Trojský kůň JS/Kryptik.CO
Napsal: 15 pro 2015 23:09
Dobrý den,
jsem tu nováček, ale mám poměrně zavirovaný počítač (možná je to důvod, proč mi selhala instalace Win10...?) a sama se v tom moc nevyznám, jediné, co se mi s tím udělalo je teda to, že se mi to v ESETU zavřelo do karantény... potřebovala bych nějakou radu pochopitelnou trošku pro holky
Netuším, co tento trojský kůň způsobuje, ale asi mi zpomaluje počítač, což ci myslím, že asi je zpomalený no... já se moc omlouvám za svoji neznalost, ale moc ráda bych se chtěla starat o svůj počítač a stát se někdy programátorkou...
Budu ráda za jakoukoliv pomoc, děkuji!
Tady je log z FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
Ran by MaiLinhVi (administrator) on ADMIN-PC (15-12-2015 22:55:54)
Running from C:\Users\MaiLinhVi\Desktop
Loaded Profiles: MaiLinhVi (Available Profiles: admin & MaiLinhVi & Majka & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(WinAbility® Software Corporation) C:\PROGRAMS\FGUARD\FGKey64.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
() C:\Users\Majka\AppData\Local\Seznam.cz\bin\postak.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(LINE Corporation) D:\Downloads\LINE\Line.exe
() C:\Users\MaiLinhVi\AppData\Local\Viber\Viber.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ucmapi.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\MaiLinhVi\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [FG_Monitor] => C:\PROGRAMS\FGUARD\FGKey64.exe [144456 2007-02-24] (WinAbility® Software Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4148664 2013-10-07] (ESET)
HKLM-x32\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NokiaMServer] => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [PC Suite Tray] => C:\Users\MaiLinhVi\Desktop\Downloads\Nokia PC Suite 7\PCSuite.exe [1500160 2011-06-16] (Nokia)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Seznam Postak] => C:\Users\Majka\AppData\Local\Seznam.cz\bin\postak.exe [491040 2012-01-10] ()
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Line] => D:\Downloads\LINE\Line.exe [17456664 2015-12-07] (LINE Corporation)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Viber] => C:\Users\MaiLinhVi\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Zoner Photo Studio Autoupdate] => "C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE"
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Dropbox Update] => C:\Users\MaiLinhVi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-25] (Dropbox, Inc.)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [24055464 2015-10-20] (Microsoft Corporation)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50754688 2015-12-01] (Skype Technologies S.A.)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(492).dll [2013-07-22] (深圳市迅雷网络技术有限公司)
Startup: C:\Users\MaiLinhVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\MaiLinhVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2015-11-08]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\MaiLinhVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-04-07]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-291474276-2071678850-1047628788-1007\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-291474276-2071678850-1047628788-1004\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll No File
Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll No File
Tcpip\Parameters: [DhcpNameServer] 172.18.0.5 172.19.4.1 172.18.0.6
Tcpip\..\Interfaces\{53445778-203B-4259-B250-0B44CB7B2632}: [DhcpNameServer] 172.18.0.5 172.19.4.1 172.18.0.6
Internet Explorer:
==================
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.cz/
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKLM-x32 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 - (No Name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> DefaultScope {0D96972B-505E-43C8-8D2F-0DAAEF41139D} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=196149&p={searchTerms}
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM ... -SearchBox
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {0916c519-1bf3-425b-a6de-93464400cde2} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=IEListicka_12
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {0D96972B-505E-43C8-8D2F-0DAAEF41139D} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=196149&p={searchTerms}
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {38c65396-c0ef-4b49-b451-97531647e30c} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... isticka_12
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {720f3daa-b949-467e-98ce-f68894b8f06f} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=IEListicka_12
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {7b8f3ebf-0455-4c61-b1c4-af63f57ada06} URL = hxxp://www.firmy.cz/phr/{searchTerms}?sourceid=IEListicka_12
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {F714F5B7-E4D2-4DB1-96B3-F45AE05068AE} URL = hxxp://cs.wikipedia.org/w/index.php?title=Speci%C3%A1ln%C3%AD:Hled%C3%A1n%C3%AD&search={searchTerms}
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-26] (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll [2011-03-16] (Yahoo! Inc)
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No File
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/s ... ab_nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-09-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @xunlei.com/DapCtrl -> C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(495).dll [No File]
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll [2013-08-12] (Thunder Networking Technologies,LTD)
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> D:\Downloads\Data\npxunlei1.0.0.2.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-291474276-2071678850-1047628788-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MaiLinhVi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-27] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll [2009-09-26] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npfiller.dll [2010-03-29] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Rikaichan - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2015-07-21]
FF Extension: Online Convert - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\firefox@online-convert.com.xpi [2015-07-21]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2015-07-21]
FF Extension: New Tab Wallpapers - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi [2015-07-21]
FF Extension: YouTube to MP3 - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\youtube2mp3@mondayx.de.xpi [2015-07-21]
FF Extension: Long URL Please - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\longurlplease@darragh.curran.xpi [2015-07-21]
FF Extension: MEGA EXTENSION - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\firefox@mega.co.nz.xpi [2015-07-21]
FF Extension: Rikaichan Japanese-English Dictionary File - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\rikaichan-jpen@polarcloud.com [2015-08-19]
FF Extension: Rikaichan Japanese Names Dictionary File - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\rikaichan-jpnames@polarcloud.com [2015-08-19]
FF Extension: User Agent Switcher - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-08-19]
FF Extension: Tab Mix Plus - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-09-03]
FF Extension: Greasemonkey - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-22]
FF Extension: NoScript - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-24]
FF Extension: Seznam lištička - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-11-25]
FF Extension: Personas Plus - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\personas@christopher.beard.xpi [2015-12-04]
FF Extension: WOT - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: No Name - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\elemhidehelper@adblockplus.org.xpi [2015-11-26] [not signed]
FF Extension: No Name - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\firefox@zenmate.com.xpi [2015-12-04] [not signed]
FF Extension: No Name - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2015-07-21] [not signed]
FF Extension: DuckDuckGo Plus - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2015-07-21]
FF Extension: No Name - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\wisestamp@wisestamp.com.xpi [2015-12-11] [not signed]
FF Extension: Flagfox - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-12-04]
FF Extension: Blue Fox - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2015-07-21] [not signed]
FF Extension: Video DownloadHelper - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26]
FF Extension: 602XML Filler - C:\Program Files (x86)\Mozilla Firefox\extensions\xmlfiller@software602.cz [2015-11-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2015-01-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-04-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Users\MaiLinhVi\Desktop\Downloads\Nokia PC Suite 7\bkmrksync => not found
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-04-22] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\MaiLinhVi\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\MaiLinhVi\AppData\Roaming\IDM\idmmzcc5 [2014-01-18] [not signed]
FF HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\MaiLinhVi\AppData\Roaming\IDM\idmmzcc5
Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (rikaikun) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2014-12-28]
CHR Extension: (Skype Click to Call) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]
CHR HKU\S-1-5-21-291474276-2071678850-1047628788-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MAILIN~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-13]
CHR HKU\S-1-5-21-291474276-2071678850-1047628788-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [73728 2010-04-14] (Software602 a.s.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [42048 2013-10-07] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1025584 2013-10-07] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [191368 2013-10-07] (ESET)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SDDUpdate; C:\SNDA\SDUpdate\SDDUpdateSvc.dll [227224 2013-08-13] (SNDA)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-06] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [219184 2013-10-25] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [185224 2013-09-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [155896 2013-09-09] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [147096 2013-09-09] (ESET)
R2 FGUARD64; C:\PROGRAMS\FGUARD\FGUARD64.SYS [72064 2007-02-24] (WinAbility® Software Corporation)
R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-15 22:55 - 2015-12-15 22:57 - 00038021 _____ C:\Users\MaiLinhVi\Desktop\FRST.txt
2015-12-15 22:54 - 2015-12-15 22:55 - 00000000 ____D C:\FRST
2015-12-15 22:53 - 2015-12-15 22:53 - 00112640 _____ (forum.viry.cz) C:\Users\MaiLinhVi\Desktop\FRSTLauncher.exe
2015-12-15 22:49 - 2015-12-15 22:49 - 02369536 _____ (Farbar) C:\Users\MaiLinhVi\Desktop\FRST64.exe
2015-12-14 21:51 - 2015-12-14 21:51 - 00000000 ___HD C:\OneDriveTemp
2015-12-12 00:12 - 2015-12-12 00:12 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 16:22 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-10 16:22 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-10 16:22 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-10 16:22 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-10 16:22 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-10 16:22 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-10 16:22 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-10 16:22 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-10 16:22 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-10 16:22 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-10 16:22 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-10 16:22 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-10 16:22 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-10 16:22 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-10 16:21 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-10 16:21 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-10 16:21 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-10 16:21 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-10 16:21 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-10 16:21 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-10 16:21 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-10 16:20 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-10 16:20 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-10 16:20 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-10 16:20 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-10 16:20 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-10 16:20 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-10 16:20 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-10 16:20 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-10 16:20 - 2015-10-08 20:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-10 16:20 - 2015-10-08 19:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-10 16:19 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-10 16:19 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-10 16:19 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-10 16:19 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-10 16:19 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-10 16:19 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-10 16:05 - 2015-12-10 16:06 - 00262144 _____ C:\Windows\Minidump\121015-55536-01.dmp
2015-12-10 16:05 - 2015-12-10 16:05 - 00000000 ____D C:\Windows\Minidump
2015-12-09 17:29 - 2015-12-09 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-26 07:08 - 2015-11-26 07:08 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-11-25 21:40 - 2015-10-30 08:09 - 00000001 ___SH C:\BOOTNXT
2015-11-25 21:19 - 2015-11-25 21:20 - 00002822 _____ C:\Windows\diagerr.xml
2015-11-25 21:19 - 2015-11-25 21:20 - 00001908 _____ C:\Windows\diagwrn.xml
2015-11-22 00:08 - 2015-11-22 15:37 - 00013340 ____H C:\Users\MaiLinhVi\Documents\~WRL3743.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-15 22:56 - 2011-01-18 19:08 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-15 22:55 - 2010-01-29 21:42 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1001UA.job
2015-12-15 22:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-15 22:53 - 2015-07-25 21:48 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1004UA1d0c71b4a0158f1.job
2015-12-15 22:53 - 2015-07-25 21:41 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1004Core.job
2015-12-15 22:47 - 2010-06-13 21:37 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Roaming\Skype
2015-12-15 22:43 - 2012-05-25 17:07 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-15 22:15 - 2015-08-31 16:04 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e3fe60f0caf1.job
2015-12-15 22:09 - 2015-05-17 14:02 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090a1c0a5e42c.job
2015-12-15 22:07 - 2015-02-06 17:57 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0422df81a9a08.job
2015-12-15 21:39 - 2009-07-14 05:45 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-15 21:39 - 2009-07-14 05:45 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-15 15:48 - 2014-06-16 16:17 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Roaming\ViberPC
2015-12-15 15:48 - 2012-12-06 15:16 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Roaming\Dropbox
2015-12-15 15:47 - 2015-04-08 15:36 - 00000000 ___RD C:\Users\MaiLinhVi\OneDrive
2015-12-15 15:47 - 2013-06-13 15:33 - 00000000 ___RD C:\Users\MaiLinhVi\Disk Google
2015-12-15 15:39 - 2010-12-07 22:35 - 00000200 _____ C:\Windows\Tasks\AutoKMS.job
2015-12-15 15:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-13 22:36 - 2015-04-08 15:36 - 00002196 _____ C:\Users\MaiLinhVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-12-12 01:18 - 2009-08-14 22:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-11 19:38 - 2009-07-14 05:45 - 02732120 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-11 19:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-10 21:11 - 2012-01-24 15:31 - 00002104 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-10 16:49 - 2013-08-15 14:13 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 16:25 - 2009-09-22 19:47 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 18:43 - 2012-05-25 17:07 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 18:43 - 2012-05-25 17:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 18:43 - 2012-05-25 17:07 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 17:29 - 2014-09-25 15:39 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-09 17:29 - 2014-03-21 18:08 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Local\Skype
2015-12-09 17:29 - 2009-08-12 21:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-09 17:29 - 2009-08-12 21:18 - 00000000 ____D C:\ProgramData\Skype
2015-12-09 00:23 - 2013-09-28 14:12 - 00000626 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-12-09 00:23 - 2013-09-28 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-12-07 00:31 - 2010-11-18 15:18 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Roaming\Aegisub
2015-12-04 23:13 - 2015-01-23 22:10 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Local\CrashDumps
2015-12-03 22:51 - 2015-09-18 18:10 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0f234f4710d3c
2015-12-03 22:51 - 2015-09-18 18:10 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f234f4710d3c.job
2015-12-03 22:51 - 2011-01-18 19:08 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 22:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-02 13:18 - 2009-10-02 22:06 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-01 17:38 - 2015-06-25 20:15 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Local\ElevatedDiagnostics
2015-11-26 22:46 - 2015-09-14 20:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-26 19:04 - 2013-06-13 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-26 01:00 - 2015-10-30 10:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-25 21:40 - 2008-08-08 13:06 - 00008192 __RSH C:\BOOTSECT.BAK
2015-11-25 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-11-25 21:19 - 2009-08-13 04:34 - 00000000 ____D C:\Windows\Panther
2015-11-25 19:06 - 2015-07-25 18:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-25 18:59 - 2015-09-01 19:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-23 20:05 - 2015-07-25 20:28 - 00000000 ____D C:\Users\MaiLinhVi\Documents\Visual Studio 2015
2015-11-22 20:04 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-15 13:55 - 2010-01-29 21:42 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1001Core.job
2015-11-15 11:29 - 2009-07-14 06:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2014-04-26 14:16 - 2014-06-03 14:45 - 0003754 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2010-11-18 15:19 - 2013-03-03 16:02 - 0002421 _____ () C:\Users\MaiLinhVi\AppData\Roaming\ASSDraw3.cfg
2010-05-20 16:49 - 2013-12-27 20:07 - 0029184 _____ () C:\Users\MaiLinhVi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-24 16:18 - 2014-11-26 16:14 - 0004990 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\AskInstallChecker.exe
C:\Users\admin\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\admin\AppData\Local\Temp\ose00000.exe
C:\Users\Administrator\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Administrator\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\MaiLinhVi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx5ypt3.dll
Some zero byte size files/folders:
==========================
C:\Windows\System32\mmres.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\0414cUpdateInfo.job => C:\ProgramData\Avg_Update_0414c\0414c_{21F0D53C-0E22-431D-917B-914262E02019}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1004Core.job => C:\Users\MaiLinhVi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1004UA1d0c71b4a0158f1.job => C:\Users\MaiLinhVi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0422df81a9a08.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090a1c0a5e42c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e3fe60f0caf1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f234f4710d3c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1001Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1001UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\MaiLinhVi\Desktop" je 2787 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Downloads\\Orbitdownloader\\orbitdm.exe"="D:\\Downloads\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"D:\\Downloads\\Orbitdownloader\\orbitnet.exe"="D:\\Downloads\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"C:\\Program Files (x86)\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"="C:\\Program Files (x86)\\FlashGet Network\\FlashGet 3\\FlashGet3.exe:*:Enabled:Flashget3"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
jsem tu nováček, ale mám poměrně zavirovaný počítač (možná je to důvod, proč mi selhala instalace Win10...?) a sama se v tom moc nevyznám, jediné, co se mi s tím udělalo je teda to, že se mi to v ESETU zavřelo do karantény... potřebovala bych nějakou radu pochopitelnou trošku pro holky
Netuším, co tento trojský kůň způsobuje, ale asi mi zpomaluje počítač, což ci myslím, že asi je zpomalený no... já se moc omlouvám za svoji neznalost, ale moc ráda bych se chtěla starat o svůj počítač a stát se někdy programátorkou...
Budu ráda za jakoukoliv pomoc, děkuji!
Tady je log z FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
Ran by MaiLinhVi (administrator) on ADMIN-PC (15-12-2015 22:55:54)
Running from C:\Users\MaiLinhVi\Desktop
Loaded Profiles: MaiLinhVi (Available Profiles: admin & MaiLinhVi & Majka & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(WinAbility® Software Corporation) C:\PROGRAMS\FGUARD\FGKey64.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
() C:\Users\Majka\AppData\Local\Seznam.cz\bin\postak.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(LINE Corporation) D:\Downloads\LINE\Line.exe
() C:\Users\MaiLinhVi\AppData\Local\Viber\Viber.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ucmapi.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\MaiLinhVi\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [FG_Monitor] => C:\PROGRAMS\FGUARD\FGKey64.exe [144456 2007-02-24] (WinAbility® Software Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4148664 2013-10-07] (ESET)
HKLM-x32\...\Run: [OEM02Mon.exe] => C:\Windows\OEM02Mon.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NokiaMServer] => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NSU_agent] => C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [PC Suite Tray] => C:\Users\MaiLinhVi\Desktop\Downloads\Nokia PC Suite 7\PCSuite.exe [1500160 2011-06-16] (Nokia)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Seznam Postak] => C:\Users\Majka\AppData\Local\Seznam.cz\bin\postak.exe [491040 2012-01-10] ()
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Line] => D:\Downloads\LINE\Line.exe [17456664 2015-12-07] (LINE Corporation)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Viber] => C:\Users\MaiLinhVi\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Zoner Photo Studio Autoupdate] => "C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE"
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Dropbox Update] => C:\Users\MaiLinhVi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-25] (Dropbox, Inc.)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [24055464 2015-10-20] (Microsoft Corporation)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50754688 2015-12-01] (Skype Technologies S.A.)
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\MaiLinhVi\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(492).dll [2013-07-22] (深圳市迅雷网络技术有限公司)
Startup: C:\Users\MaiLinhVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\MaiLinhVi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\MaiLinhVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2015-11-08]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\MaiLinhVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-04-07]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-291474276-2071678850-1047628788-1007\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-291474276-2071678850-1047628788-1004\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll No File
Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll No File
Tcpip\Parameters: [DhcpNameServer] 172.18.0.5 172.19.4.1 172.18.0.6
Tcpip\..\Interfaces\{53445778-203B-4259-B250-0B44CB7B2632}: [DhcpNameServer] 172.18.0.5 172.19.4.1 172.18.0.6
Internet Explorer:
==================
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.cz/
HKU\S-1-5-21-291474276-2071678850-1047628788-1004\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKLM-x32 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 - (No Name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> DefaultScope {0D96972B-505E-43C8-8D2F-0DAAEF41139D} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=196149&p={searchTerms}
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM ... -SearchBox
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {0916c519-1bf3-425b-a6de-93464400cde2} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=IEListicka_12
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {0D96972B-505E-43C8-8D2F-0DAAEF41139D} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=196149&p={searchTerms}
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {38c65396-c0ef-4b49-b451-97531647e30c} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... isticka_12
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {720f3daa-b949-467e-98ce-f68894b8f06f} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=IEListicka_12
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {7b8f3ebf-0455-4c61-b1c4-af63f57ada06} URL = hxxp://www.firmy.cz/phr/{searchTerms}?sourceid=IEListicka_12
SearchScopes: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> {F714F5B7-E4D2-4DB1-96B3-F45AE05068AE} URL = hxxp://cs.wikipedia.org/w/index.php?title=Speci%C3%A1ln%C3%AD:Hled%C3%A1n%C3%AD&search={searchTerms}
BHO: No Name -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-26] (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll [2011-03-16] (Yahoo! Inc)
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No File
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-291474276-2071678850-1047628788-1004 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/s ... ab_nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-09-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @xunlei.com/DapCtrl -> C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(495).dll [No File]
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll [2013-08-12] (Thunder Networking Technologies,LTD)
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> D:\Downloads\Data\npxunlei1.0.0.2.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-291474276-2071678850-1047628788-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MaiLinhVi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-27] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll [2009-09-26] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npfiller.dll [2010-03-29] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Rikaichan - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2015-07-21]
FF Extension: Online Convert - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\firefox@online-convert.com.xpi [2015-07-21]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2015-07-21]
FF Extension: New Tab Wallpapers - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi [2015-07-21]
FF Extension: YouTube to MP3 - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\youtube2mp3@mondayx.de.xpi [2015-07-21]
FF Extension: Long URL Please - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\longurlplease@darragh.curran.xpi [2015-07-21]
FF Extension: MEGA EXTENSION - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\firefox@mega.co.nz.xpi [2015-07-21]
FF Extension: Rikaichan Japanese-English Dictionary File - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\rikaichan-jpen@polarcloud.com [2015-08-19]
FF Extension: Rikaichan Japanese Names Dictionary File - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\rikaichan-jpnames@polarcloud.com [2015-08-19]
FF Extension: User Agent Switcher - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-08-19]
FF Extension: Tab Mix Plus - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-09-03]
FF Extension: Greasemonkey - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-22]
FF Extension: NoScript - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-11-24]
FF Extension: Seznam lištička - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-11-25]
FF Extension: Personas Plus - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\personas@christopher.beard.xpi [2015-12-04]
FF Extension: WOT - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: No Name - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\elemhidehelper@adblockplus.org.xpi [2015-11-26] [not signed]
FF Extension: No Name - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\firefox@zenmate.com.xpi [2015-12-04] [not signed]
FF Extension: No Name - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2015-07-21] [not signed]
FF Extension: DuckDuckGo Plus - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2015-07-21]
FF Extension: No Name - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\wisestamp@wisestamp.com.xpi [2015-12-11] [not signed]
FF Extension: Flagfox - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-12-04]
FF Extension: Blue Fox - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2015-07-21] [not signed]
FF Extension: Video DownloadHelper - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Users\MaiLinhVi\AppData\Roaming\Mozilla\Firefox\Profiles\crbspp43.default-1437488347773\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-26]
FF Extension: 602XML Filler - C:\Program Files (x86)\Mozilla Firefox\extensions\xmlfiller@software602.cz [2015-11-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2015-01-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-04-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Users\MaiLinhVi\Desktop\Downloads\Nokia PC Suite 7\bkmrksync => not found
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-04-22] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\MaiLinhVi\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\MaiLinhVi\AppData\Roaming\IDM\idmmzcc5 [2014-01-18] [not signed]
FF HKU\S-1-5-21-291474276-2071678850-1047628788-1004\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\MaiLinhVi\AppData\Roaming\IDM\idmmzcc5
Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (rikaikun) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2014-12-28]
CHR Extension: (Skype Click to Call) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\MaiLinhVi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]
CHR HKU\S-1-5-21-291474276-2071678850-1047628788-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MAILIN~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-13]
CHR HKU\S-1-5-21-291474276-2071678850-1047628788-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [73728 2010-04-14] (Software602 a.s.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [42048 2013-10-07] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1025584 2013-10-07] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [191368 2013-10-07] (ESET)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SDDUpdate; C:\SNDA\SDUpdate\SDDUpdateSvc.dll [227224 2013-08-13] (SNDA)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-06] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [219184 2013-10-25] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [185224 2013-09-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [155896 2013-09-09] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [147096 2013-09-09] (ESET)
R2 FGUARD64; C:\PROGRAMS\FGUARD\FGUARD64.SYS [72064 2007-02-24] (WinAbility® Software Corporation)
R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-15 22:55 - 2015-12-15 22:57 - 00038021 _____ C:\Users\MaiLinhVi\Desktop\FRST.txt
2015-12-15 22:54 - 2015-12-15 22:55 - 00000000 ____D C:\FRST
2015-12-15 22:53 - 2015-12-15 22:53 - 00112640 _____ (forum.viry.cz) C:\Users\MaiLinhVi\Desktop\FRSTLauncher.exe
2015-12-15 22:49 - 2015-12-15 22:49 - 02369536 _____ (Farbar) C:\Users\MaiLinhVi\Desktop\FRST64.exe
2015-12-14 21:51 - 2015-12-14 21:51 - 00000000 ___HD C:\OneDriveTemp
2015-12-12 00:12 - 2015-12-12 00:12 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 16:22 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-10 16:22 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-10 16:22 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-10 16:22 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-10 16:22 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-10 16:22 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-10 16:22 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-10 16:22 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-10 16:22 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-10 16:22 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-10 16:22 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-10 16:22 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-10 16:22 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-10 16:22 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-10 16:22 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-10 16:21 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-10 16:21 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-10 16:21 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-10 16:21 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-10 16:21 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-10 16:21 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-10 16:21 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-10 16:20 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-10 16:20 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-10 16:20 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-10 16:20 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-10 16:20 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-10 16:20 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-10 16:20 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-10 16:20 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-10 16:20 - 2015-10-08 20:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-10 16:20 - 2015-10-08 19:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-10 16:19 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-10 16:19 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-10 16:19 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-10 16:19 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-10 16:19 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-10 16:19 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-10 16:05 - 2015-12-10 16:06 - 00262144 _____ C:\Windows\Minidump\121015-55536-01.dmp
2015-12-10 16:05 - 2015-12-10 16:05 - 00000000 ____D C:\Windows\Minidump
2015-12-09 17:29 - 2015-12-09 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-26 07:08 - 2015-11-26 07:08 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-11-25 21:40 - 2015-10-30 08:09 - 00000001 ___SH C:\BOOTNXT
2015-11-25 21:19 - 2015-11-25 21:20 - 00002822 _____ C:\Windows\diagerr.xml
2015-11-25 21:19 - 2015-11-25 21:20 - 00001908 _____ C:\Windows\diagwrn.xml
2015-11-22 00:08 - 2015-11-22 15:37 - 00013340 ____H C:\Users\MaiLinhVi\Documents\~WRL3743.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-15 22:56 - 2011-01-18 19:08 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-15 22:55 - 2010-01-29 21:42 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1001UA.job
2015-12-15 22:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-15 22:53 - 2015-07-25 21:48 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1004UA1d0c71b4a0158f1.job
2015-12-15 22:53 - 2015-07-25 21:41 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1004Core.job
2015-12-15 22:47 - 2010-06-13 21:37 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Roaming\Skype
2015-12-15 22:43 - 2012-05-25 17:07 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-15 22:15 - 2015-08-31 16:04 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e3fe60f0caf1.job
2015-12-15 22:09 - 2015-05-17 14:02 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090a1c0a5e42c.job
2015-12-15 22:07 - 2015-02-06 17:57 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0422df81a9a08.job
2015-12-15 21:39 - 2009-07-14 05:45 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-15 21:39 - 2009-07-14 05:45 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-15 15:48 - 2014-06-16 16:17 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Roaming\ViberPC
2015-12-15 15:48 - 2012-12-06 15:16 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Roaming\Dropbox
2015-12-15 15:47 - 2015-04-08 15:36 - 00000000 ___RD C:\Users\MaiLinhVi\OneDrive
2015-12-15 15:47 - 2013-06-13 15:33 - 00000000 ___RD C:\Users\MaiLinhVi\Disk Google
2015-12-15 15:39 - 2010-12-07 22:35 - 00000200 _____ C:\Windows\Tasks\AutoKMS.job
2015-12-15 15:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-13 22:36 - 2015-04-08 15:36 - 00002196 _____ C:\Users\MaiLinhVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-12-12 01:18 - 2009-08-14 22:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-11 19:38 - 2009-07-14 05:45 - 02732120 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-11 19:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-10 21:11 - 2012-01-24 15:31 - 00002104 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-10 16:49 - 2013-08-15 14:13 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 16:25 - 2009-09-22 19:47 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 18:43 - 2012-05-25 17:07 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 18:43 - 2012-05-25 17:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 18:43 - 2012-05-25 17:07 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 17:29 - 2014-09-25 15:39 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-09 17:29 - 2014-03-21 18:08 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Local\Skype
2015-12-09 17:29 - 2009-08-12 21:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-09 17:29 - 2009-08-12 21:18 - 00000000 ____D C:\ProgramData\Skype
2015-12-09 00:23 - 2013-09-28 14:12 - 00000626 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-12-09 00:23 - 2013-09-28 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-12-07 00:31 - 2010-11-18 15:18 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Roaming\Aegisub
2015-12-04 23:13 - 2015-01-23 22:10 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Local\CrashDumps
2015-12-03 22:51 - 2015-09-18 18:10 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0f234f4710d3c
2015-12-03 22:51 - 2015-09-18 18:10 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f234f4710d3c.job
2015-12-03 22:51 - 2011-01-18 19:08 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 22:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-02 13:18 - 2009-10-02 22:06 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-01 17:38 - 2015-06-25 20:15 - 00000000 ____D C:\Users\MaiLinhVi\AppData\Local\ElevatedDiagnostics
2015-11-26 22:46 - 2015-09-14 20:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-26 19:04 - 2013-06-13 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-26 01:00 - 2015-10-30 10:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-25 21:40 - 2008-08-08 13:06 - 00008192 __RSH C:\BOOTSECT.BAK
2015-11-25 21:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-11-25 21:19 - 2009-08-13 04:34 - 00000000 ____D C:\Windows\Panther
2015-11-25 19:06 - 2015-07-25 18:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-25 18:59 - 2015-09-01 19:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-23 20:05 - 2015-07-25 20:28 - 00000000 ____D C:\Users\MaiLinhVi\Documents\Visual Studio 2015
2015-11-22 20:04 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-15 13:55 - 2010-01-29 21:42 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1001Core.job
2015-11-15 11:29 - 2009-07-14 06:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2014-04-26 14:16 - 2014-06-03 14:45 - 0003754 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2010-11-18 15:19 - 2013-03-03 16:02 - 0002421 _____ () C:\Users\MaiLinhVi\AppData\Roaming\ASSDraw3.cfg
2010-05-20 16:49 - 2013-12-27 20:07 - 0029184 _____ () C:\Users\MaiLinhVi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-24 16:18 - 2014-11-26 16:14 - 0004990 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\AskInstallChecker.exe
C:\Users\admin\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\admin\AppData\Local\Temp\ose00000.exe
C:\Users\Administrator\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Administrator\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\MaiLinhVi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpx5ypt3.dll
Some zero byte size files/folders:
==========================
C:\Windows\System32\mmres.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\0414cUpdateInfo.job => C:\ProgramData\Avg_Update_0414c\0414c_{21F0D53C-0E22-431D-917B-914262E02019}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1004Core.job => C:\Users\MaiLinhVi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1004UA1d0c71b4a0158f1.job => C:\Users\MaiLinhVi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0422df81a9a08.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d090a1c0a5e42c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e3fe60f0caf1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f234f4710d3c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1001Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-291474276-2071678850-1047628788-1001UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\MaiLinhVi\Desktop" je 2787 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Downloads\\Orbitdownloader\\orbitdm.exe"="D:\\Downloads\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"D:\\Downloads\\Orbitdownloader\\orbitnet.exe"="D:\\Downloads\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"C:\\Program Files (x86)\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"="C:\\Program Files (x86)\\FlashGet Network\\FlashGet 3\\FlashGet3.exe:*:Enabled:Flashget3"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
