Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Zasekaný NTB

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Chata001
Návštěvník
Návštěvník
Příspěvky: 1
Registrován: 10 srp 2016 11:42

Zasekaný NTB

#1 Příspěvek od Chata001 »

Prosím o kontrolu logu, do ntb se natáhl nějaký čínský prohlížeč UC Browser a jako domovská stránka na internetu je nějaký snap.do

Děkuji :-)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2016 01
Ran by Helena (administrator) on PC (10-08-2016 12:42:02)
Running from C:\Users\Helena\Downloads
Loaded Profiles: Helena (Available Profiles: Helena & Guest)
Platform: Windows 8 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\ProgramData\Logic Handler\set.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\Program Files (x86)\DE009F50-1470821934-11DE-B9AA-8DD25F06407C\jnsy9F3C.tmp
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files (x86)\DE009F50-1470821934-11DE-B9AA-8DD25F06407C\hnstC007.tmp
() C:\ProgramData\Ronzap\Ronzap.exe
(Microsoft Corporation) C:\Windows\slsvc.exe
() C:\Windows\PersonalizeEnabler.exe
() C:\Program Files (x86)\Internet Manager\L850_T-mobile\BackgroundService\ServiceManager.exe
() C:\Program Files (x86)\DE009F50-1470821934-11DE-B9AA-8DD25F06407C\knsd8521.tmpfs
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
() C:\Program Files (x86)\Internet Manager\L850_T-mobile\BackgroundService\ModemListener.exe
(UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Windows\TEMP\364E.tmp
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Farbar) C:\Users\Helena\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [MSStp] => C:\Windows\inf\msstp.vbe
HKLM-x32\...\Run: [mncdgkkdwSrv] => C:\Windows\SysWOW64\mncdgkkdw.vbe [7670 2014-03-05] ()
HKLM-x32\...\Run: [NtVdmSrv] => C:\Windows\inf\ntvdm.vbe
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [Tmobile_Czech Estoril ModemListener] => C:\Program Files (x86)\Internet Manager\L850_T-mobile\BackgroundService\ModemListener.exe [159016 2014-12-11] ()
HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\sbqh\uc.exe [233520 2016-08-03] ( )
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Helena\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Helena\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\Run: [apphide] => C:\Program Files (x86)\sbqh\uc.exe [233520 2016-08-03] ( )
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: F - "F:\autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {0a92401c-b26a-11e3-be6e-0027133dad01} - "F:\Autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {0c96c603-b1ae-11e3-be67-0027133dad01} - "D:\VW100_Modem_Installation.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {14137fa2-0c23-11e5-bebc-0027133dad01} - "F:\Autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {1b70335c-588b-11e5-bec0-0027133dad01} - "H:\Lenovo_Suite.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {290a33b7-dea4-11e4-beb9-0027133dad01} - "F:\Autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {34ba7191-8e11-11e5-bec8-0027133dad01} - "F:\autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {48372632-cd32-11e3-be90-0027133dad01} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {53925d13-cddb-11e3-be92-0027133dad01} - "F:\Autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {77cd59d3-e319-11e3-be9f-0027133dad01} - "F:\Autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {96e92ecc-b1c2-11e3-be68-0027133dad01} - "D:\Autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {96e92eec-b1c2-11e3-be68-0027133dad01} - "F:\Autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {96e92f36-b1c2-11e3-be68-0027133dad01} - "D:\autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {dc99fdf2-d234-11e4-beb8-0027133dad01} - "F:\Autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {dc99fe57-d234-11e4-beb8-0027133dad01} - "F:\Autorun.exe"
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\...\MountPoints2: {fa50551e-ecde-11e4-beb9-0027133dad01} - "F:\Autorun.exe"
AppInit_DLLs: C:\ProgramData\Ronzap\Hot-La.dll => C:\ProgramData\Ronzap\Hot-La.dll [358912 2016-08-10] ()
AppInit_DLLs-x32: C:\ProgramData\Ronzap\ZathTop.dll => C:\ProgramData\Ronzap\ZathTop.dll [248320 2016-08-10] ()
ShellExecuteHooks: - {6710C780-E20E-4C49-A87D-321850ED3D7C} - C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Cookies\hebt.dll [364544 2016-08-09] ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{4521EF7F-534D-4E9D-A900-8B4531E8D22A}: [DhcpNameServer] 77.48.254.254 77.48.100.254 192.168.1.1
Tcpip\..\Interfaces\{53ED3729-DB5C-4633-81EB-55A539614CF8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D0B75A8E-26B4-4311-8D54-EC613E88CEF3}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszictfUZfgapMl-kRZtU52wHu9xvJkUU0X5-CTXI3RUlnD61T-1rE36Z1VW4-ctS__N8WjyXq_iXh0tyKY_f5u9cM1jQM0u_C5PPs_mEgIAPDx3-gXTEzZPFKefG2NvHRYZbHjgeAMfvbyRKWL7dY1i4hOEcU1Q,&q={searchTerms}
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszictfUZfgapMl-kRZtU52wHu9xvJkUU0X5-CTXI3RUlnD61T-1rE36Z1VW4-ctS__-0gOyqv-hEh5721vS3riaGg5Yfat_T1MFcqWHmuGtpIdBG5ahqvHDv8BaB7WHQVhcnnck5N4RzVFtOAHeShfJhkFVRXlQ,
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszictfUZfgapMl-kRZtU52wHu9xvJkUU0X5-CTXI3RUlnD61T-1rE36Z1VW4-ctS__N8WjyXq_iXh0tyKY_f5u9cM1jQM0u_C5PPs_mEgIAPDx3-gXTEzZPFKefG2NvHRYZbHjgeAMfvbyRKWL7dY1i4hOEcU1Q,&q={searchTerms}
HKU\S-1-5-21-2993602700-1332404519-4129594334-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszictfUZfgapMl-kRZtU52wHu9xvJkUU0X5-CTXI3RUlnD61T-1rE36Z1VW4-ctS__N8WjyXq_iXh0tyKY_f5u9cM1jQM0u_C5PPs_mEgIAPDx3-gXTEzZPFKefG2NvHRYZbHjgeAMfvbyRKWL7dY1i4hOEcU1Q,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszictfUZfgapMl-kRZtU52wHu9xvJkUU0X5-CTXI3RUlnD61T-1rE36Z1VW4-ctS__N8WjyXq_iXh0tyKY_f5u9cM1jQM0u_C5PPs_mEgIAPDx3-gXTEzZPFKefG2NvHRYZbHjgeAMfvbyRKWL7dY1i4hOEcU1Q,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2993602700-1332404519-4129594334-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszictfUZfgapMl-kRZtU52wHu9xvJkUU0X5-CTXI3RUlnD61T-1rE36Z1VW4-ctS__N8WjyXq_iXh0tyKY_f5u9cM1jQM0u_C5PPs_mEgIAPDx3-gXTEzZPFKefG2NvHRYZbHjgeAMfvbyRKWL7dY1i4hOEcU1Q,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2993602700-1332404519-4129594334-1001 -> {226800A0-B3E9-4820-AE09-E74B3BCA49B2} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_13415
SearchScopes: HKU\S-1-5-21-2993602700-1332404519-4129594334-1001 -> {24B7850C-9244-4BE6-A265-85D5ADBC62A2} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_13415
SearchScopes: HKU\S-1-5-21-2993602700-1332404519-4129594334-1001 -> {3DEF470A-8C97-4867-B7F2-85CA56D01875} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-2993602700-1332404519-4129594334-1001 -> {7B9F4528-735E-45D8-A6C2-6117A7806647} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-2993602700-1332404519-4129594334-1001 -> {86534187-DC31-4733-8744-9B33BA261114} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-2993602700-1332404519-4129594334-1001 -> {A04D4F4A-591E-443E-B086-D0E93A12F770} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-2993602700-1332404519-4129594334-1001 -> {B13C886A-AFCD-4533-9E1B-A4AB835040B0} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_13415
SearchScopes: HKU\S-1-5-21-2993602700-1332404519-4129594334-1001 -> {BA11F39B-9426-442D-B04A-05477409B2A0} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415
SearchScopes: HKU\S-1-5-21-2993602700-1332404519-4129594334-1001 -> {D48801C9-D28E-4544-AB12-8FA68ACDB189} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_13415
SearchScopes: HKU\S-1-5-21-2993602700-1332404519-4129594334-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqszictfUZfgapMl-kRZtU52wHu9xvJkUU0X5-CTXI3RUlnD61T-1rE36Z1VW4-ctS__N8WjyXq_iXh0tyKY_f5u9cM1jQM0u_C5PPs_mEgIAPDx3-gXTEzZPFKefG2NvHRYZbHjgeAMfvbyRKWL7dY1i4hOEcU1Q,&q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

FireFox:
========
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Profiles\p4hdm5st.default
FF NewTab: hxxp://www.youndoo.com/?z=9169e15950ae3bbe821f ... 47&type=hp
FF DefaultSearchEngine: youndoo
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=youndoo
FF SelectedSearchEngine: youndoo
FF Homepage: about:home
FF Keyword.URL: hxxp://www.youndoo.com/search/?z=9169e15950ae3 ... type=sp&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF user.js: detected! => C:\Users\Helena\AppData\Roaming\Profiles\p4hdm5st.default\user.js [2016-01-24]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Profiles\p4hdm5st.default\searchplugins\iyqmz2vf.xml [2016-08-10]
FF Extension: Seznam lištička - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\lyef7b3q.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-07-13]
FF Extension: GsearchFinder - C:\Users\Helena\AppData\Roaming\Profiles\p4hdm5st.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-08-09]
FF Extension: Seznam lištička - C:\Users\Helena\AppData\Roaming\Profiles\p4hdm5st.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-08-10]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-08-10] () [File not signed] <==== ATTENTION
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [686592 2016-08-10] () [File not signed]
S2 cukightdbgarc.exe; C:\Program Files (x86)\Gheklerjotain\cukightdbgarc.exe [364632 2016-08-09] ()
R2 dowidoly; C:\Program Files (x86)\DE009F50-1470821934-11DE-B9AA-8DD25F06407C\jnsy9F3C.tmp [244224 2016-08-10] () [File not signed]
S2 ehwnloadupdatedown; C:\Users\Helena\AppData\Local\Damfase.exe [28160 2016-08-10] () [File not signed]
R2 rijufoze; C:\Program Files (x86)\DE009F50-1470821934-11DE-B9AA-8DD25F06407C\hnstC007.tmp [138240 2016-08-10] () [File not signed]
R2 Ronzap; C:\ProgramData\\Ronzap\\Ronzap.exe [686592 2016-08-10] () [File not signed]
R2 slsvc; C:\Windows\slsvc.exe [10240 2012-09-25] (Microsoft Corporation) [File not signed]
R2 Tmobile_Czech Estoril Modem Device Helper; C:\Program Files (x86)\Internet Manager\L850_T-mobile\BackgroundService\ServiceManager.exe [76584 2014-12-11] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 zigipyro; C:\Users\Helena\AppData\Local\DE009F50-1470832512-11DE-B9AA-8DD25F06407C\qnsd8789.tmp [158720 2015-12-26] () [File not signed]
R2 togicypyzbt; C:\Program Files (x86)\DE009F50-1470821934-11DE-B9AA-8DD25F06407C\knsd8521.tmpfs [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2016-04-07] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-22] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2016-04-07] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [287232 2012-06-02] (Marvell)
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
R1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-10 12:42 - 2016-08-10 12:43 - 00019154 _____ C:\Users\Helena\Downloads\FRST.txt
2016-08-10 12:41 - 2016-08-10 12:42 - 00000000 ____D C:\FRST
2016-08-10 12:41 - 2016-08-10 12:41 - 02393600 _____ (Farbar) C:\Users\Helena\Downloads\FRST64(1).exe
2016-08-10 12:35 - 2016-08-10 12:35 - 00000000 ____D C:\Users\Helena\AppData\Local\DE009F50-1470832512-11DE-B9AA-8DD25F06407C
2016-08-10 11:51 - 2016-08-10 12:03 - 00001504 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2016-08-10 11:51 - 2016-08-10 12:03 - 00001474 _____ C:\Users\Helena\Desktop\UC浏览器.lnk
2016-08-10 11:51 - 2016-08-10 12:03 - 00000000 ____D C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-08-10 11:51 - 2016-08-10 11:51 - 00003260 _____ C:\Windows\System32\Tasks\psv_Unianla
2016-08-10 11:42 - 2016-08-10 12:06 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-08-10 11:42 - 2016-08-10 11:42 - 00000000 ____D C:\Users\Helena\AppData\Roaming\UPUpdata
2016-08-10 11:41 - 2016-08-10 12:17 - 00000464 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2016-08-10 11:41 - 2016-08-10 11:41 - 00003416 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2016-08-10 11:41 - 2016-08-10 11:41 - 00003388 _____ C:\Windows\System32\Tasks\cgtxxr0q
2016-08-10 11:41 - 2016-08-10 11:41 - 00000000 ____D C:\Program Files\Common Files\qpfw02mt
2016-08-10 11:40 - 2016-08-10 11:40 - 00000000 ____D C:\Users\Helena\AppData\Local\UCBrowser
2016-08-10 11:40 - 2016-08-10 11:40 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-08-10 11:40 - 2016-08-02 08:54 - 00081792 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\ucguard.sys
2016-08-10 11:39 - 2016-08-10 11:37 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-08-10 11:38 - 2016-08-10 11:42 - 00000000 ____D C:\Program Files (x86)\sbqh
2016-08-10 11:38 - 2016-08-10 11:39 - 00000000 ____D C:\Program Files (x86)\DE009F50-1470821934-11DE-B9AA-8DD25F06407C
2016-08-10 11:38 - 2016-08-10 11:38 - 00009020 _____ C:\Windows\System32\Tasks\Cukight Debuger
2016-08-10 11:38 - 2016-08-10 11:38 - 00003344 _____ C:\Windows\System32\Tasks\b2929b72a96a471893ecaa9c51368bae
2016-08-10 11:38 - 2016-08-10 11:38 - 00000000 ___HD C:\Program Files (x86)\rfy516A
2016-08-10 11:38 - 2016-08-10 11:38 - 00000000 ____D C:\Users\Helena\AppData\Roaming\ContentPush
2016-08-10 11:37 - 2016-08-10 11:43 - 00000000 ____D C:\Program Files (x86)\Gheklerjotain
2016-08-10 11:36 - 2016-08-10 11:36 - 00000000 ____D C:\Program Files (x86)\WeatherChickn
2016-08-10 11:36 - 2016-08-10 11:36 - 00000000 ____D C:\Program Files (x86)\ContentPush
2016-08-10 11:19 - 2016-08-10 11:19 - 00003446 _____ C:\Windows\System32\Tasks\{EB9126EE-4D50-4D11-A2CC-8ABD8A91A205}
2016-08-10 10:41 - 2016-08-10 10:41 - 00000000 ____D C:\Program Files\BitTorrent
2016-08-10 10:40 - 2016-08-10 12:03 - 00000000 ____D C:\ProgramData\Ronzap
2016-08-10 10:40 - 2016-08-10 10:40 - 07117312 _____ C:\Users\Helena\AppData\Roaming\agent.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 02279413 _____ C:\Users\Helena\AppData\Roaming\Singlefix.bin
2016-08-10 10:40 - 2016-08-10 10:40 - 01900142 _____ C:\Users\Helena\AppData\Roaming\Singlefax.tst
2016-08-10 10:40 - 2016-08-10 10:40 - 00189668 _____ () C:\Users\Helena\AppData\Roaming\Qvostrong.bin
2016-08-10 10:40 - 2016-08-10 10:40 - 00126464 _____ C:\Users\Helena\AppData\Roaming\noah.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 00126464 _____ C:\Users\Helena\AppData\Roaming\lobby.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 00072712 _____ C:\Users\Helena\AppData\Roaming\Haytip.tst
2016-08-10 10:40 - 2016-08-10 10:40 - 00070704 _____ C:\Users\Helena\AppData\Roaming\Config.xml
2016-08-10 10:40 - 2016-08-10 10:40 - 00054272 _____ C:\Users\Helena\AppData\Roaming\ApplicationHosting.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 00041472 _____ C:\Users\Helena\AppData\Local\Damfase.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 00028160 _____ C:\Users\Helena\AppData\Local\Damfase.exe
2016-08-10 10:40 - 2016-08-10 10:40 - 00018432 _____ C:\Users\Helena\AppData\Roaming\Main.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 00005568 _____ C:\Users\Helena\AppData\Roaming\md.xml
2016-08-10 10:40 - 2016-08-10 10:40 - 00003608 _____ C:\Windows\System32\Tasks\snp
2016-08-10 10:40 - 2016-08-10 10:40 - 00002401 _____ C:\Windows\SysWOW64\findit.xml
2016-08-10 10:40 - 2016-08-10 10:40 - 00000187 _____ C:\Users\Helena\AppData\Local\Damfase.exe.config
2016-08-10 10:40 - 2016-08-10 10:40 - 00000000 ____D C:\ProgramData\Ronzaps
2016-08-10 10:40 - 2016-08-10 10:40 - 00000000 ____D C:\ProgramData\Logic Handler
2016-08-10 10:40 - 2016-08-10 10:40 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-08-10 10:40 - 2016-08-10 10:39 - 00686592 _____ C:\Users\Helena\AppData\Roaming\Singlefax.exe
2016-08-10 10:40 - 2016-08-10 10:39 - 00686592 _____ C:\Users\Helena\AppData\Roaming\Haytip.exe
2016-08-10 10:39 - 2016-08-10 10:39 - 00848437 _____ C:\Users\Helena\AppData\Roaming\Issing.bin
2016-08-10 10:39 - 2016-08-10 10:39 - 00138240 _____ C:\Users\Helena\AppData\Roaming\Installer.dat
2016-08-10 10:39 - 2016-08-10 10:39 - 00019536 _____ C:\Users\Helena\AppData\Roaming\InstallationConfiguration.xml
2016-08-10 10:33 - 2016-08-10 12:36 - 00000000 ____D C:\Users\Helena\AppData\Local\Uhmedia
2016-08-10 10:32 - 2016-08-10 12:19 - 00000000 ____D C:\Program Files (x86)\Windows 8 n 8.1 Activator
2016-08-10 10:32 - 2016-08-10 10:38 - 00003520 _____ C:\Windows\System32\Tasks\PPI Update
2016-08-10 10:30 - 2016-08-10 10:31 - 04276224 _____ C:\Users\Helena\Downloads\Windows 8 & 8.1 Activator.iso
2016-08-08 18:33 - 2016-08-08 18:33 - 00041588 _____ C:\Users\Helena\Documents\Faktura_160100014.pdf
2016-08-08 18:32 - 2016-08-08 18:32 - 00000000 ____D C:\Users\Helena\AppData\Local\PDF Writer
2016-08-08 18:24 - 2016-08-08 18:24 - 00002023 _____ C:\Users\Public\Desktop\Ekonomický systém POHODA 2016 START.lnk
2016-08-08 18:24 - 2016-08-08 18:24 - 00000000 ____D C:\Users\Helena\AppData\Roaming\PDF Writer
2016-08-08 18:24 - 2016-08-08 18:24 - 00000000 ____D C:\ProgramData\STORMWARE
2016-08-08 18:24 - 2016-08-08 18:24 - 00000000 ____D C:\ProgramData\PDF Writer
2016-08-08 18:24 - 2016-08-08 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STORMWARE Office
2016-08-08 18:24 - 2016-08-08 18:24 - 00000000 ____D C:\Program Files\STORMWARE
2016-08-08 18:24 - 2016-08-08 18:24 - 00000000 ____D C:\Program Files\Common Files\STORMWARE
2016-08-08 18:24 - 2016-08-08 18:24 - 00000000 ____D C:\Program Files (x86)\STORMWARE
2016-08-08 18:24 - 2013-10-04 09:42 - 00147456 _____ (STORMWARE) C:\Windows\SysWOW64\bzpdfc.dll
2016-08-08 18:24 - 2013-09-01 12:59 - 01103872 _____ C:\Windows\SysWOW64\CBLCtlsU.ocx
2016-08-08 18:24 - 2013-07-13 12:15 - 00805376 _____ C:\Windows\SysWOW64\EditCtlsU.ocx
2016-08-08 18:24 - 2013-07-12 22:57 - 00539648 _____ C:\Windows\SysWOW64\LblCtlsU.ocx
2016-08-08 18:24 - 2013-04-05 13:55 - 00476160 _____ C:\Windows\SysWOW64\TabStripCtlU.ocx
2016-08-08 18:24 - 2013-03-28 23:13 - 00645632 _____ C:\Windows\SysWOW64\BtnCtlsU.ocx
2016-08-08 18:24 - 2013-03-03 14:37 - 01061888 _____ C:\Windows\SysWOW64\ExLvwU.ocx
2016-08-08 18:24 - 2008-10-30 09:42 - 00227840 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2016-08-08 18:24 - 2008-07-09 09:42 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2016-08-08 18:24 - 1999-05-12 23:00 - 01064456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2016-08-08 18:24 - 1999-05-07 00:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.OCX
2016-08-08 18:23 - 2016-08-08 18:22 - 04397384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc100.dll
2016-08-08 18:23 - 2016-08-08 18:22 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2016-08-08 18:21 - 2016-08-08 18:22 - 88151464 _____ C:\Users\Helena\Downloads\SetupPohodaCZ_Start_11301.exe
2016-08-03 14:53 - 2016-08-03 14:53 - 15834090 _____ C:\Users\Helena\Downloads\supermarket-31-2016.pdf
2016-08-03 14:45 - 2016-08-03 14:45 - 19923511 _____ C:\Users\Helena\Downloads\hypermarket-31-2016.pdf
2016-07-23 09:50 - 2016-07-23 09:50 - 00000000 ____D C:\Users\Helena\Documents\Horsez08
2016-07-15 11:37 - 2016-07-15 11:37 - 00170997 _____ C:\Users\Helena\Downloads\253_(1037_2)Z.pdf
2016-07-15 11:37 - 2016-07-15 11:37 - 00164914 _____ C:\Users\Helena\Downloads\150_(1037_2)Z.pdf
2016-07-13 13:35 - 2016-06-25 20:28 - 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-13 13:35 - 2016-06-25 17:55 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-13 13:35 - 2016-06-25 17:55 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-13 13:35 - 2016-06-25 17:55 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-13 13:35 - 2016-06-25 17:55 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-13 13:35 - 2016-06-25 17:55 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-13 13:35 - 2016-06-25 17:55 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-13 13:35 - 2016-06-25 17:55 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-13 13:35 - 2016-06-17 15:09 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-12 15:14 - 2016-07-12 15:14 - 06079168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-12 12:53 - 2016-06-25 20:09 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-10 12:23 - 2014-03-24 11:43 - 00000000 ____D C:\Users\Helena\Documents\PRAHA
2016-08-10 12:14 - 2014-03-22 17:19 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-10 12:08 - 2014-03-22 15:34 - 00000000 ____D C:\Users\Helena\AppData\Roaming\Seznam.cz
2016-08-10 12:07 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\Inf
2016-08-10 12:02 - 2016-04-14 16:05 - 00000000 ____D C:\Users\Helena\AppData\Local\ClassicShell
2016-08-10 12:02 - 2015-02-26 16:17 - 00000000 ____D C:\Users\Helena\Documents\PEČICE
2016-08-10 12:00 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-10 11:43 - 2012-07-26 07:26 - 00786432 ___SH C:\Windows\system32\config\BBI
2016-08-10 11:40 - 2014-03-22 15:33 - 00000000 ____D C:\Users\Helena\AppData\Roaming\DAEMON Tools Lite
2016-08-10 11:23 - 2014-03-22 13:48 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 11:15 - 2014-03-22 13:48 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 10:40 - 2014-05-02 19:14 - 00001422 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-10 10:40 - 2014-03-22 12:13 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-10 10:40 - 2014-03-22 12:13 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-10 10:40 - 2014-03-22 11:58 - 00001438 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-05 12:56 - 2014-12-04 16:41 - 00000000 ____D C:\Users\Helena\Documents\INFORMACE
2016-08-03 13:12 - 2012-07-26 12:01 - 00727488 _____ C:\Windows\system32\perfh005.dat
2016-08-03 13:12 - 2012-07-26 12:01 - 00148006 _____ C:\Windows\system32\perfc005.dat
2016-08-03 13:12 - 2012-07-26 09:28 - 01714430 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-02 15:19 - 2014-03-24 11:52 - 00000000 ____D C:\Users\Helena\Documents\RECEPTY
2016-07-27 21:25 - 2014-03-22 13:47 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-24 13:34 - 2014-03-22 17:15 - 00000000 ____D C:\Users\Helena\AppData\Local\ElevatedDiagnostics
2016-07-19 15:48 - 2014-03-22 16:33 - 00000000 ____D C:\Users\Helena\Documents\Rozdělení - autor
2016-07-15 17:31 - 2016-03-11 22:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-15 17:31 - 2016-03-11 22:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-15 17:30 - 2015-06-09 19:44 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 13:01 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2016-07-12 15:14 - 2014-03-22 17:19 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-12 15:14 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 15:14 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2016-08-10 10:40 - 2016-08-10 10:40 - 7117312 _____ () C:\Users\Helena\AppData\Roaming\agent.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 0054272 _____ () C:\Users\Helena\AppData\Roaming\ApplicationHosting.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 0070704 _____ () C:\Users\Helena\AppData\Roaming\Config.xml
2016-08-10 10:40 - 2016-08-10 10:39 - 0686592 _____ () C:\Users\Helena\AppData\Roaming\Haytip.exe
2016-08-10 10:40 - 2016-08-10 10:40 - 0072712 _____ () C:\Users\Helena\AppData\Roaming\Haytip.tst
2016-08-10 10:39 - 2016-08-10 10:39 - 0019536 _____ () C:\Users\Helena\AppData\Roaming\InstallationConfiguration.xml
2016-08-10 10:39 - 2016-08-10 10:39 - 0138240 _____ () C:\Users\Helena\AppData\Roaming\Installer.dat
2016-08-10 10:39 - 2016-08-10 10:39 - 0848437 _____ () C:\Users\Helena\AppData\Roaming\Issing.bin
2016-08-10 10:40 - 2016-08-10 10:40 - 0126464 _____ () C:\Users\Helena\AppData\Roaming\lobby.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 0018432 _____ () C:\Users\Helena\AppData\Roaming\Main.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 0005568 _____ () C:\Users\Helena\AppData\Roaming\md.xml
2016-08-10 10:40 - 2016-08-10 10:40 - 0126464 _____ () C:\Users\Helena\AppData\Roaming\noah.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 0189668 _____ () C:\Users\Helena\AppData\Roaming\Qvostrong.bin
2016-08-10 10:40 - 2016-08-10 10:39 - 0686592 _____ () C:\Users\Helena\AppData\Roaming\Singlefax.exe
2016-08-10 10:40 - 2016-08-10 10:40 - 1900142 _____ () C:\Users\Helena\AppData\Roaming\Singlefax.tst
2016-08-10 10:40 - 2016-08-10 10:40 - 2279413 _____ () C:\Users\Helena\AppData\Roaming\Singlefix.bin
2016-08-10 10:41 - 2016-08-10 10:41 - 0001150 _____ () C:\Users\Helena\AppData\Roaming\uninstall_temp.ico
2016-08-10 10:40 - 2016-08-10 10:40 - 0041472 _____ () C:\Users\Helena\AppData\Local\Damfase.dat
2016-08-10 10:40 - 2016-08-10 10:40 - 0028160 _____ () C:\Users\Helena\AppData\Local\Damfase.exe
2016-08-10 10:40 - 2016-08-10 10:40 - 0000187 _____ () C:\Users\Helena\AppData\Local\Damfase.exe.config
2016-01-26 18:27 - 2016-01-26 18:27 - 0000017 _____ () C:\Users\Helena\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Helena\AppData\Local\Temp\274E.tmp.exe
C:\Users\Helena\AppData\Local\Temp\333.exe
C:\Users\Helena\AppData\Local\Temp\360net.dll
C:\Users\Helena\AppData\Local\Temp\360NetBase.dll
C:\Users\Helena\AppData\Local\Temp\360NetBase64.dll
C:\Users\Helena\AppData\Local\Temp\360NetUL.dll
C:\Users\Helena\AppData\Local\Temp\7CBF.tmp.exe
C:\Users\Helena\AppData\Local\Temp\Browser_V5.6.14087.902_r_4648_(Build1608021049).exe
C:\Users\Helena\AppData\Local\Temp\Dialogs.dll
C:\Users\Helena\AppData\Local\Temp\KuaiZip_Setup.exe
C:\Users\Helena\AppData\Local\Temp\nswD49.exe
C:\Users\Helena\AppData\Local\Temp\setup.exe
C:\Users\Helena\AppData\Local\Temp\ucni.exe
C:\Users\Helena\AppData\Local\Temp\{15342FD6-40C0-4D59-BC18-044660613FFC}.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-10 11:16

==================== End of FRST.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Zasekaný NTB

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“