VIRY.CZ

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Clinic (administrator) on CLINIC-PC on 29-09-2013 08:26:17
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-05] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKCU\...\Run: [se] - C:\Users\Clinic\AppData\Roaming\SkypEmoticons\SE.exe [5842336 2013-09-24] (SkypEmoticons)
HKLM-x32\...\Run: [CloneCDTray] - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x85C8E48A9471CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.oversearch.info/?pid=3 ... Z&unqvl=36
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... earchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... earchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... earchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... earchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {019AF95F-BD38-A686-D3D8-53E824281E42} - No File
BHO-x32: No Name - {4DD8E93E-120F-0C2F-6477-D57EA3FF629F} - No File
BHO-x32: sAAvEnsHare - {780D3CFC-38F9-B65B-569E-C092F129DC05} - C:\ProgramData\sAAvEnsHare\XEFe.dll No File
BHO-x32: saveenshAre - {891E6007-1631-1A59-3400-85D1BCC92830} - C:\ProgramData\saveenshAre\OHA.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name - {AA57723B-17EF-6892-553E-CCE500A26AB2} - No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: saovenshare - {AB7F340D-F4FB-E24F-C22E-104000E06792} - C:\ProgramData\saovenshare\MdHhSNyrL.dll No File
BHO-x32: No Name - {D5E49167-8E8A-08DB-7B6F-F74D5FC2FDF5} - No File
BHO-x32: savoeonshare - {E6491022-6008-9B3F-225A-01B20C0738C2} - C:\ProgramData\savoeonshare\HZ46A7PFw.dll No File
BHO-x32: savoeNsHare - {EE61AB5F-C316-D484-62E2-4AC05C7C6DB3} - C:\ProgramData\savoeNsHare\ZE89mInNE7.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

Chrome:
=======
CHR HomePage: hxxp://websearch.oversearch.info/?pid=356&r=2013/09/24&hid=10109791304223707947&lg=EN&cc=CZ&unqvl=36
CHR RestoreOnStartup: "hxxp://websearch.oversearch.info/?pid=356&r=2013/09/24&hid=10109791304223707947&lg=EN&cc=CZ&unqvl=36"
CHR DefaultSearchURL: (WebSearch) - http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
CHR DefaultSuggestURL: (WebSearch) - http://localhost
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Extension: (SearchNewTab) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhhaofbhmgaomjmkhaclcodpmpdkgpno\1.0
CHR Extension: (saveenshAre ) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjkfoaifjfpajcmeoepabjggheoanmog\5.10
CHR Extension: (savoeonshare ) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\eckfpojekkdfehgegcnfjchdggajjbih\5.10
CHR Extension: (sAAvEnsHare ) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidmadndnjpeiahniedgklgidhbmdgp\5.10
CHR Extension: (savoeNsHare ) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhjgdiaaddfdcneocnlnkdpikadhaec\5.10
CHR Extension: (saovenshare ) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkkijapaehmaepijcgnaggmcabeagaoj\5.10
CHR Extension: (SearchNewTab) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkapgdgffdhdhdknekifpbljnajnbjk\1.0
CHR Extension: (SearchNewTab) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljaalpmeplnopofphmfigkhopnldanam\1.0
CHR Extension: (SearchNewTab) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpicoikfmbbkjapholdjhfnkmnjdnajh\1.0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430

==================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165664 2012-08-23] (Intel Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259176 2012-01-05] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-29 08:25 - 2013-09-29 08:25 - 00000000 ____D C:\FRST
2013-09-28 22:08 - 2013-09-28 22:08 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-28 22:08 - 2013-09-28 22:08 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-28 22:08 - 2013-09-28 22:08 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-28 22:08 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-28 22:08 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-28 22:08 - 2013-08-30 09:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-28 22:08 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-28 22:08 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-28 22:08 - 2013-08-30 09:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-28 22:08 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-28 22:08 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-28 22:08 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-28 22:07 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-28 22:06 - 2013-09-28 22:06 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-28 22:06 - 2013-09-28 22:06 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-28 11:50 - 2013-09-29 08:17 - 00001514 _____ C:\Windows\setupact.log
2013-09-28 11:50 - 2013-09-29 07:18 - 00024164 _____ C:\Windows\PFRO.log
2013-09-28 11:50 - 2013-09-28 11:50 - 00322720 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-28 11:50 - 2013-09-28 11:50 - 00000000 _____ C:\Windows\setuperr.log
2013-09-26 11:14 - 2013-09-26 11:14 - 00069944 _____ C:\Users\Clinic\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-26 11:13 - 2013-09-26 11:13 - 00000000 ____D C:\Users\Clinic\AppData\Roaming\EZDownloader
2013-09-26 09:12 - 2013-09-26 09:12 - 00012840 _____ C:\Users\Clinic\Documents\cc_20130926_091230.reg
2013-09-24 11:07 - 2013-09-28 22:30 - 00000000 ____D C:\ProgramData\saovenshare
2013-09-24 10:47 - 2013-09-28 22:30 - 00000000 ____D C:\ProgramData\savoeNsHare
2013-09-24 10:42 - 2013-09-28 22:30 - 00000000 ____D C:\ProgramData\sAAvEnsHare
2013-09-24 09:01 - 2013-09-25 09:14 - 00000000 ____D C:\Users\Clinic\Desktop\Anti Virus
2013-09-24 08:56 - 2013-09-28 22:30 - 00000000 ____D C:\ProgramData\savoeonshare
2013-09-24 08:56 - 2013-09-28 22:30 - 00000000 ____D C:\Program Files (x86)\Ss.Helper
2013-09-24 08:51 - 2013-09-28 22:30 - 00000000 ____D C:\Program Files (x86)\Ss-Helper
2013-09-24 08:51 - 2013-09-24 08:51 - 00000000 ____D C:\Windows\SysWOW64\X86
2013-09-24 08:51 - 2013-09-24 08:51 - 00000000 ____D C:\Windows\SysWOW64\AMD64
2013-09-24 08:51 - 2013-09-24 08:51 - 00000000 ____D C:\Users\Clinic\AppData\Roaming\SkypEmoticons
2013-09-24 08:51 - 2013-09-24 08:51 - 00000000 ____D C:\ProgramData\SummerSoft
2013-09-24 08:51 - 2013-09-24 08:51 - 00000000 ____D C:\Program Files (x86)\EZDownloader
2013-09-24 08:50 - 2013-09-28 22:30 - 00000000 ____D C:\ProgramData\saveenshAre
2013-09-24 08:50 - 2013-09-25 09:13 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-24 08:49 - 2013-09-24 08:50 - 00306952 _____ (SummerSoft) C:\Users\Clinic\Downloads\Katy Perry-Roar.exe
2013-09-18 11:20 - 2013-09-18 11:20 - 00064738 _____ C:\Users\Clinic\Desktop\12.9 - Taťána Fiorellino Ucastnicka_smlouva_LE_hromadny 1.9.2013.odt
2013-09-13 11:07 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 11:07 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 11:07 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-13 11:07 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 11:07 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 11:07 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 11:07 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 11:07 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 11:07 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 11:07 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 11:07 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 11:07 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-13 11:07 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-13 11:07 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-13 11:07 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 11:07 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 11:07 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 11:07 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 11:07 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 11:07 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 11:07 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 11:07 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 11:07 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 11:07 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 11:07 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 11:07 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 11:07 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 11:07 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 11:07 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 11:07 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-13 11:07 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-13 08:20 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-13 08:20 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-13 08:20 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 08:20 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 08:20 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 08:20 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 08:20 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 08:20 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 08:20 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 08:20 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 08:20 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 08:20 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 08:20 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 08:20 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 08:20 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 08:20 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 08:20 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 08:20 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 08:20 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 08:20 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 08:20 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 08:20 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 08:20 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 08:20 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 08:20 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 08:20 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 08:20 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-09-29 08:25 - 2013-09-29 08:25 - 00000000 ____D C:\FRST
2013-09-29 08:22 - 2009-07-14 07:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-29 08:17 - 2013-09-28 11:50 - 00001514 _____ C:\Windows\setupact.log
2013-09-29 08:17 - 2013-05-05 15:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-29 08:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-29 08:14 - 2013-07-13 23:46 - 01133139 _____ C:\Windows\WindowsUpdate.log
2013-09-29 08:14 - 2009-07-14 06:45 - 00020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-29 08:14 - 2009-07-14 06:45 - 00020496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-29 07:52 - 2013-05-05 15:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-29 07:47 - 2013-05-05 15:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-29 07:19 - 2013-05-05 16:44 - 00000000 ____D C:\Users\Clinic\AppData\Roaming\Skype
2013-09-29 07:18 - 2013-09-28 11:50 - 00024164 _____ C:\Windows\PFRO.log
2013-09-28 22:30 - 2013-09-24 11:07 - 00000000 ____D C:\ProgramData\saovenshare
2013-09-28 22:30 - 2013-09-24 10:47 - 00000000 ____D C:\ProgramData\savoeNsHare
2013-09-28 22:30 - 2013-09-24 10:42 - 00000000 ____D C:\ProgramData\sAAvEnsHare
2013-09-28 22:30 - 2013-09-24 08:56 - 00000000 ____D C:\ProgramData\savoeonshare
2013-09-28 22:30 - 2013-09-24 08:56 - 00000000 ____D C:\Program Files (x86)\Ss.Helper
2013-09-28 22:30 - 2013-09-24 08:51 - 00000000 ____D C:\Program Files (x86)\Ss-Helper
2013-09-28 22:30 - 2013-09-24 08:50 - 00000000 ____D C:\ProgramData\saveenshAre
2013-09-28 22:08 - 2013-09-28 22:08 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-28 22:08 - 2013-09-28 22:08 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-28 22:08 - 2013-09-28 22:08 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-28 22:06 - 2013-09-28 22:06 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-28 22:06 - 2013-09-28 22:06 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-28 11:51 - 2013-06-17 09:38 - 00007252 _____ C:\Windows\wininit.ini
2013-09-28 11:50 - 2013-09-28 11:50 - 00322720 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-28 11:50 - 2013-09-28 11:50 - 00000000 _____ C:\Windows\setuperr.log
2013-09-26 11:14 - 2013-09-26 11:14 - 00069944 _____ C:\Users\Clinic\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-26 11:13 - 2013-09-26 11:13 - 00000000 ____D C:\Users\Clinic\AppData\Roaming\EZDownloader
2013-09-26 09:12 - 2013-09-26 09:12 - 00012840 _____ C:\Users\Clinic\Documents\cc_20130926_091230.reg
2013-09-26 09:11 - 2013-06-05 12:42 - 00000000 ____D C:\Users\Clinic\AppData\Local\CrashDumps
2013-09-26 09:11 - 2013-05-05 09:02 - 00000000 ____D C:\Windows\Panther
2013-09-25 12:07 - 2013-05-05 15:30 - 00000041 ___SH C:\ProgramData\.zreglib
2013-09-25 12:05 - 2013-05-05 11:34 - 00000000 ____D C:\Users\Clinic\Desktop\Forms
2013-09-25 09:14 - 2013-09-24 09:01 - 00000000 ____D C:\Users\Clinic\Desktop\Anti Virus
2013-09-25 09:13 - 2013-09-24 08:50 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-24 09:03 - 2013-05-05 11:34 - 00000000 ____D C:\Users\Clinic\Desktop\Spinalni Dekompresni Terapie
2013-09-24 08:51 - 2013-09-24 08:51 - 00000000 ____D C:\Windows\SysWOW64\X86
2013-09-24 08:51 - 2013-09-24 08:51 - 00000000 ____D C:\Windows\SysWOW64\AMD64
2013-09-24 08:51 - 2013-09-24 08:51 - 00000000 ____D C:\Users\Clinic\AppData\Roaming\SkypEmoticons
2013-09-24 08:51 - 2013-09-24 08:51 - 00000000 ____D C:\ProgramData\SummerSoft
2013-09-24 08:51 - 2013-09-24 08:51 - 00000000 ____D C:\Program Files (x86)\EZDownloader
2013-09-24 08:50 - 2013-09-24 08:49 - 00306952 _____ (SummerSoft) C:\Users\Clinic\Downloads\Katy Perry-Roar.exe
2013-09-24 08:50 - 2013-07-13 23:59 - 00002485 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-24 08:50 - 2013-05-04 23:10 - 00001731 _____ C:\Users\Clinic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-22 09:44 - 2013-05-05 16:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-22 09:44 - 2013-05-05 16:44 - 00000000 ____D C:\ProgramData\Skype
2013-09-21 16:07 - 2013-05-05 15:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-21 16:07 - 2013-05-05 15:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-21 16:07 - 2013-05-05 15:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-18 11:20 - 2013-09-18 11:20 - 00064738 _____ C:\Users\Clinic\Desktop\12.9 - Taťána Fiorellino Ucastnicka_smlouva_LE_hromadny 1.9.2013.odt
2013-09-17 09:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-16 08:20 - 2013-05-04 23:09 - 00000000 ___RD C:\Users\Clinic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-16 08:20 - 2013-05-04 23:09 - 00000000 ___RD C:\Users\Clinic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 11:07 - 2013-07-17 12:32 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 11:05 - 2013-05-04 23:54 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 08:34 - 2009-07-14 07:08 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 08:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-30 09:48 - 2013-09-28 22:08 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-28 22:08 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-28 22:08 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-28 22:08 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-28 22:08 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-28 22:08 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2013-09-28 22:08 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-28 22:08 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2013-09-28 22:08 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-28 22:07 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 16:40

==================== End Of Log ============================

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-05] (Google Inc.)
C:\Program Files (x86)\Google\GoogleToolbarNotifier
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.oversearch.info/?pid=3 ... Z&unqvl=36
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... default&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... default&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... default&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_source= ... default&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: No Name - {019AF95F-BD38-A686-D3D8-53E824281E42} - No File
BHO-x32: No Name - {4DD8E93E-120F-0C2F-6477-D57EA3FF629F} - No File
BHO-x32: sAAvEnsHare - {780D3CFC-38F9-B65B-569E-C092F129DC05} - C:\ProgramData\sAAvEnsHare\XEFe.dll No File
BHO-x32: saveenshAre - {891E6007-1631-1A59-3400-85D1BCC92830} - C:\ProgramData\saveenshAre\OHA.dll No File
BHO-x32: No Name - {AA57723B-17EF-6892-553E-CCE500A26AB2} - No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: saovenshare - {AB7F340D-F4FB-E24F-C22E-104000E06792} - C:\ProgramData\saovenshare\MdHhSNyrL.dll No File
BHO-x32: No Name - {D5E49167-8E8A-08DB-7B6F-F74D5FC2FDF5} - No File
BHO-x32: savoeonshare - {E6491022-6008-9B3F-225A-01B20C0738C2} - C:\ProgramData\savoeonshare\HZ46A7PFw.dll No File
BHO-x32: savoeNsHare - {EE61AB5F-C316-D484-62E2-4AC05C7C6DB3} - C:\ProgramData\savoeNsHare\ZE89mInNE7.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
CHR HomePage: hxxp://websearch.oversearch.info/?pid=3 ... Z&unqvl=36
CHR RestoreOnStartup: "hxxp://websearch.oversearch.info/?pid=356&r=2013/09/24&hid=10109791304223707947&lg=EN&cc=CZ&unqvl=36"
CHR DefaultSearchURL: (WebSearch) - http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
CHR DefaultSuggestURL: (WebSearch) - http://localhost
CHR Extension: (SearchNewTab) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhhaofbhmgaomjmkhaclcodpmpdkgpno\1.0
CHR Extension: (saveenshAre ) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjkfoaifjfpajcmeoepabjggheoanmog\5.10
CHR Extension: (savoeonshare ) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\eckfpojekkdfehgegcnfjchdggajjbih\5.10
CHR Extension: (sAAvEnsHare ) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidmadndnjpeiahniedgklgidhbmdgp\5.10
CHR Extension: (savoeNsHare ) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhjgdiaaddfdcneocnlnkdpikadhaec\5.10
CHR Extension: (saovenshare ) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkkijapaehmaepijcgnaggmcabeagaoj\5.10
CHR Extension: (SearchNewTab) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkapgdgffdhdhdknekifpbljnajnbjk\1.0
CHR Extension: (SearchNewTab) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljaalpmeplnopofphmfigkhopnldanam\1.0
CHR Extension: (SearchNewTab) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpicoikfmbbkjapholdjhfnkmnjdnajh\1.0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Clinic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&utm_m ... 1380005430
C:\ProgramData\savoeNsHare
C:\ProgramData\sAAvEnsHare
C:\ProgramData\savoeonshare
C:\ProgramData\saveenshAre
End

Uložte na stejný adresář, kde máte FRST jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.