30 - 00009058 _____ C:\Users\Daniela\Documents\ZEMĚPIS3.odt
2016-05-11 21:16 - 2016-04-22 22:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 21:16 - 2016-04-22 22:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 21:16 - 2016-04-22 22:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 21:16 - 2016-04-22 22:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 21:16 - 2016-04-22 22:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 21:16 - 2016-04-22 22:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 21:16 - 2016-04-22 21:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 21:16 - 2016-04-22 21:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 21:16 - 2016-04-22 21:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-05-11 21:16 - 2016-04-22 21:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 21:16 - 2016-04-22 21:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 21:16 - 2016-04-22 21:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-05-11 21:16 - 2016-04-22 21:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-05-11 21:16 - 2016-04-22 21:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-05-11 21:16 - 2016-04-22 21:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-05-11 21:16 - 2016-04-22 21:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-05-11 21:16 - 2016-04-22 20:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 21:16 - 2016-04-22 20:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 21:16 - 2016-04-22 20:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-05-11 21:16 - 2016-04-22 20:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-11 21:16 - 2016-04-22 20:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-05-11 21:16 - 2016-04-22 20:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-05-11 21:16 - 2016-04-22 20:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-05-11 21:16 - 2016-04-22 20:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 21:16 - 2016-04-22 20:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-11 21:16 - 2016-04-22 20:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 21:15 - 2016-04-22 20:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-05-11 21:15 - 2016-04-22 20:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-05-11 21:15 - 2016-04-22 20:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-05-11 21:14 - 2016-04-06 23:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-11 21:14 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-05-11 21:14 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-05-11 21:14 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-11 21:14 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-11 21:14 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-05-11 21:14 - 2016-04-06 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-05-11 21:14 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-11 21:14 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 21:14 - 2016-04-06 18:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-05-11 21:14 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 21:14 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 21:14 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 21:13 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 21:13 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 21:13 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 21:13 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 21:13 - 2016-04-10 06:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 21:13 - 2016-04-10 01:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-11 21:13 - 2016-04-10 00:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 21:13 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 21:13 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 21:13 - 2016-03-29 03:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 21:13 - 2016-03-14 18:50 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-11 21:13 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-11 21:13 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-11 21:13 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-11 21:13 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-05-11 21:13 - 2016-03-10 18:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-11 21:13 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-05-11 21:13 - 2016-03-10 18:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-11 21:13 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 21:13 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 21:13 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-11 21:13 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-11 21:13 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-11 21:13 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-11 21:12 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 21:07 - 2016-03-16 03:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-11 21:07 - 2016-03-16 03:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-11 21:07 - 2016-03-10 18:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-05-11 21:06 - 2016-04-11 08:21 - 00074584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-05-10 18:51 - 2016-05-13 14:08 - 00000000 ____D C:\Users\Daniela\Desktop\holašovice
2016-05-10 17:20 - 2016-05-10 18:49 - 04432608 _____ C:\Users\Daniela\Desktop\Holašovice.pptm
2016-05-06 20:02 - 2016-05-06 20:02 - 00054240 _____ C:\Users\Daniela\Desktop\EKO.dotx
2016-05-05 19:23 - 2016-05-05 19:23 - 00010320 _____ C:\Users\Daniela\Desktop\Pokus-Fyzika.wlmp
2016-05-02 21:18 - 2016-05-02 21:18 - 00000000 ____D C:\ProgramData\yahoochrome
2016-04-30 21:09 - 2016-04-30 21:09 - 00001088 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-30 21:09 - 2016-04-30 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-30 21:08 - 2016-04-30 21:08 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-04-20 06:05 - 2016-04-20 06:05 - 00007208 _____ C:\Users\Daniela\Desktop\HOLAŠOVICE.odt
2016-04-14 21:03 - 2016-01-26 21:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-04-14 21:03 - 2016-01-22 07:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-04-14 21:03 - 2016-01-22 07:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-04-14 21:02 - 2016-02-11 22:17 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-14 21:02 - 2016-02-11 22:17 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-14 21:02 - 2016-02-11 22:17 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-14 21:02 - 2016-02-11 22:17 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-14 21:02 - 2016-02-11 22:17 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-14 21:02 - 2016-02-11 22:16 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-14 21:02 - 2016-02-09 20:07 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-04-14 21:02 - 2016-02-05 17:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-14 21:02 - 2016-02-05 17:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-14 21:02 - 2016-02-05 17:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-14 21:02 - 2016-02-05 17:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-14 21:02 - 2016-02-05 16:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-04-14 21:02 - 2016-02-04 18:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-04-14 21:02 - 2016-02-04 18:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-04-14 21:02 - 2016-02-03 17:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-04-14 21:02 - 2016-02-02 20:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-14 21:02 - 2016-02-02 19:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-04-14 21:02 - 2016-01-21 21:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-14 21:02 - 2016-01-21 20:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-14 21:01 - 2016-04-04 08:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-14 21:01 - 2016-04-02 15:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-14 21:01 - 2016-04-02 15:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-14 21:01 - 2016-03-10 21:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-14 21:01 - 2016-03-10 19:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-14 21:01 - 2016-03-10 19:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-14 21:01 - 2016-03-10 18:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-14 21:01 - 2016-03-10 18:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-14 21:01 - 2016-02-09 03:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-14 21:01 - 2016-02-09 03:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-14 21:01 - 2016-02-08 22:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-14 21:01 - 2016-02-08 22:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-04-14 21:01 - 2016-02-08 22:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-04-14 21:01 - 2016-02-08 21:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-14 21:01 - 2016-02-08 21:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-04-14 21:01 - 2016-02-08 21:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-04-14 21:01 - 2016-02-08 21:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-04-14 21:01 - 2016-02-08 21:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-04-14 21:01 - 2016-02-08 21:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-04-14 21:01 - 2016-02-08 21:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-14 21:01 - 2016-02-08 21:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-14 21:01 - 2016-02-08 20:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-14 21:01 - 2016-02-08 19:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-04-14 21:01 - 2016-02-08 19:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-04-14 21:01 - 2016-02-08 19:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-14 21:01 - 2016-02-08 19:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-04-14 21:01 - 2016-02-08 19:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-04-14 21:01 - 2016-02-08 18:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-04-14 21:01 - 2016-02-08 18:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-04-14 21:01 - 2016-02-08 18:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-04-14 21:01 - 2016-02-08 18:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-14 21:01 - 2016-02-08 18:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-04-14 21:01 - 2016-02-08 18:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-14 21:01 - 2016-02-08 18:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-14 21:01 - 2016-02-08 18:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-04-14 21:01 - 2016-02-08 18:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-14 21:01 - 2016-02-07 01:05 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-04-14 21:01 - 2016-02-05 21:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-04-14 21:01 - 2016-02-04 20:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-04-14 21:01 - 2016-02-04 19:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-04-14 21:01 - 2016-02-03 17:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-04-14 21:01 - 2016-02-02 19:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-04-14 21:01 - 2016-02-02 19:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-04-14 21:01 - 2016-02-02 19:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-04-14 21:01 - 2016-02-02 19:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-04-14 21:01 - 2016-02-02 18:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-04-14 21:01 - 2016-02-02 18:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-04-14 21:01 - 2016-02-02 18:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-04-14 21:01 - 2016-02-02 18:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-04-14 21:01 - 2016-02-02 18:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-04-14 21:01 - 2016-01-31 19:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-04-14 21:01 - 2016-01-21 00:40 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-04-14 21:01 - 2014-11-08 04:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-14 21:01 - 2014-11-08 04:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-14 21:00 - 2016-01-27 17:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-04-14 20:50 - 2016-03-31 01:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-14 20:50 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-14 20:50 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-14 20:49 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-14 20:49 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-14 20:49 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-14 20:49 - 2016-03-03 03:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-14 20:49 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-14 20:48 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-14 20:48 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-14 20:48 - 2016-03-03 18:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-14 08:34 - 2016-04-14 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-04-14 08:33 - 2016-04-14 08:33 - 00000000 ____D C:\Program Files (x86)\QQBrowser
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-13 21:56 - 2014-12-28 19:09 - 00000000 ____D C:\FRST
2016-05-13 21:15 - 2014-11-30 13:24 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1255584756-4119768593-4182788369-1002
2016-05-13 21:05 - 2015-02-07 23:55 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-13 21:05 - 2015-02-07 23:55 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-13 21:00 - 2014-11-25 21:08 - 00000074 _____ C:\Users\Daniela\AppData\Roaming\sp_data.sys
2016-05-13 20:59 - 2014-12-14 01:35 - 00000000 ____D C:\Users\Daniela\OneDrive
2016-05-13 20:55 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-13 20:55 - 2013-08-22 16:44 - 00483416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-13 20:55 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-13 20:50 - 2014-12-12 17:40 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-13 20:50 - 2014-09-24 17:59 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-13 19:11 - 2014-12-31 19:02 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88987B9B-75D2-4A9C-BF69-E8A2216B18E0}
2016-05-13 16:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 14:15 - 2016-02-18 16:46 - 00228352 ___SH C:\Users\Daniela\Downloads\Thumbs.db
2016-05-13 14:11 - 2016-02-21 14:14 - 01185280 ___SH C:\Users\Daniela\Desktop\Thumbs.db
2016-05-13 14:01 - 2015-08-03 20:48 - 00002076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 14:01 - 2015-08-03 20:48 - 00002006 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-13 13:53 - 2014-11-25 21:08 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\Adobe
2016-05-13 13:07 - 2016-02-19 09:24 - 00000000 ____D C:\Users\Guest\AppData\Roaming\uTorrent
2016-05-13 13:02 - 2016-02-19 09:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Seznam.cz
2016-05-13 12:58 - 2014-12-16 17:47 - 00000062 _____ C:\Users\Guest\AppData\Roaming\sp_data.sys
2016-05-13 12:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-11 22:19 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-11 22:13 - 2014-11-29 09:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 21:35 - 2014-11-29 09:35 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 21:32 - 2016-03-31 12:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-11 21:00 - 2014-11-25 22:26 - 00003944 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 21:00 - 2014-11-25 22:26 - 00003708 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 16:39 - 2012-07-26 07:26 - 00000301 _____ C:\WINDOWS\win.ini
2016-05-10 14:39 - 2015-04-06 18:46 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-10 14:39 - 2015-04-06 18:46 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-06 20:03 - 2014-11-25 21:04 - 00000000 ____D C:\Users\Daniela\AppData\Local\Packages
2016-05-03 03:15 - 2016-03-17 19:39 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-03 03:15 - 2016-03-17 19:39 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-01 16:51 - 2014-11-25 21:05 - 00000000 ____D C:\Users\Daniela\AppData\Local\VirtualStore
2016-04-27 21:40 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-19 18:49 - 2016-03-13 21:09 - 00000000 ____D C:\Users\Daniela\Desktop\Nová složka
2016-04-19 17:07 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-19 17:05 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-04-14 14:54 - 2014-11-30 13:25 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
==================== Files in the root of some directories =======
2014-11-25 21:08 - 2016-05-13 21:00 - 0000074 _____ () C:\Users\Daniela\AppData\Roaming\sp_data.sys
2014-11-27 15:05 - 2014-11-27 15:05 - 0007168 _____ () C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-13 18:59 - 2015-10-13 18:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-23 17:30 - 2015-08-23 17:30 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2013-05-01 13:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
Some files in TEMP:
====================
C:\Users\Daniela\AppData\Local\Temp\libeay32.dll
C:\Users\Daniela\AppData\Local\Temp\msvcr120.dll
C:\Users\Daniela\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-03 06:31
==================== End of FRST.txt ============================
Ran by Daniela (administrator) on DANCA (13-05-2016 21:56:39)
Running from C:\Users\Daniela\Desktop
Loaded Profiles: Daniela (Available Profiles: UpdatusUser & Daniela & Administrator & Guest)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Guntony\Guntony\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(YahooChrome) C:\ProgramData\yahoochrome\desktop25.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\Guntony\protect\protect.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Google Inc.) C:\Program Files (x86)\Guntony\Guntony\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-03-27] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [FlashPlayerManager] => C:\Users\Daniela\AppData\Roaming\Adobe\nircmd.exe [43520 2012-10-29] (NirSoft)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [27911888 2016-03-15] (Microsoft Corporation)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [BingSvc] => C:\Users\Daniela\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-28] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Daniela\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Daniela\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39a6-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39e3-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {eb13e75a-3a10-11e5-be98-e03f4938a403} - "F:\Mafia2.part01.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229dd-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229f6-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-22] (AVAST Software)
Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0FD20D51-39DA-409B-99E3-D926EEC4A6A6}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/U223_FRPage
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1255584756-4119768593-4182788369-1002 -> {78139A6F-775A-4455-8A58-AFBC7ACA787B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-03-27] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-22] (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-22] (AVAST Software)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-1255584756-4119768593-4182788369-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Daniela\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://search.iminent.com/?appId=DDFB7BBF-D328-49CB-A4A3-A0F99356D105","hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=257&lng=cs","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchURL: Default -> hxxp://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxp://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Dokumenty Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Disk Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-02-29]
CHR Extension: (YouTube) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Trovi) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcobmeegekklpjhibpmiemfgdphajann [2016-04-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (lkledilgabpellhganjgplgemmoadagh) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkledilgabpellhganjgplgemmoadagh [2015-08-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-02-29]
CHR Extension: (Gmail) - C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-03-27] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-22] (Avast Software)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
R2 Guntony_protect; C:\ProgramData\Guntony\protect\protect.exe [302976 2016-05-12] ()
S2 Guntony_update; C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [473472 2016-05-12] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4584208 2016-03-29] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-03-29] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [49424 2016-03-29] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 yahoochrometechnology; C:\ProgramData\yahoochrome\desktop25.exe [236768 2016-05-02] (YahooChrome)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-03-27] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-22] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-27] (Qualcomm Atheros)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-02-18] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-02-18] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2016-03-06] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2013-01-09] (Intel(R) Corporation) [File not signed]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-22] (AVAST Software)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-22] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-13 20:35 - 2016-05-13 20:41 - 00000000 ____D C:\AdwCleaner
2016-05-13 20:35 - 2016-05-13 20:35 - 03640384 _____ C:\Users\Daniela\Desktop\adwcleaner_5.116.exe
2016-05-13 18:46 - 2016-05-13 18:46 - 00000001 _____ C:\WINDOWS\SysWOW64\en.html
2016-05-13 15:58 - 2016-05-13 15:58 - 00499235 _____ C:\Users\Daniela\Desktop\DAF-Truckphone-64739-CS.pdf
2016-05-13 15:58 - 2016-05-13 15:58 - 00499235 _____ C:\Users\Daniela\Desktop\DAF-Truckphone-64739-CS (1).pdf
2016-05-13 14:32 - 2016-05-13 18:38 - 00035857 _____ C:\Users\Daniela\Desktop\Addition.txt
2016-05-13 14:29 - 2016-05-13 21:56 - 00021993 _____ C:\Users\Daniela\Desktop\FRST.txt
2016-05-13 14:25 - 2016-05-13 14:25 - 02381312 _____ (Farbar) C:\Users\Daniela\Desktop\FRST64.exe
2016-05-13 14:12 - 2016-05-13 14:12 - 02381312 _____ (Farbar) C:\Users\Daniela\Downloads\FRST64.exe
2016-05-13 13:06 - 2016-05-13 13:06 - 00000000 ____D C:\ProgramData\Guntony
2016-05-13 13:02 - 2016-05-13 20:43 - 00000000 ____D C:\WINDOWS\system32\log
2016-05-13 13:02 - 2016-05-13 13:02 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Elex-tech
2016-05-13 13:01 - 2016-05-13 20:35 - 00000000 ____D C:\Program Files (x86)\Guntony
2016-05-13 13:01 - 2016-05-13 14:01 - 00002130 _____ C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 13:01 - 2016-05-13 13:01 - 00014744 _____ C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateUA
2016-05-13 13:01 - 2016-05-13 13:01 - 00014738 _____ C:\WINDOWS\System32\Tasks\GuntonyCheckTask
2016-05-13 13:01 - 2016-05-13 13:01 - 00003804 _____ C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateCore
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Public\Documents\Guntony
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\Elex-tech
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Users\Daniela\AppData\Local\Guntony
2016-05-13 13:01 - 2016-05-13 13:01 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-05-11 22:35 - 2016-05-11 22:35 - 00000162 ____H C:\Users\Daniela\Documents\~$MĚPIS3.odt
2016-05-11 22:30 - 2016-05-11 22:30 - 00009058 _____ C:\Users\Daniela\Documents\ZEMĚPIS3.odt
2016-05-11 21:16 - 2016-04-22 22:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 21:16 - 2016-04-22 22:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 21:16 - 2016-04-22 22:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 21:16 - 2016-04-22 22:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 21:16 - 2016-04-22 22:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 21:16 - 2016-04-22 22:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 21:16 - 2016-04-22 21:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 21:16 - 2016-04-22 21:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 21:16 - 2016-04-22 21:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-05-11 21:16 - 2016-04-22 21:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 21:16 - 2016-04-22 21:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 21:16 - 2016-04-22 21:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-05-11 21:16 - 2016-04-22 21:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-05-11 21:16 - 2016-04-22 21:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-05-11 21:16 - 2016-04-22 21:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-05-11 21:16 - 2016-04-22 21:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-05-11 21:16 - 2016-04-22 20:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 21:16 - 2016-04-22 20:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 21:16 - 2016-04-22 20:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-05-11 21:16 - 2016-04-22 20:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-11 21:16 - 2016-04-22 20:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-05-11 21:16 - 2016-04-22 20:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-05-11 21:16 - 2016-04-22 20:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-05-11 21:16 - 2016-04-22 20:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 21:16 - 2016-04-22 20:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-11 21:16 - 2016-04-22 20:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 21:15 - 2016-04-22 20:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-05-11 21:15 - 2016-04-22 20:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-05-11 21:15 - 2016-04-22 20:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-05-11 21:14 - 2016-04-06 23:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-11 21:14 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-05-11 21:14 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-05-11 21:14 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-11 21:14 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-11 21:14 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-05-11 21:14 - 2016-04-06 19:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-05-11 21:14 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-11 21:14 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 21:14 - 2016-04-06 18:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-05-11 21:14 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 21:14 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 21:14 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 21:13 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 21:13 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 21:13 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 21:13 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 21:13 - 2016-04-10 06:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 21:13 - 2016-04-10 01:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-11 21:13 - 2016-04-10 00:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 21:13 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 21:13 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 21:13 - 2016-03-29 03:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 21:13 - 2016-03-14 18:50 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-11 21:13 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-11 21:13 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-11 21:13 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-11 21:13 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-05-11 21:13 - 2016-03-10 18:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-11 21:13 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-05-11 21:13 - 2016-03-10 18:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-11 21:13 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 21:13 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 21:13 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-11 21:13 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-11 21:13 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-11 21:13 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-11 21:12 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 21:07 - 2016-03-16 03:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-11 21:07 - 2016-03-16 03:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-11 21:07 - 2016-03-10 18:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-05-11 21:06 - 2016-04-11 08:21 - 00074584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-05-10 18:51 - 2016-05-13 14:08 - 00000000 ____D C:\Users\Daniela\Desktop\holašovice
2016-05-10 17:20 - 2016-05-10 18:49 - 04432608 _____ C:\Users\Daniela\Desktop\Holašovice.pptm
2016-05-06 20:02 - 2016-05-06 20:02 - 00054240 _____ C:\Users\Daniela\Desktop\EKO.dotx
2016-05-05 19:23 - 2016-05-05 19:23 - 00010320 _____ C:\Users\Daniela\Desktop\Pokus-Fyzika.wlmp
2016-05-02 21:18 - 2016-05-02 21:18 - 00000000 ____D C:\ProgramData\yahoochrome
2016-04-30 21:09 - 2016-04-30 21:09 - 00001088 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-30 21:09 - 2016-04-30 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-30 21:08 - 2016-04-30 21:08 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-04-20 06:05 - 2016-04-20 06:05 - 00007208 _____ C:\Users\Daniela\Desktop\HOLAŠOVICE.odt
2016-04-14 21:03 - 2016-01-26 21:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-04-14 21:03 - 2016-01-22 07:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-04-14 21:03 - 2016-01-22 07:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-04-14 21:02 - 2016-02-11 22:17 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-14 21:02 - 2016-02-11 22:17 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-14 21:02 - 2016-02-11 22:17 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-14 21:02 - 2016-02-11 22:17 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-14 21:02 - 2016-02-11 22:17 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-14 21:02 - 2016-02-11 22:16 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-14 21:02 - 2016-02-09 20:07 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-04-14 21:02 - 2016-02-05 17:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-14 21:02 - 2016-02-05 17:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-14 21:02 - 2016-02-05 17:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-14 21:02 - 2016-02-05 17:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-14 21:02 - 2016-02-05 16:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-04-14 21:02 - 2016-02-04 18:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-04-14 21:02 - 2016-02-04 18:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-04-14 21:02 - 2016-02-03 17:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-04-14 21:02 - 2016-02-02 20:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-14 21:02 - 2016-02-02 19:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-04-14 21:02 - 2016-01-21 21:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-14 21:02 - 2016-01-21 20:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-14 21:01 - 2016-04-04 08:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-14 21:01 - 2016-04-02 15:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-14 21:01 - 2016-04-02 15:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-14 21:01 - 2016-03-28 15:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-14 21:01 - 2016-03-10 21:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-14 21:01 - 2016-03-10 19:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-14 21:01 - 2016-03-10 19:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-14 21:01 - 2016-03-10 18:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-14 21:01 - 2016-03-10 18:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-14 21:01 - 2016-02-09 03:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-14 21:01 - 2016-02-09 03:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-14 21:01 - 2016-02-09 03:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-14 21:01 - 2016-02-08 22:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-14 21:01 - 2016-02-08 22:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-04-14 21:01 - 2016-02-08 22:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-04-14 21:01 - 2016-02-08 21:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-14 21:01 - 2016-02-08 21:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-04-14 21:01 - 2016-02-08 21:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-04-14 21:01 - 2016-02-08 21:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-04-14 21:01 - 2016-02-08 21:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-04-14 21:01 - 2016-02-08 21:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-04-14 21:01 - 2016-02-08 21:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-14 21:01 - 2016-02-08 21:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-14 21:01 - 2016-02-08 20:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-14 21:01 - 2016-02-08 19:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-04-14 21:01 - 2016-02-08 19:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-04-14 21:01 - 2016-02-08 19:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-14 21:01 - 2016-02-08 19:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-04-14 21:01 - 2016-02-08 19:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-04-14 21:01 - 2016-02-08 18:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-04-14 21:01 - 2016-02-08 18:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-04-14 21:01 - 2016-02-08 18:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-04-14 21:01 - 2016-02-08 18:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-14 21:01 - 2016-02-08 18:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-04-14 21:01 - 2016-02-08 18:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-14 21:01 - 2016-02-08 18:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-14 21:01 - 2016-02-08 18:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-04-14 21:01 - 2016-02-08 18:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-14 21:01 - 2016-02-07 01:05 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-04-14 21:01 - 2016-02-05 21:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-04-14 21:01 - 2016-02-04 20:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-04-14 21:01 - 2016-02-04 19:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-04-14 21:01 - 2016-02-03 17:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-04-14 21:01 - 2016-02-02 19:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-04-14 21:01 - 2016-02-02 19:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-04-14 21:01 - 2016-02-02 19:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-04-14 21:01 - 2016-02-02 19:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-04-14 21:01 - 2016-02-02 18:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-04-14 21:01 - 2016-02-02 18:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-04-14 21:01 - 2016-02-02 18:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-04-14 21:01 - 2016-02-02 18:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-04-14 21:01 - 2016-02-02 18:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-04-14 21:01 - 2016-01-31 19:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-04-14 21:01 - 2016-01-21 00:40 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-04-14 21:01 - 2014-11-08 04:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-14 21:01 - 2014-11-08 04:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-14 21:00 - 2016-01-27 17:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-04-14 20:50 - 2016-03-31 01:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-14 20:50 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-14 20:50 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-14 20:50 - 2016-03-31 01:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-14 20:49 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-14 20:49 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-14 20:49 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-14 20:49 - 2016-03-03 03:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-14 20:49 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-14 20:48 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-14 20:48 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-14 20:48 - 2016-03-03 18:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-14 08:34 - 2016-04-14 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-04-14 08:33 - 2016-04-14 08:33 - 00000000 ____D C:\Program Files (x86)\QQBrowser
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-13 21:56 - 2014-12-28 19:09 - 00000000 ____D C:\FRST
2016-05-13 21:15 - 2014-11-30 13:24 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1255584756-4119768593-4182788369-1002
2016-05-13 21:05 - 2015-02-07 23:55 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-13 21:05 - 2015-02-07 23:55 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-13 21:00 - 2014-11-25 21:08 - 00000074 _____ C:\Users\Daniela\AppData\Roaming\sp_data.sys
2016-05-13 20:59 - 2014-12-14 01:35 - 00000000 ____D C:\Users\Daniela\OneDrive
2016-05-13 20:55 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-13 20:55 - 2013-08-22 16:44 - 00483416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-13 20:55 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-13 20:50 - 2014-12-12 17:40 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-13 20:50 - 2014-09-24 17:59 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-13 19:11 - 2014-12-31 19:02 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{88987B9B-75D2-4A9C-BF69-E8A2216B18E0}
2016-05-13 16:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 14:15 - 2016-02-18 16:46 - 00228352 ___SH C:\Users\Daniela\Downloads\Thumbs.db
2016-05-13 14:11 - 2016-02-21 14:14 - 01185280 ___SH C:\Users\Daniela\Desktop\Thumbs.db
2016-05-13 14:01 - 2015-08-03 20:48 - 00002076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 14:01 - 2015-08-03 20:48 - 00002006 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-13 13:53 - 2014-11-25 21:08 - 00000000 ____D C:\Users\Daniela\AppData\Roaming\Adobe
2016-05-13 13:07 - 2016-02-19 09:24 - 00000000 ____D C:\Users\Guest\AppData\Roaming\uTorrent
2016-05-13 13:02 - 2016-02-19 09:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Seznam.cz
2016-05-13 12:58 - 2014-12-16 17:47 - 00000062 _____ C:\Users\Guest\AppData\Roaming\sp_data.sys
2016-05-13 12:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-11 22:19 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-11 22:13 - 2014-11-29 09:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 21:35 - 2014-11-29 09:35 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 21:32 - 2016-03-31 12:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-11 21:00 - 2014-11-25 22:26 - 00003944 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 21:00 - 2014-11-25 22:26 - 00003708 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 16:39 - 2012-07-26 07:26 - 00000301 _____ C:\WINDOWS\win.ini
2016-05-10 14:39 - 2015-04-06 18:46 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-10 14:39 - 2015-04-06 18:46 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-06 20:03 - 2014-11-25 21:04 - 00000000 ____D C:\Users\Daniela\AppData\Local\Packages
2016-05-03 03:15 - 2016-03-17 19:39 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-03 03:15 - 2016-03-17 19:39 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-01 16:51 - 2014-11-25 21:05 - 00000000 ____D C:\Users\Daniela\AppData\Local\VirtualStore
2016-04-27 21:40 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-19 18:49 - 2016-03-13 21:09 - 00000000 ____D C:\Users\Daniela\Desktop\Nová složka
2016-04-19 17:07 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-19 17:05 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-04-14 14:54 - 2014-11-30 13:25 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
==================== Files in the root of some directories =======
2014-11-25 21:08 - 2016-05-13 21:00 - 0000074 _____ () C:\Users\Daniela\AppData\Roaming\sp_data.sys
2014-11-27 15:05 - 2014-11-27 15:05 - 0007168 _____ () C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-13 18:59 - 2015-10-13 18:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-23 17:30 - 2015-08-23 17:30 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2013-05-01 13:15 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
Some files in TEMP:
====================
C:\Users\Daniela\AppData\Local\Temp\libeay32.dll
C:\Users\Daniela\AppData\Local\Temp\msvcr120.dll
C:\Users\Daniela\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-03 06:31
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: win32 a trojan
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [BingSvc] => C:\Users\Daniela\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-28] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39a6-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39e3-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {eb13e75a-3a10-11e5-be98-e03f4938a403} - "F:\Mafia2.part01.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229dd-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229f6-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
R2 Guntony_protect; C:\ProgramData\Guntony\protect\protect.exe [302976 2016-05-12] ()
S2 Guntony_update; C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [473472 2016-05-12] ()
R2 yahoochrometechnology; C:\ProgramData\yahoochrome\desktop25.exe [236768 2016-05-02] (YahooChrome)
C:\ProgramData\yahoochrome
C:\ProgramData\Guntony
C:\Program Files (x86)\Guntony
C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateUA
C:\WINDOWS\System32\Tasks\GuntonyCheckTask
C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateCore
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Daniela\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: win32 a trojan
Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Daniela (2016-05-13 23:44:56) Run:3
Running from C:\Users\Daniela\Desktop
Loaded Profiles: Daniela (Available Profiles: UpdatusUser & Daniela & Administrator & Guest)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [BingSvc] => C:\Users\Daniela\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-28] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39a6-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39e3-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {eb13e75a-3a10-11e5-be98-e03f4938a403} - "F:\Mafia2.part01.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229dd-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229f6-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
R2 Guntony_protect; C:\ProgramData\Guntony\protect\protect.exe [302976 2016-05-12] ()
S2 Guntony_update; C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [473472 2016-05-12] ()
R2 yahoochrometechnology; C:\ProgramData\yahoochrome\desktop25.exe [236768 2016-05-02] (YahooChrome)
C:\ProgramData\yahoochrome
C:\ProgramData\Guntony
C:\Program Files (x86)\Guntony
C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateUA
C:\WINDOWS\System32\Tasks\GuntonyCheckTask
C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateCore
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Daniela\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bccb39a6-ffa7-11e3-be7d-240a64d8a64a} => key not found.
HKCR\CLSID\{bccb39a6-ffa7-11e3-be7d-240a64d8a64a} => key not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bccb39e3-ffa7-11e3-be7d-240a64d8a64a} => key not found.
HKCR\CLSID\{bccb39e3-ffa7-11e3-be7d-240a64d8a64a} => key not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb13e75a-3a10-11e5-be98-e03f4938a403} => key not found.
HKCR\CLSID\{eb13e75a-3a10-11e5-be98-e03f4938a403} => key not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0a229dd-d7e3-11e4-be8d-e03f4938a403} => key not found.
HKCR\CLSID\{f0a229dd-d7e3-11e4-be8d-e03f4938a403} => key not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0a229f6-d7e3-11e4-be8d-e03f4938a403} => key not found.
HKCR\CLSID\{f0a229f6-d7e3-11e4-be8d-e03f4938a403} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key not found.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key not found.
"C:\Program Files (x86)\Skype\Toolbars" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key not found.
HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => key not found.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data => key not found.
HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
Guntony_protect => service not found.
Guntony_update => service not found.
yahoochrometechnology => service not found.
"C:\ProgramData\yahoochrome" => not found.
"C:\ProgramData\Guntony" => not found.
"C:\Program Files (x86)\Guntony" => not found.
"C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateUA" => not found.
"C:\WINDOWS\System32\Tasks\GuntonyCheckTask" => not found.
"C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateCore" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job" => not found.
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found.
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found.
"C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
C:\Users\Daniela\AppData\Local\Temp => moved successfully
==== End of Fixlog 23:44:58 ====
Ran by Daniela (2016-05-13 23:44:56) Run:3
Running from C:\Users\Daniela\Desktop
Loaded Profiles: Daniela (Available Profiles: UpdatusUser & Daniela & Administrator & Guest)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\Run: [BingSvc] => C:\Users\Daniela\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-28] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39a6-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {bccb39e3-ffa7-11e3-be7d-240a64d8a64a} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {eb13e75a-3a10-11e5-be98-e03f4938a403} - "F:\Mafia2.part01.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229dd-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\...\MountPoints2: {f0a229f6-d7e3-11e4-be8d-e03f4938a403} - "F:\setup.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
R2 Guntony_protect; C:\ProgramData\Guntony\protect\protect.exe [302976 2016-05-12] ()
S2 Guntony_update; C:\Program Files (x86)\Guntony\Guntony\bin\Guntony_server.exe [473472 2016-05-12] ()
R2 yahoochrometechnology; C:\ProgramData\yahoochrome\desktop25.exe [236768 2016-05-02] (YahooChrome)
C:\ProgramData\yahoochrome
C:\ProgramData\Guntony
C:\Program Files (x86)\Guntony
C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateUA
C:\WINDOWS\System32\Tasks\GuntonyCheckTask
C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateCore
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Daniela\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bccb39a6-ffa7-11e3-be7d-240a64d8a64a} => key not found.
HKCR\CLSID\{bccb39a6-ffa7-11e3-be7d-240a64d8a64a} => key not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bccb39e3-ffa7-11e3-be7d-240a64d8a64a} => key not found.
HKCR\CLSID\{bccb39e3-ffa7-11e3-be7d-240a64d8a64a} => key not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb13e75a-3a10-11e5-be98-e03f4938a403} => key not found.
HKCR\CLSID\{eb13e75a-3a10-11e5-be98-e03f4938a403} => key not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0a229dd-d7e3-11e4-be8d-e03f4938a403} => key not found.
HKCR\CLSID\{f0a229dd-d7e3-11e4-be8d-e03f4938a403} => key not found.
HKU\S-1-5-21-1255584756-4119768593-4182788369-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0a229f6-d7e3-11e4-be8d-e03f4938a403} => key not found.
HKCR\CLSID\{f0a229f6-d7e3-11e4-be8d-e03f4938a403} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key not found.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key not found.
"C:\Program Files (x86)\Skype\Toolbars" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key not found.
HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => key not found.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data => key not found.
HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
Guntony_protect => service not found.
Guntony_update => service not found.
yahoochrometechnology => service not found.
"C:\ProgramData\yahoochrome" => not found.
"C:\ProgramData\Guntony" => not found.
"C:\Program Files (x86)\Guntony" => not found.
"C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateUA" => not found.
"C:\WINDOWS\System32\Tasks\GuntonyCheckTask" => not found.
"C:\WINDOWS\System32\Tasks\GuntonyBrowserUpdateCore" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job" => not found.
"C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job" => not found.
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found.
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found.
"C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
C:\Users\Daniela\AppData\Local\Temp => moved successfully
==== End of Fixlog 23:44:58 ====
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: win32 a trojan
SWmazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: win32 a trojan
úplně úplně super.. jste fakt třída.. moc díky..
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: win32 a trojan
Tak to jsem rád. Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?