Prosím o kontrolu logu Vyřešeno

[Tondys01]

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\Users\Tonda\AppData\Roaming\Mozilla\Firefox\extensions\staged\{a00bef25-f21a-4539-adbb-b179b29e2b92}\modules\tools folder moved successfully.
C:\Users\Tonda\AppData\Roaming\Mozilla\Firefox\extensions\staged\{a00bef25-f21a-4539-adbb-b179b29e2b92}\modules folder moved successfully.
C:\Users\Tonda\AppData\Roaming\Mozilla\Firefox\extensions\staged\{a00bef25-f21a-4539-adbb-b179b29e2b92}\chrome\content folder moved successfully.
C:\Users\Tonda\AppData\Roaming\Mozilla\Firefox\extensions\staged\{a00bef25-f21a-4539-adbb-b179b29e2b92}\chrome folder moved successfully.
C:\Users\Tonda\AppData\Roaming\Mozilla\Firefox\extensions\staged\{a00bef25-f21a-4539-adbb-b179b29e2b92} folder moved successfully.
C:\Users\Tonda\AppData\Roaming\Mozilla\Firefox\extensions\staged folder moved successfully.
C:\Users\Tonda\AppData\Roaming\Mozilla\Firefox\extensions folder moved successfully.
Folder C:\Users\Tonda\AppData\Roaming\Mozilla\Firefox\extensions\staged\ not found.
C:\Users\Tonda\AppData\Roaming\Mozilla\Firefox\Profiles\BIfP54uG.default\extensions folder moved successfully.
File 16.02.18 17:33:21 | 000,875,387 | ---- | M] () (No name found) -- not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Program Files\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
C:\ProgramData\Spybot - Search & Destroy\Quarantine folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Cleaning folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Windows\SECOH-QAD.exe moved successfully.
C:\Program Files\KMSpico not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tonda
->Temp folder emptied: 73756 bytes
->Temporary Internet Files folder emptied: 9862517 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3656 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 47827348222 bytes

Total Files Cleaned = 45 621,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Tonda

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Tonda
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02212016_151230

Files\Folders moved on Reboot...
C:\Users\Tonda\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
C:\Users\Tonda\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Reklama]

[jaro3]

Co problémy?

[Tondys01]

Stále stejné.

[jaro3]

Popiš je.

[Tondys01]

Problém se vyskytuje pouze v prohlížeči Chrome, který předlouho načítá videa z You Tube, nebo kousek pustí, zasekne se a zase se předlouho načítá. Stejný problém prohlížeč vykazuje u Google Disku, nebo u Google Mailu, problém při aktualizaci Chrome. V Edge žádný problém není, prohlížeč Chrome jsem zkoušel několikrát přeinstalovat, vymazat jeho soubory, zkoušel jsem zda li problém nezpůsobují plug-iny, ale vše hovoří o tom, že problém je pouze v prohlížeči Chrome, resp. v jeho kompatibilitě s ostatními on-line produkty Google (tuším že You Tube teď také patří společnosti Google).

[jerabina]

Zkusíme ještě tento program a pokud nepomůže, tak zkusíme odstranit všechny součásti Google Chrome(i z registru).

Stáhni si Emsisoft Emergency Kit
http://dl.emsisoft.com/EmsisoftEmergencyKit.exe
na svojí plochu. Poklepej na soubor EmsisoftEmergencyKit.exe . Ponech všechna nastavení tak, jak jsou a klikni na tlačítko „Extract“ v dolní části. Složka s názvem EEK bude vytvořena v kořenovém adresáři jednotky (obvykle c: \).

1) Po extrakci poklikej na novou ikonu Emsisoft Emergency Kit na Tvé ploše.
2) Při prvním spuštění Emsisoft Emergency Kit doporučujeme povolit stahování aktualizací. Prosím, klepni na tlačítko „Yes“ (Ano), potom se stáhne nejnovější aktualizace databáze.
3) Po dokončení procesu aktualizace se zobrazí nové tlačítko v levém dolním rohu, s názvem „ Back“. Klikni na toto tlačítko pro návrat na předešlou obrazovku .
4) Klikni na „Scan“ , ukáží se volby skenování. Pokud budeš dotázán, zda chceš, aby se vyhledávaly potenciálně nežádoucí programy, klepni na tlačítko „Yes“(Ano).
5) Klikni na tlačítko „Full Scan“ pro zahájení skenování.
6) Když je skenování dokončeno klikni na tlačítko „Quarantine“ (karanténa vybraných objektů). Poznámka: Tato možnost je k dispozici pouze v případě, že během kontroly byly zjištěny škodlivé objekty.
7) Když budou v karanténě hrozby, klepni na tlačítko „View report“ (Zobrazit zprávy) v pravém dolním rohu, a protokol skenu se otevře v poznámkovém bloku.
Prosím ulož si protokol v poznámkovém bloku na plochu, a vlož sem celý jeho obsah.
9) Když zavřeš Emsisoft Emergency Kit, bude Ti nabídnuta možnost přihlásit se k odběru novinek. Toto je volitelné a není to nezbytné odstraňování malware.

[Tondys01]

Detected: 0

[Tondys01]

BTW myslíte že na mě může být (bylo mi to naznačeno) nasazen nějaký software na míru, který mi monitoruje moje počínání na PC a který by tak nebyl k nalezení?

[jaro3]

Pochybuji , máš k tomu důvody?

Odinstaluj Chrome..

udělej FRST (potom musíme ještě znovu OTL)

[Tondys01]

Já ne. Ale ti lidé si ze mě dělají legraci "proč by to někdo dělal". Tak to normálně neřeším. Jen mě to napadlo zde zmínit, když řešíme tohle téma, zda li je to možné. Hodnocení bych nechal na sobě. Ale nechme to být, budeme pokračovat v postupu.

[Tondys]

Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Tonda (2016-02-23 12:05:58) Run:1
Running from C:\Users\Tonda\Desktop
Loaded Profiles: Tonda (Available Profiles: Tonda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\runonceex: [Flags] => 128
HKLM\...\runonceex: [Title] => RAPID uninstall cleanup using key [0001]
HKU\S-1-5-21-1060879729-762033656-2367951757-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
BootExecute: autocheck autochk * sh4native Sh4Removalsdnclean64.exe

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-14] (Google Inc.)

C:\ProgramData\RogueKiller

Task: {5BCBD982-3149-4098-8838-E3694BFC985F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
Task: {CAB1A3B1-0734-401E-8F94-3CD87E2823BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-14] (Google Inc.)
Task: {D42024BD-91B8-46AC-BB78-EE01BC283460} - System32\Tasks\{A688F226-6069-4C33-A59D-F586CDE46FB9} => pcalua.exe -a "E:\Grand Theft Auto V\unins000.exe"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Google\Update

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\runonceex\\Flags => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\runonceex\\Title => value not found.
HKU\S-1-5-21-1060879729-762033656-2367951757-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key not found.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key not found.
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key not found.
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key not found.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key not found.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key not found.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key not found.
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key not found.
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key not found.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key not found.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found.
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key not found.
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => not found.
"C:\ProgramData\RogueKiller" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{075B27F0-60E5-4D66-A542-6ED27B1093E0} => key not found.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1364C731-3728-49B4-8F8E-495C73C961DA} => key not found.
C:\Windows\System32\Tasks\AutoPico Daily Restart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BCBD982-3149-4098-8838-E3694BFC985F} => key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAB1A3B1-0734-401E-8F94-3CD87E2823BB} => key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D42024BD-91B8-46AC-BB78-EE01BC283460} => key not found.
C:\Windows\System32\Tasks\{A688F226-6069-4C33-A59D-F586CDE46FB9} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A688F226-6069-4C33-A59D-F586CDE46FB9} => key not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => not found.
"C:\Program Files (x86)\Google\Update" => not found.
EmptyTemp: => 2.7 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:06:18 ====

[Tondys]

Tady je ještě ten log před fixem:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Tonda (administrator) on TONDA (23-02-2016 12:01:51)
Running from C:\Users\Tonda\Desktop
Loaded Profiles: Tonda (Available Profiles: Tonda)
Platform: Windows 8.1 Single Language (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(Team MediaPortal) C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TvService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [282288 2015-02-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1027024 2015-09-09] (MSI)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [804168 2016-02-18] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-07-30]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{643bf372-00a3-46ea-9922-4ebd335a13ad}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1060879729-762033656-2367951757-1001\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1060879729-762033656-2367951757-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1060879729-762033656-2367951757-1001 -> hxxp://www.google.com
Edge Session Restore: HKU\S-1-5-21-1060879729-762033656-2367951757-1001 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\Tonda\AppData\Roaming\Mozilla\Firefox\Profiles\BIfP54uG.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1060879729-762033656-2367951757-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2016-02-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1417592 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-07] (Rivet Networks) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2015-05-18] (MSI)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [12907520 2013-02-01] () [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2015-02-04] (Samsung Electronics Co., Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TVService; C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe [233984 2015-06-22] (Team MediaPortal) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146704 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [114736 2015-07-07] (Rivet Networks, LLC.)
R3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2015-07-30] (ITE )
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [124464 2015-04-27] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [271024 2015-02-04] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2015-02-04] (Samsung Electronics Co., Ltd.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 usbbus; \SystemRoot\System32\drivers\lgx64bus.sys [X]
S3 UsbDiag; \SystemRoot\system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; \SystemRoot\system32\DRIVERS\lgx64modem.sys [X]
S3 USBPNPA; \SystemRoot\system32\drivers\CM10864.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 12:01 - 2016-02-23 12:02 - 00012494 _____ C:\Users\Tonda\Desktop\FRST.txt
2016-02-23 12:01 - 2016-02-23 12:01 - 00000000 ____D C:\FRST
2016-02-23 11:54 - 2016-02-23 11:54 - 00000060 _____ C:\Users\Tonda\Desktop\Odkaz na fórum.txt
2016-02-23 11:53 - 2016-02-23 11:53 - 02371072 _____ (Farbar) C:\Users\Tonda\Desktop\FRST64.exe
2016-02-23 11:50 - 2016-02-20 23:30 - 00602112 _____ (OldTimer Tools) C:\Users\Tonda\Desktop\OTL.exe
2016-02-23 11:32 - 2016-02-23 11:32 - 00016148 _____ C:\Windows\system32\TONDA_Tonda_HistoryPrediction.bin
2016-02-22 21:06 - 2016-02-22 21:23 - 00000000 ____D C:\EEK
2016-02-20 11:26 - 2016-02-20 11:26 - 00000000 ____D C:\MSI
2016-02-18 17:34 - 2016-02-18 17:34 - 00000000 _____ C:\Windows\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2016-02-18 16:54 - 2016-02-18 16:54 - 00146704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-18 16:54 - 2016-02-18 16:54 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-02-18 16:54 - 2016-02-18 16:54 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-02-18 16:54 - 2016-02-18 16:54 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-02-18 16:54 - 2016-02-18 16:54 - 00000000 ____D C:\Users\Tonda\AppData\Roaming\Avira
2016-02-18 16:49 - 2016-02-18 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-18 16:49 - 2016-02-18 16:54 - 00000000 ____D C:\ProgramData\Avira
2016-02-18 16:49 - 2016-02-18 16:54 - 00000000 ____D C:\Program Files (x86)\Avira
2016-02-18 16:49 - 2016-02-18 16:49 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-18 16:18 - 2016-02-18 16:18 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2016-02-17 23:47 - 2016-02-17 23:47 - 00000085 _____ C:\Windows\wininit.ini
2016-02-17 18:44 - 2016-02-17 18:30 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-02-16 11:06 - 2016-02-17 17:24 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-15 20:07 - 2016-02-15 20:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-14 21:10 - 2016-02-14 21:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-02-14 19:55 - 2016-02-23 12:01 - 00000000 ____D C:\Users\Tonda\AppData\Local\Google
2016-02-10 10:55 - 2016-01-31 07:04 - 01811360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-10 10:54 - 2016-01-31 07:25 - 01951872 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 10:54 - 2016-01-31 07:25 - 01248896 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-10 10:54 - 2016-01-31 07:24 - 01824880 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 10:54 - 2016-01-31 07:23 - 02601160 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-10 10:54 - 2016-01-31 07:23 - 01420392 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-02-10 10:54 - 2016-01-31 07:06 - 01535032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 10:54 - 2016-01-31 07:06 - 01531368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 10:54 - 2016-01-31 07:06 - 00809336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-10 10:54 - 2016-01-31 07:04 - 01180696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-02-10 10:54 - 2016-01-31 06:38 - 21873152 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-02-10 10:54 - 2016-01-31 06:34 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll
2016-02-10 10:54 - 2016-01-31 06:33 - 24593920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 10:54 - 2016-01-31 06:33 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\IoTAssignedAccessLockFramework.dll
2016-02-10 10:54 - 2016-01-31 06:29 - 11557888 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-02-10 10:54 - 2016-01-31 06:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2016-02-10 10:54 - 2016-01-31 06:26 - 06787072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-10 10:54 - 2016-01-31 06:26 - 03793408 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-10 10:54 - 2016-01-31 06:25 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 10:54 - 2016-01-31 06:25 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 10:54 - 2016-01-31 06:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-02-10 10:54 - 2016-01-31 06:25 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 10:54 - 2016-01-31 06:24 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 10:54 - 2016-01-31 06:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-10 10:54 - 2016-01-31 06:24 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-10 10:54 - 2016-01-31 06:23 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 10:54 - 2016-01-31 06:22 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-02-10 10:54 - 2016-01-31 06:20 - 02849792 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 10:54 - 2016-01-31 06:19 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 10:54 - 2016-01-31 06:19 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\NetworkDesktopSettings.dll
2016-02-10 10:54 - 2016-01-31 06:19 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-10 10:54 - 2016-01-31 06:18 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-02-10 10:54 - 2016-01-31 06:18 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 10:54 - 2016-01-31 06:17 - 19324928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 10:54 - 2016-01-31 06:17 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-10 10:54 - 2016-01-31 06:16 - 09889280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-02-10 10:54 - 2016-01-31 06:16 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 10:54 - 2016-01-31 06:14 - 07525376 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-02-10 10:54 - 2016-01-31 06:14 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-02-10 10:54 - 2016-01-31 06:13 - 04791808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 10:54 - 2016-01-31 06:13 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2016-02-10 10:54 - 2016-01-31 06:13 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\ztrace_maps.dll
2016-02-10 10:54 - 2016-01-31 06:11 - 05156352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 10:54 - 2016-01-31 06:11 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 10:54 - 2016-01-31 06:11 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 10:54 - 2016-01-31 06:11 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 10:54 - 2016-01-31 06:07 - 18802176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-02-10 10:54 - 2016-01-31 06:06 - 02316800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 10:54 - 2016-01-31 06:05 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 10:54 - 2016-01-31 06:05 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-02-10 10:54 - 2016-01-31 06:05 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 10:54 - 2016-01-31 06:04 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-10 10:54 - 2016-01-31 06:02 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 10:54 - 2016-01-31 06:02 - 00768000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 10:54 - 2016-01-31 06:00 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 10:54 - 2016-01-31 05:59 - 05457408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-02-10 10:54 - 2016-01-31 05:58 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ztrace_maps.dll
2016-02-09 16:31 - 2016-02-09 16:31 - 00000000 ____D C:\Users\Tonda\AppData\Roaming\uplay
2016-02-04 15:29 - 2016-02-04 15:29 - 00000000 ____D C:\Users\Tonda\AppData\Roaming\iDealshare VideoGo 6
2016-02-02 11:50 - 2016-02-02 11:50 - 00000001 _____ C:\Windows\SysWOW64\en.html
2016-01-28 12:14 - 2016-01-28 11:43 - 00006530 _____ C:\Users\Tonda\OneDrive\Dokumenty\mKonto_13150247_151228_160128.html

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 12:01 - 2015-07-30 00:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-23 11:41 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness
2016-02-23 11:38 - 2015-07-30 00:11 - 02075596 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-23 11:38 - 2015-07-10 17:02 - 00973612 _____ C:\Windows\system32\perfh005.dat
2016-02-23 11:38 - 2015-07-10 17:02 - 00230318 _____ C:\Windows\system32\perfc005.dat
2016-02-23 11:38 - 2015-07-10 12:02 - 00000000 ____D C:\Windows\INF
2016-02-23 11:36 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-23 11:35 - 2015-07-30 06:52 - 00004210 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4F461AB3-2C59-49B5-BEEA-9831E95E9FCF}
2016-02-23 11:32 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-23 00:52 - 2015-07-10 10:05 - 01572864 ___SH C:\Windows\system32\config\BBI
2016-02-22 23:07 - 2015-07-31 22:10 - 01592320 ___SH C:\Users\Tonda\Desktop\Thumbs.db
2016-02-22 14:24 - 2015-07-31 11:43 - 00005204 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TONDA-Tonda Tonda
2016-02-22 14:21 - 2015-08-12 06:11 - 00000000 ____D C:\Windows\system32\MRT
2016-02-22 14:19 - 2015-08-12 06:11 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-20 20:25 - 2015-07-30 00:38 - 00000000 ____D C:\Users\Tonda\AppData\Roaming\uTorrent
2016-02-19 12:19 - 2015-12-11 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange Episode 5
2016-02-19 12:19 - 2015-12-10 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange Episode 4
2016-02-19 12:19 - 2015-07-30 07:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life Is Strange
2016-02-19 12:12 - 2015-11-01 14:56 - 00000000 ____D C:\Program Files (x86)\Sid Meiers Civilization - Beyond Earth
2016-02-18 17:36 - 2015-07-30 01:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-18 17:21 - 2015-08-08 13:36 - 00007605 _____ C:\Users\Tonda\AppData\Local\Resmon.ResmonCfg
2016-02-18 11:45 - 2015-07-30 16:09 - 00000000 ____D C:\Users\Tonda\AppData\LocalLow\Temp
2016-02-17 18:44 - 2015-07-30 07:28 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-02-17 18:42 - 2015-07-30 00:07 - 00000000 ____D C:\Users\Tonda
2016-02-17 18:42 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-02-17 11:26 - 2015-07-31 11:33 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-16 09:47 - 2015-07-31 11:19 - 00001480 _____ C:\Users\Tonda\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2016-02-15 23:04 - 2015-08-11 15:23 - 00000000 ____D C:\Users\Tonda\AppData\Roaming\MPC-BE
2016-02-14 20:05 - 2015-11-25 10:10 - 00084350 _____ C:\Users\Tonda\OneDrive\Dokumenty\cc_20151125_101022.reg
2016-02-12 18:38 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\rescache
2016-02-11 00:10 - 2015-07-10 17:05 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 11:14 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp
2016-02-09 16:30 - 2015-09-20 06:08 - 00000000 ____D C:\Users\Tonda\OneDrive\Dokumenty\My Games
2016-02-04 15:03 - 2015-08-11 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-BE x64
2016-02-04 15:03 - 2015-08-11 15:23 - 00000000 ____D C:\Program Files\MPC-BE x64
2016-02-02 23:47 - 2015-10-01 09:49 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-02 23:47 - 2015-10-01 09:49 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-07-31 11:19 - 2016-02-16 09:47 - 0001480 _____ () C:\Users\Tonda\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2015-07-30 00:30 - 2015-07-30 00:30 - 0000000 _____ () C:\Users\Tonda\AppData\Local\Driver_LOM_8161Present.flag
2015-12-08 20:43 - 2015-12-08 20:43 - 0000001 _____ () C:\Users\Tonda\AppData\Local\llftool.4.40.agreement
2015-08-08 13:36 - 2016-02-18 17:21 - 0007605 _____ () C:\Users\Tonda\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Tonda\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-21 13:25

==================== End of FRST.txt ============================