Nestandartní chování po napadení virem - prosím o kontrolu
Napsal: 13 črc 2015 08:45
Prosím o kontrolu nebo doléčení PC. Byl napaden viry, léčen AVAST ale začalo neobvyklé chování. Stále dokola nabízí okna pro potvrzení bezpečnostní výjimky.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by Vlado (administrator) on VLADOR on 13-07-2015 09:41:39
Running from C:\Users\Vlado\Desktop\FRST-OlderVersion
Loaded Profiles: Vlado (Available Profiles: Vlado)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SPAMfighter) C:\Program Files (x86)\Common Files\Common Toolkit Suite\FighterSuiteService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(STORMWARE s.r.o.) \\Riwal1\pohoda\Pohoda.exe
(STORMWARE s.r.o.) \\riwal1\pohoda\stwph.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-29] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2015-04-22]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-29] (Avast Software s.r.o.)
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-4263262502-1501574399-1146706410-1000] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-4263262502-1501574399-1146706410-1000] => http=127.0.0.1:49517;https=127.0.0.1:49517
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... XX9VMPSK4B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... XX9VMPSK4B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=FTSF
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.omniboxes.com/web/?utm_sourc ... earchTerms}
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.omniboxes.com/web/?utm_sourc ... earchTerms}
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?utm_sourc ... earchTerms}
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.omniboxes.com/web/?utm_sourc ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-15] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO-x32: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-15] (Avast Software s.r.o.)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-22] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://eic.lgservice.com/DjvuViewer/DjV ... -6.1.4.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{954EDE1C-4A0E-4E02-8B74-4A485934A4C8}: [DhcpNameServer] 192.168.0.254
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XX9VMPSK4B
FireFox:
========
FF ProfilePath: C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default
FF NewTab: hxxp://www.omniboxes.com/newtab/?type=nt&ts=14 ... XX9VMPSK4B
FF Homepage: hxxp://www.omniboxes.com/?type=hp&ts=143634176 ... XX9VMPSK4B
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Fast Start - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\Extensions\istart_ffnt@gmail.com [2015-04-14]
FF Extension: Fast Start - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\Extensions\quick_searchff@gmail.com [2015-04-15]
FF Extension: Search Enginer - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\Extensions\searchengine@gmail.com [2015-04-14]
FF Extension: QuickSearch - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\Extensions\searchffv2@gmail.com [2015-07-08]
FF Extension: Search Enginer - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\Extensions\sweetsearch@gmail.com [2015-07-08]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\extensions\searchffv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\extensions\sweetsearch@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.omniboxes.com/?type=sc&ts=14 ... XX9VMPSK4B
Chrome:
=======
CHR Profile: C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29]
CHR Extension: (Google Docs) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29]
CHR Extension: (Google Drive) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-29]
CHR Extension: (YouTube) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-29]
CHR Extension: (Google Search) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-29]
CHR Extension: (Google Sheets) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-29]
CHR Extension: (Avast Online Security) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-29]
CHR Extension: (Skype Click to Call) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-29]
CHR Extension: (Google Wallet) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29]
CHR Extension: (Gmail) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... XX9VMPSK4B
Opera:
=======
StartMenuInternet: (HKLM) Opera - c:\program files (x86)\opera\opera.exe http://www.omniboxes.com/?type=sc&ts=14 ... XX9VMPSK4B
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-29] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-29] (Avast Software)
R2 Common Toolkit Service; C:\Program Files (x86)\Common Files\Common Toolkit Suite\FighterSuiteService.exe [684680 2010-04-20] (SPAMfighter)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin Ltd. or its subsidiaries)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-29] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-29] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-29] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-29] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-29] ()
R3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [129792 2013-02-22] (Gemalto)
S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfx64bulk.sys [20504 2009-02-25] (Hewlett Packard)
R1 ISODrive; C:\Program Files (x86)\UltraISO - práce s obrazy CD\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-29] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 21:46 - 2015-07-12 21:46 - 00000000 ____D C:\Users\Vlado\AppData\Local\GWX
2015-07-08 14:11 - 2015-07-08 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-07-08 14:09 - 2015-07-08 14:12 - 00000000 ____D C:\Users\Vlado\AppData\Local\Garmin_Ltd._or_its_subsid
2015-07-08 09:50 - 2015-07-10 08:47 - 00000000 ____D C:\Users\Vlado\AppData\Local\UpdateAdmin
2015-07-08 09:50 - 2015-07-10 03:50 - 00000000 ____D C:\Program Files (x86)\Search Extensions
2015-07-08 09:50 - 2015-07-08 09:50 - 00003534 _____ C:\Windows\System32\Tasks\RocketTab
2015-07-08 09:50 - 2015-07-08 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
2015-07-08 09:50 - 2015-07-08 09:50 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-08 09:50 - 2015-07-08 09:50 - 00000000 _____ C:\Windows\prleth.sys
2015-07-08 09:50 - 2015-07-08 09:50 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-26 18:07 - 2015-07-10 10:59 - 00006078 _____ C:\Windows\PFRO.log
2015-06-23 21:08 - 2015-07-09 14:08 - 18510000 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-23 09:00 - 2015-06-23 09:03 - 00000000 ____D C:\Banka
2015-06-22 10:05 - 2015-06-22 10:05 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-22 10:05 - 2015-06-22 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-22 10:05 - 2015-06-22 10:05 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-22 09:59 - 2015-07-03 11:07 - 00000949 _____ C:\Users\Public\Desktop\SecureStore Card Manager.lnk
2015-06-22 09:59 - 2015-07-03 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.CA SecureStore
2015-06-22 09:59 - 2015-07-03 11:07 - 00000000 ____D C:\ProgramData\I.CA SecureStore
2015-06-22 09:59 - 2015-07-03 11:07 - 00000000 ____D C:\Program Files\I.CA SecureStore
2015-06-22 09:58 - 2015-06-22 09:58 - 00000000 ____D C:\Program Files (x86)\Gemalto
2015-06-22 09:57 - 2015-06-22 09:57 - 00000000 ____D C:\Users\Vlado\AppData\Roaming\I.CA SecureStore 2.32.2
2015-06-22 09:49 - 2015-07-03 11:32 - 00000000 ____D C:\Users\Vlado\.ica
2015-06-22 09:48 - 2015-06-22 09:48 - 00000000 ____D C:\ProgramData\Sun
2015-06-22 09:47 - 2015-06-22 10:05 - 00000000 ____D C:\ProgramData\Oracle
2015-06-22 09:41 - 2015-06-22 09:41 - 00001218 _____ C:\Windows\IE9_main.log
2015-06-22 01:00 - 2015-07-10 11:00 - 00000168 _____ C:\Windows\setupact.log
2015-06-22 01:00 - 2015-06-22 01:00 - 00000000 _____ C:\Windows\setuperr.log
2015-06-18 10:57 - 2015-07-08 09:49 - 00001407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-18 10:57 - 2015-06-18 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 09:41 - 2015-04-21 09:06 - 00000000 ____D C:\Users\Vlado\Desktop\FRST-OlderVersion
2015-07-13 09:41 - 2015-04-20 08:41 - 00000000 ____D C:\FRST
2015-07-13 09:40 - 2011-09-22 11:58 - 00000000 ___HD C:\Users\Vlado\Documents\Dočasné
2015-07-13 09:28 - 2011-01-04 15:25 - 01241952 _____ C:\Windows\WindowsUpdate.log
2015-07-13 09:27 - 2015-02-26 10:17 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 09:08 - 2013-09-13 07:48 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 03:45 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 03:45 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 20:27 - 2015-02-26 10:17 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-10 11:06 - 2010-07-22 17:12 - 00672174 _____ C:\Windows\system32\perfh005.dat
2015-07-10 11:06 - 2010-07-22 17:12 - 00142770 _____ C:\Windows\system32\perfc005.dat
2015-07-10 11:06 - 2009-07-14 07:13 - 01593374 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-10 11:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 08:51 - 2015-04-14 12:59 - 00000000 ____D C:\Users\Vlado\AppData\Roaming\VOPackage
2015-07-10 08:36 - 2011-01-07 15:53 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-07-09 14:08 - 2012-03-29 08:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 14:08 - 2012-03-29 08:17 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-09 14:08 - 2011-05-27 09:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 14:12 - 2014-08-05 09:32 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-07-08 14:12 - 2014-08-05 09:31 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-08 14:11 - 2015-02-19 02:33 - 00001856 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-07-08 14:11 - 2014-08-05 09:32 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-07-08 14:11 - 2014-08-05 09:32 - 00000000 ___HD C:\Users\Vlado\AppData\Roaming\Garmin
2015-07-08 14:10 - 2014-08-05 09:32 - 00000000 ____D C:\ProgramData\Garmin
2015-07-08 10:26 - 2013-01-29 10:46 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2015-07-08 09:52 - 2013-01-29 10:46 - 00001005 ____H C:\Users\Vlado\Desktop\KMPlayer.lnk
2015-07-08 09:49 - 2015-05-29 08:33 - 00002427 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-08 09:49 - 2015-04-16 08:34 - 00001653 _____ C:\Users\Vlado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-08 09:49 - 2011-01-05 11:36 - 00001223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-08 09:49 - 2011-01-05 11:36 - 00001211 _____ C:\Users\Public\Desktop\Opera.lnk
2015-07-07 12:37 - 2013-10-10 08:53 - 00031744 ___SH C:\Users\Vlado\Documents\Thumbs.db
2015-07-03 11:12 - 2015-01-26 12:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-03 11:07 - 2014-12-02 12:37 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-06-26 18:13 - 2015-01-26 12:11 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-26 18:07 - 2015-06-11 13:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-25 21:15 - 2014-12-29 11:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 13:30 - 2011-01-04 15:40 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-22 09:49 - 2011-01-04 15:29 - 00000000 ___HD C:\Users\Vlado
2015-06-22 09:42 - 2014-12-15 12:08 - 00000000 __SHD C:\Users\Vlado\AppData\Local\EmieBrowserModeList
2015-06-22 09:42 - 2014-10-20 13:08 - 00000000 __SHD C:\Users\Vlado\AppData\Local\EmieUserList
2015-06-22 09:42 - 2014-10-20 13:08 - 00000000 __SHD C:\Users\Vlado\AppData\Local\EmieSiteList
==================== Files in the root of some directories =======
2011-01-24 14:58 - 2015-01-19 12:15 - 0090624 ____H () C:\Users\Vlado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-07 11:34 - 2012-09-07 11:34 - 0004096 ____H () C:\Users\Vlado\AppData\Local\keyfile3.drm
2011-01-07 15:14 - 2011-01-07 15:14 - 0000017 ____H () C:\Users\Vlado\AppData\Local\resmon.resmoncfg
2011-01-05 14:48 - 2011-01-05 14:48 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-01-14 14:43 - 2013-02-28 04:17 - 0007515 _____ () C:\ProgramData\hpzinstall.log
2012-06-13 12:12 - 2012-06-13 12:12 - 0000194 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some files in TEMP:
====================
C:\Users\Vlado\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\Vlado\AppData\Local\Temp\KMP_3.9.1.137.exe
C:\Users\Vlado\AppData\Local\Temp\YACDL_00000000.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 00:50
==================== End of log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by Vlado (administrator) on VLADOR on 13-07-2015 09:41:39
Running from C:\Users\Vlado\Desktop\FRST-OlderVersion
Loaded Profiles: Vlado (Available Profiles: Vlado)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SPAMfighter) C:\Program Files (x86)\Common Files\Common Toolkit Suite\FighterSuiteService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(STORMWARE s.r.o.) \\Riwal1\pohoda\Pohoda.exe
(STORMWARE s.r.o.) \\riwal1\pohoda\stwph.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-17] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-29] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2015-04-22]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-29] (Avast Software s.r.o.)
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-4263262502-1501574399-1146706410-1000] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-4263262502-1501574399-1146706410-1000] => http=127.0.0.1:49517;https=127.0.0.1:49517
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... XX9VMPSK4B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... XX9VMPSK4B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=FTSF
HKU\S-1-5-21-4263262502-1501574399-1146706410-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.omniboxes.com/web/?utm_sourc ... earchTerms}
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.omniboxes.com/web/?utm_sourc ... earchTerms}
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?utm_sourc ... earchTerms}
SearchScopes: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.omniboxes.com/web/?utm_sourc ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-15] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO-x32: No Name -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-15] (Avast Software s.r.o.)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-22] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-4263262502-1501574399-1146706410-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://eic.lgservice.com/DjvuViewer/DjV ... -6.1.4.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-07-12] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{954EDE1C-4A0E-4E02-8B74-4A485934A4C8}: [DhcpNameServer] 192.168.0.254
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XX9VMPSK4B
FireFox:
========
FF ProfilePath: C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default
FF NewTab: hxxp://www.omniboxes.com/newtab/?type=nt&ts=14 ... XX9VMPSK4B
FF Homepage: hxxp://www.omniboxes.com/?type=hp&ts=143634176 ... XX9VMPSK4B
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Fast Start - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\Extensions\istart_ffnt@gmail.com [2015-04-14]
FF Extension: Fast Start - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\Extensions\quick_searchff@gmail.com [2015-04-15]
FF Extension: Search Enginer - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\Extensions\searchengine@gmail.com [2015-04-14]
FF Extension: QuickSearch - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\Extensions\searchffv2@gmail.com [2015-07-08]
FF Extension: Search Enginer - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\Extensions\sweetsearch@gmail.com [2015-07-08]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\extensions\searchffv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Vlado\AppData\Roaming\Mozilla\Firefox\Profiles\asst7gzj.default\extensions\sweetsearch@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.omniboxes.com/?type=sc&ts=14 ... XX9VMPSK4B
Chrome:
=======
CHR Profile: C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-29]
CHR Extension: (Google Docs) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-29]
CHR Extension: (Google Drive) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-29]
CHR Extension: (YouTube) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-29]
CHR Extension: (Google Search) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-29]
CHR Extension: (Google Sheets) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-29]
CHR Extension: (Avast Online Security) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-29]
CHR Extension: (Skype Click to Call) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-29]
CHR Extension: (Google Wallet) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-29]
CHR Extension: (Gmail) - C:\Users\Vlado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... XX9VMPSK4B
Opera:
=======
StartMenuInternet: (HKLM) Opera - c:\program files (x86)\opera\opera.exe http://www.omniboxes.com/?type=sc&ts=14 ... XX9VMPSK4B
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-29] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-29] (Avast Software)
R2 Common Toolkit Service; C:\Program Files (x86)\Common Files\Common Toolkit Suite\FighterSuiteService.exe [684680 2010-04-20] (SPAMfighter)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin Ltd. or its subsidiaries)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-29] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-29] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-29] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-29] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-29] ()
R3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [129792 2013-02-22] (Gemalto)
S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfx64bulk.sys [20504 2009-02-25] (Hewlett Packard)
R1 ISODrive; C:\Program Files (x86)\UltraISO - práce s obrazy CD\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-29] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 21:46 - 2015-07-12 21:46 - 00000000 ____D C:\Users\Vlado\AppData\Local\GWX
2015-07-08 14:11 - 2015-07-08 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-07-08 14:09 - 2015-07-08 14:12 - 00000000 ____D C:\Users\Vlado\AppData\Local\Garmin_Ltd._or_its_subsid
2015-07-08 09:50 - 2015-07-10 08:47 - 00000000 ____D C:\Users\Vlado\AppData\Local\UpdateAdmin
2015-07-08 09:50 - 2015-07-10 03:50 - 00000000 ____D C:\Program Files (x86)\Search Extensions
2015-07-08 09:50 - 2015-07-08 09:50 - 00003534 _____ C:\Windows\System32\Tasks\RocketTab
2015-07-08 09:50 - 2015-07-08 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
2015-07-08 09:50 - 2015-07-08 09:50 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-08 09:50 - 2015-07-08 09:50 - 00000000 _____ C:\Windows\prleth.sys
2015-07-08 09:50 - 2015-07-08 09:50 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-26 18:07 - 2015-07-10 10:59 - 00006078 _____ C:\Windows\PFRO.log
2015-06-23 21:08 - 2015-07-09 14:08 - 18510000 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-23 09:00 - 2015-06-23 09:03 - 00000000 ____D C:\Banka
2015-06-22 10:05 - 2015-06-22 10:05 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-22 10:05 - 2015-06-22 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-22 10:05 - 2015-06-22 10:05 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-22 09:59 - 2015-07-03 11:07 - 00000949 _____ C:\Users\Public\Desktop\SecureStore Card Manager.lnk
2015-06-22 09:59 - 2015-07-03 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.CA SecureStore
2015-06-22 09:59 - 2015-07-03 11:07 - 00000000 ____D C:\ProgramData\I.CA SecureStore
2015-06-22 09:59 - 2015-07-03 11:07 - 00000000 ____D C:\Program Files\I.CA SecureStore
2015-06-22 09:58 - 2015-06-22 09:58 - 00000000 ____D C:\Program Files (x86)\Gemalto
2015-06-22 09:57 - 2015-06-22 09:57 - 00000000 ____D C:\Users\Vlado\AppData\Roaming\I.CA SecureStore 2.32.2
2015-06-22 09:49 - 2015-07-03 11:32 - 00000000 ____D C:\Users\Vlado\.ica
2015-06-22 09:48 - 2015-06-22 09:48 - 00000000 ____D C:\ProgramData\Sun
2015-06-22 09:47 - 2015-06-22 10:05 - 00000000 ____D C:\ProgramData\Oracle
2015-06-22 09:41 - 2015-06-22 09:41 - 00001218 _____ C:\Windows\IE9_main.log
2015-06-22 01:00 - 2015-07-10 11:00 - 00000168 _____ C:\Windows\setupact.log
2015-06-22 01:00 - 2015-06-22 01:00 - 00000000 _____ C:\Windows\setuperr.log
2015-06-18 10:57 - 2015-07-08 09:49 - 00001407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-18 10:57 - 2015-06-18 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 09:41 - 2015-04-21 09:06 - 00000000 ____D C:\Users\Vlado\Desktop\FRST-OlderVersion
2015-07-13 09:41 - 2015-04-20 08:41 - 00000000 ____D C:\FRST
2015-07-13 09:40 - 2011-09-22 11:58 - 00000000 ___HD C:\Users\Vlado\Documents\Dočasné
2015-07-13 09:28 - 2011-01-04 15:25 - 01241952 _____ C:\Windows\WindowsUpdate.log
2015-07-13 09:27 - 2015-02-26 10:17 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 09:08 - 2013-09-13 07:48 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 03:45 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 03:45 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 20:27 - 2015-02-26 10:17 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-10 11:06 - 2010-07-22 17:12 - 00672174 _____ C:\Windows\system32\perfh005.dat
2015-07-10 11:06 - 2010-07-22 17:12 - 00142770 _____ C:\Windows\system32\perfc005.dat
2015-07-10 11:06 - 2009-07-14 07:13 - 01593374 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-10 11:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 08:51 - 2015-04-14 12:59 - 00000000 ____D C:\Users\Vlado\AppData\Roaming\VOPackage
2015-07-10 08:36 - 2011-01-07 15:53 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-07-09 14:08 - 2012-03-29 08:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 14:08 - 2012-03-29 08:17 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-09 14:08 - 2011-05-27 09:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 14:12 - 2014-08-05 09:32 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-07-08 14:12 - 2014-08-05 09:31 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-08 14:11 - 2015-02-19 02:33 - 00001856 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-07-08 14:11 - 2014-08-05 09:32 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-07-08 14:11 - 2014-08-05 09:32 - 00000000 ___HD C:\Users\Vlado\AppData\Roaming\Garmin
2015-07-08 14:10 - 2014-08-05 09:32 - 00000000 ____D C:\ProgramData\Garmin
2015-07-08 10:26 - 2013-01-29 10:46 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2015-07-08 09:52 - 2013-01-29 10:46 - 00001005 ____H C:\Users\Vlado\Desktop\KMPlayer.lnk
2015-07-08 09:49 - 2015-05-29 08:33 - 00002427 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-08 09:49 - 2015-04-16 08:34 - 00001653 _____ C:\Users\Vlado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-08 09:49 - 2011-01-05 11:36 - 00001223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-08 09:49 - 2011-01-05 11:36 - 00001211 _____ C:\Users\Public\Desktop\Opera.lnk
2015-07-07 12:37 - 2013-10-10 08:53 - 00031744 ___SH C:\Users\Vlado\Documents\Thumbs.db
2015-07-03 11:12 - 2015-01-26 12:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-03 11:07 - 2014-12-02 12:37 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-06-26 18:13 - 2015-01-26 12:11 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-26 18:07 - 2015-06-11 13:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-25 21:15 - 2014-12-29 11:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 13:30 - 2011-01-04 15:40 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-22 09:49 - 2011-01-04 15:29 - 00000000 ___HD C:\Users\Vlado
2015-06-22 09:42 - 2014-12-15 12:08 - 00000000 __SHD C:\Users\Vlado\AppData\Local\EmieBrowserModeList
2015-06-22 09:42 - 2014-10-20 13:08 - 00000000 __SHD C:\Users\Vlado\AppData\Local\EmieUserList
2015-06-22 09:42 - 2014-10-20 13:08 - 00000000 __SHD C:\Users\Vlado\AppData\Local\EmieSiteList
==================== Files in the root of some directories =======
2011-01-24 14:58 - 2015-01-19 12:15 - 0090624 ____H () C:\Users\Vlado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-07 11:34 - 2012-09-07 11:34 - 0004096 ____H () C:\Users\Vlado\AppData\Local\keyfile3.drm
2011-01-07 15:14 - 2011-01-07 15:14 - 0000017 ____H () C:\Users\Vlado\AppData\Local\resmon.resmoncfg
2011-01-05 14:48 - 2011-01-05 14:48 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-01-14 14:43 - 2013-02-28 04:17 - 0007515 _____ () C:\ProgramData\hpzinstall.log
2012-06-13 12:12 - 2012-06-13 12:12 - 0000194 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some files in TEMP:
====================
C:\Users\Vlado\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\Vlado\AppData\Local\Temp\KMP_3.9.1.137.exe
C:\Users\Vlado\AppData\Local\Temp\YACDL_00000000.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 00:50
==================== End of log ============================