Dobrý večer,
prosím vás mám problém s DNS Unlocker. Před Vánocemi se mi aktualizoval Adobe Flash Player a od té doby mám sním problém. Vždy když kamkoliv na aktuální stránce chci kliknout, tak mě místo adresy vyskočí "Redirect" a odkáže mě to postupně na další 2-3 stránky buď eshopů a nebo různých her. Jediné stránky které jsou tomuto imuní jsou YT,FB a Seznam. Vyzkoušel jsem mnoho postupů co jsem našel na internetu, ale žádný mi nepomohl, jelikož je nejspíše nějaká nová verze tohoto programu. Chci se tedy optat jestli je nějaký způsob jak se toho zbavit či pokud by došlo na novou instalaci windows, tak zda je možná nějaká ochrana proti tomuto malwaru či co to je. Například placené antiviry. Děkuji za jakoukoliv odpověď či radu.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Martin (administrator) on MARTIN-PC (09-02-2016 18:22:16)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {01389058-4955-11e5-85d5-902b341d0060} - J:\Startme.exe
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {04cb978b-f3f2-11e4-9e16-902b341d0060} - I:\Autorun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\Parameters: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{E8F96327-F4FC-4DB1-AE6F-98FF9ABEA3E5}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-468821790-2668219107-660150622-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150418__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {001708D9-778E-42a1-9B0C-44697B139FCE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {609DEF8F-C2DB-46d4-8C1F-EB73E8DA0902} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {C02FBCFF-D91C-4f9f-95D0-2AAD007E14EC} URL = hxxp://www.google.com/cse?cx=partner-pub-37942 ... earchTerms}
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150418__yaie&p={searchTerms}
Toolbar: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\911on1wu.default-1451669864090
FF Homepage: hxxps://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\911on1wu.default-1451669864090\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-04-26] (BitRaider, LLC)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-17] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-10-17] (GOG.com)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-12-23] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2015-12-23] ()
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-06-06] (BitRaider)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-06] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2015-05-06] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-03] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-09 18:22 - 2016-02-09 18:22 - 00011171 _____ C:\Users\Martin\Desktop\FRST.txt
2016-02-09 18:21 - 2016-02-09 18:22 - 00000000 ____D C:\FRST
2016-02-09 18:20 - 2016-02-09 18:20 - 02370560 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-02-03 15:52 - 2016-02-08 19:06 - 00000000 ____D C:\Users\Martin\Documents\American Truck Simulator
2016-02-03 15:47 - 2016-02-03 15:48 - 00000222 _____ C:\Users\Martin\Desktop\American Truck Simulator.url
2016-02-02 20:00 - 2016-02-02 20:00 - 00000000 ____D C:\Users\Martin\Documents\League of Legends
2016-01-31 15:11 - 2004-09-27 18:23 - 00307200 _____ (Wasisten Los) C:\Users\Martin\Desktop\Fallout Tactics Editor.EXE
2016-01-29 16:05 - 2016-01-31 18:05 - 00000000 ____D C:\Users\Martin\Desktop\Liara
2016-01-24 19:40 - 2016-01-24 20:01 - 630569798 _____ C:\Users\Martin\Desktop\VID_20160122_082639.3gp
2016-01-22 16:34 - 2016-01-22 16:34 - 09571239 _____ C:\Users\Martin\Desktop\video-1453476066.mp4.mp4
2016-01-20 17:03 - 2016-01-20 17:03 - 00003354 _____ C:\Users\Martin\.recently-used.xbel
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-09 18:16 - 2015-04-15 17:31 - 00000000 ____D C:\Users\Martin\AppData\Roaming\TS3Client
2016-02-09 16:34 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-09 16:34 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-09 16:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-08 20:47 - 2013-02-17 18:25 - 00000000 ____D C:\Users\Martin\Desktop\BlackRaven
2016-02-08 19:06 - 2015-04-13 15:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-07 20:11 - 2013-03-15 08:25 - 00000000 ___RD C:\Users\Martin\Desktop\Filmy
2016-02-06 15:43 - 2015-09-22 19:59 - 00000000 ____D C:\Users\Martin\Desktop\Muzika
2016-02-02 22:24 - 2015-04-12 04:17 - 00000000 ____D C:\Users\Martin\Documents\Euro Truck Simulator 2
2016-02-02 22:07 - 2016-01-01 18:46 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2016-01-30 09:58 - 2015-04-16 19:51 - 00000000 ____D C:\Users\Martin\Documents\ConvertXToDVD
2016-01-30 09:58 - 2015-04-15 16:22 - 00001057 _____ C:\Users\Martin\AppData\Roaming\vso_ts_preview.xml
2016-01-30 09:58 - 2015-04-15 16:22 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Vso
2016-01-22 21:00 - 2016-01-01 16:57 - 00000000 ____D C:\Users\Martin\Desktop\české písničky
2016-01-22 17:19 - 2015-04-15 16:27 - 00000000 ____D C:\ProgramData\Origin
2016-01-22 16:40 - 2010-11-21 10:27 - 00668138 _____ C:\Windows\system32\perfh005.dat
2016-01-22 16:40 - 2010-11-21 10:27 - 00140798 _____ C:\Windows\system32\perfc005.dat
2016-01-22 16:40 - 2009-07-14 06:13 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-22 16:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-20 17:03 - 2015-04-19 20:05 - 00000000 ____D C:\Users\Martin\.gimp-2.6
2016-01-20 17:03 - 2015-04-13 15:03 - 00000000 ____D C:\Users\Martin
2016-01-20 17:02 - 2015-04-24 20:34 - 00000000 ____D C:\Users\Martin\AppData\Roaming\gtk-2.0
2016-01-15 06:17 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-15 05:49 - 2015-12-31 12:39 - 00000000 ____D C:\Users\Martin\Desktop\Powerwolf - Blessed and Possessed
2016-01-14 20:07 - 2015-05-04 15:12 - 00000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2016-01-14 20:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-13 20:02 - 2015-05-15 18:05 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 20:01 - 2015-11-06 12:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 20:00 - 2015-05-04 20:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Free Audio Editor
==================== Files in the root of some directories =======
2015-09-25 19:34 - 2015-09-25 20:30 - 0000104 _____ () C:\Users\Martin\AppData\Roaming\Camdata.ini
2015-09-25 19:34 - 2015-09-25 20:30 - 0000408 _____ () C:\Users\Martin\AppData\Roaming\CamLayout.ini
2015-09-25 19:34 - 2015-09-25 20:30 - 0000408 _____ () C:\Users\Martin\AppData\Roaming\CamShapes.ini
2015-09-25 19:34 - 2015-09-25 20:30 - 0004509 _____ () C:\Users\Martin\AppData\Roaming\CamStudio.cfg
2015-04-15 16:22 - 2016-01-30 09:58 - 0001057 _____ () C:\Users\Martin\AppData\Roaming\vso_ts_preview.xml
2015-07-18 12:34 - 2015-07-18 12:34 - 0002835 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Martin\AppData\Local\Temp\atcMedia2231442141735.exe
C:\Users\Martin\AppData\Local\Temp\comver.dll
C:\Users\Martin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Martin\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Martin\AppData\Local\Temp\FFSetup3.6.0.0.exe
C:\Users\Martin\AppData\Local\Temp\gtapi.dll
C:\Users\Martin\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Martin\AppData\Local\Temp\ntwdblib.dll
C:\Users\Martin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Martin\AppData\Local\Temp\nvStInst.exe
C:\Users\Martin\AppData\Local\Temp\ochelper.exe
C:\Users\Martin\AppData\Local\Temp\patchw32.dll
C:\Users\Martin\AppData\Local\Temp\raptrpatch.exe
C:\Users\Martin\AppData\Local\Temp\raptr_stub.exe
C:\Users\Martin\AppData\Local\Temp\SpOrder.dll
C:\Users\Martin\AppData\Local\Temp\supoptsetup.exe
C:\Users\Martin\AppData\Local\Temp\tmpC7B1.exe
C:\Users\Martin\AppData\Local\Temp\_isA18F.exe
C:\Users\Martin\AppData\Local\Temp\~5429.exe
C:\Users\Martin\AppData\Local\Temp\~CBF7.exe
C:\Users\Martin\AppData\Local\Temp\~E998.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-31 10:02
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Problém s DNS Unlocker
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119348
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s DNS Unlocker
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Martin Beran
- Návštěvník
- Příspěvky: 5
- Registrován: 09 úno 2016 18:18
Re: Problém s DNS Unlocker
# AdwCleaner v5.033 - Logfile created 10/02/2016 at 05:37:49
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Desktop\adwcleaner_5.033.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\mikcoibeefloccofbmbfejkclnogbjee
[-] Folder Deleted : C:\Users\Martin\AppData\Local\Temp\AskSearch
[-] Folder Deleted : C:\Users\Martin\AppData\Roaming\RHEng
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\Windows\SysWOW64\lavasofttcpservice.dll
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\a6f9d1af-6ad9-0e3a-4d0d-dfbbba4f8769
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ba96e052}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters [NameServer]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5421 bytes] ##########
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Desktop\adwcleaner_5.033.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\mikcoibeefloccofbmbfejkclnogbjee
[-] Folder Deleted : C:\Users\Martin\AppData\Local\Temp\AskSearch
[-] Folder Deleted : C:\Users\Martin\AppData\Roaming\RHEng
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\Windows\SysWOW64\lavasofttcpservice.dll
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\a6f9d1af-6ad9-0e3a-4d0d-dfbbba4f8769
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ba96e052}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters [NameServer]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5421 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119348
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s DNS Unlocker
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Martin Beran
- Návštěvník
- Příspěvky: 5
- Registrován: 09 úno 2016 18:18
Re: Problém s DNS Unlocker
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Martin (administrator) on MARTIN-PC (10-02-2016 20:36:12)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {01389058-4955-11e5-85d5-902b341d0060} - J:\Startme.exe
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {04cb978b-f3f2-11e4-9e16-902b341d0060} - I:\Autorun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{E8F96327-F4FC-4DB1-AE6F-98FF9ABEA3E5}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-468821790-2668219107-660150622-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150418__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {001708D9-778E-42a1-9B0C-44697B139FCE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {609DEF8F-C2DB-46d4-8C1F-EB73E8DA0902} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {C02FBCFF-D91C-4f9f-95D0-2AAD007E14EC} URL = hxxp://www.google.com/cse?cx=partner-pub-37942 ... earchTerms}
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150418__yaie&p={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\911on1wu.default-1451669864090
FF Homepage: hxxps://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\911on1wu.default-1451669864090\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-04-26] (BitRaider, LLC)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-17] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-10-17] (GOG.com)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-12-23] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2015-12-23] ()
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-06-06] (BitRaider)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-06] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2015-05-06] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-03] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-10 18:03 - 2016-02-10 18:03 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2016-02-10 17:59 - 2016-02-10 17:59 - 00001344 _____ C:\Users\Martin\Desktop\WoW.lnk
2016-02-10 05:36 - 2016-02-10 05:37 - 00000000 ____D C:\AdwCleaner
2016-02-09 21:40 - 2016-02-10 17:59 - 00000000 ____D C:\Users\Martin\Desktop\WoW
2016-02-09 21:29 - 2016-02-09 21:29 - 01508352 _____ C:\Users\Martin\Desktop\adwcleaner_5.033.exe
2016-02-09 18:22 - 2016-02-10 20:36 - 00010767 _____ C:\Users\Martin\Desktop\FRST.txt
2016-02-09 18:21 - 2016-02-10 20:36 - 00000000 ____D C:\FRST
2016-02-09 18:20 - 2016-02-09 18:20 - 02370560 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-02-03 15:52 - 2016-02-09 19:22 - 00000000 ____D C:\Users\Martin\Documents\American Truck Simulator
2016-02-03 15:47 - 2016-02-03 15:48 - 00000222 _____ C:\Users\Martin\Desktop\American Truck Simulator.url
2016-02-02 20:00 - 2016-02-02 20:00 - 00000000 ____D C:\Users\Martin\Documents\League of Legends
2016-01-31 15:11 - 2004-09-27 18:23 - 00307200 _____ (Wasisten Los) C:\Users\Martin\Desktop\Fallout Tactics Editor.EXE
2016-01-29 16:05 - 2016-01-31 18:05 - 00000000 ____D C:\Users\Martin\Desktop\Liara
2016-01-24 19:40 - 2016-01-24 20:01 - 630569798 _____ C:\Users\Martin\Desktop\VID_20160122_082639.3gp
2016-01-22 16:34 - 2016-01-22 16:34 - 09571239 _____ C:\Users\Martin\Desktop\video-1453476066.mp4.mp4
2016-01-20 17:03 - 2016-01-20 17:03 - 00003354 _____ C:\Users\Martin\.recently-used.xbel
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-10 20:14 - 2015-04-15 17:31 - 00000000 ____D C:\Users\Martin\AppData\Roaming\TS3Client
2016-02-10 18:13 - 2013-02-17 18:25 - 00000000 ____D C:\Users\Martin\Desktop\BlackRaven
2016-02-10 16:02 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-10 16:02 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-10 15:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-09 19:22 - 2015-04-13 15:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-07 20:11 - 2013-03-15 08:25 - 00000000 ___RD C:\Users\Martin\Desktop\Filmy
2016-02-06 15:43 - 2015-09-22 19:59 - 00000000 ____D C:\Users\Martin\Desktop\Muzika
2016-02-02 22:24 - 2015-04-12 04:17 - 00000000 ____D C:\Users\Martin\Documents\Euro Truck Simulator 2
2016-02-02 22:07 - 2016-01-01 18:46 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2016-01-30 09:58 - 2015-04-16 19:51 - 00000000 ____D C:\Users\Martin\Documents\ConvertXToDVD
2016-01-30 09:58 - 2015-04-15 16:22 - 00001057 _____ C:\Users\Martin\AppData\Roaming\vso_ts_preview.xml
2016-01-30 09:58 - 2015-04-15 16:22 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Vso
2016-01-22 21:00 - 2016-01-01 16:57 - 00000000 ____D C:\Users\Martin\Desktop\české písničky
2016-01-22 17:19 - 2015-04-15 16:27 - 00000000 ____D C:\ProgramData\Origin
2016-01-22 16:40 - 2010-11-21 10:27 - 00668138 _____ C:\Windows\system32\perfh005.dat
2016-01-22 16:40 - 2010-11-21 10:27 - 00140798 _____ C:\Windows\system32\perfc005.dat
2016-01-22 16:40 - 2009-07-14 06:13 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-22 16:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-20 17:03 - 2015-04-19 20:05 - 00000000 ____D C:\Users\Martin\.gimp-2.6
2016-01-20 17:03 - 2015-04-13 15:03 - 00000000 ____D C:\Users\Martin
2016-01-20 17:02 - 2015-04-24 20:34 - 00000000 ____D C:\Users\Martin\AppData\Roaming\gtk-2.0
2016-01-15 06:17 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-15 05:49 - 2015-12-31 12:39 - 00000000 ____D C:\Users\Martin\Desktop\Powerwolf - Blessed and Possessed
2016-01-14 20:07 - 2015-05-04 15:12 - 00000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2016-01-14 20:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-13 20:02 - 2015-05-15 18:05 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 20:01 - 2015-11-06 12:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 20:00 - 2015-05-04 20:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Free Audio Editor
==================== Files in the root of some directories =======
2015-09-25 19:34 - 2015-09-25 20:30 - 0000104 _____ () C:\Users\Martin\AppData\Roaming\Camdata.ini
2015-09-25 19:34 - 2015-09-25 20:30 - 0000408 _____ () C:\Users\Martin\AppData\Roaming\CamLayout.ini
2015-09-25 19:34 - 2015-09-25 20:30 - 0000408 _____ () C:\Users\Martin\AppData\Roaming\CamShapes.ini
2015-09-25 19:34 - 2015-09-25 20:30 - 0004509 _____ () C:\Users\Martin\AppData\Roaming\CamStudio.cfg
2015-04-15 16:22 - 2016-01-30 09:58 - 0001057 _____ () C:\Users\Martin\AppData\Roaming\vso_ts_preview.xml
2015-07-18 12:34 - 2015-07-18 12:34 - 0002835 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Martin\AppData\Local\Temp\atcMedia2231442141735.exe
C:\Users\Martin\AppData\Local\Temp\comver.dll
C:\Users\Martin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Martin\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Martin\AppData\Local\Temp\FFSetup3.6.0.0.exe
C:\Users\Martin\AppData\Local\Temp\gtapi.dll
C:\Users\Martin\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Martin\AppData\Local\Temp\ntwdblib.dll
C:\Users\Martin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Martin\AppData\Local\Temp\nvStInst.exe
C:\Users\Martin\AppData\Local\Temp\ochelper.exe
C:\Users\Martin\AppData\Local\Temp\patchw32.dll
C:\Users\Martin\AppData\Local\Temp\raptrpatch.exe
C:\Users\Martin\AppData\Local\Temp\raptr_stub.exe
C:\Users\Martin\AppData\Local\Temp\SpOrder.dll
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll
C:\Users\Martin\AppData\Local\Temp\supoptsetup.exe
C:\Users\Martin\AppData\Local\Temp\tmpC7B1.exe
C:\Users\Martin\AppData\Local\Temp\_isA18F.exe
C:\Users\Martin\AppData\Local\Temp\~5429.exe
C:\Users\Martin\AppData\Local\Temp\~CBF7.exe
C:\Users\Martin\AppData\Local\Temp\~E998.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-31 10:02
==================== End of FRST.txt ============================
Ran by Martin (administrator) on MARTIN-PC (10-02-2016 20:36:12)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {01389058-4955-11e5-85d5-902b341d0060} - J:\Startme.exe
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {04cb978b-f3f2-11e4-9e16-902b341d0060} - I:\Autorun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{E8F96327-F4FC-4DB1-AE6F-98FF9ABEA3E5}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-468821790-2668219107-660150622-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150418__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {001708D9-778E-42a1-9B0C-44697B139FCE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {609DEF8F-C2DB-46d4-8C1F-EB73E8DA0902} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {C02FBCFF-D91C-4f9f-95D0-2AAD007E14EC} URL = hxxp://www.google.com/cse?cx=partner-pub-37942 ... earchTerms}
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150418__yaie&p={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-03-27] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-03-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\911on1wu.default-1451669864090
FF Homepage: hxxps://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\911on1wu.default-1451669864090\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-04-26] (BitRaider, LLC)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-17] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-10-17] (GOG.com)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-12-23] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2015-12-23] ()
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-06-06] (BitRaider)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-06] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2015-05-06] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-03] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-10 18:03 - 2016-02-10 18:03 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2016-02-10 17:59 - 2016-02-10 17:59 - 00001344 _____ C:\Users\Martin\Desktop\WoW.lnk
2016-02-10 05:36 - 2016-02-10 05:37 - 00000000 ____D C:\AdwCleaner
2016-02-09 21:40 - 2016-02-10 17:59 - 00000000 ____D C:\Users\Martin\Desktop\WoW
2016-02-09 21:29 - 2016-02-09 21:29 - 01508352 _____ C:\Users\Martin\Desktop\adwcleaner_5.033.exe
2016-02-09 18:22 - 2016-02-10 20:36 - 00010767 _____ C:\Users\Martin\Desktop\FRST.txt
2016-02-09 18:21 - 2016-02-10 20:36 - 00000000 ____D C:\FRST
2016-02-09 18:20 - 2016-02-09 18:20 - 02370560 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-02-03 15:52 - 2016-02-09 19:22 - 00000000 ____D C:\Users\Martin\Documents\American Truck Simulator
2016-02-03 15:47 - 2016-02-03 15:48 - 00000222 _____ C:\Users\Martin\Desktop\American Truck Simulator.url
2016-02-02 20:00 - 2016-02-02 20:00 - 00000000 ____D C:\Users\Martin\Documents\League of Legends
2016-01-31 15:11 - 2004-09-27 18:23 - 00307200 _____ (Wasisten Los) C:\Users\Martin\Desktop\Fallout Tactics Editor.EXE
2016-01-29 16:05 - 2016-01-31 18:05 - 00000000 ____D C:\Users\Martin\Desktop\Liara
2016-01-24 19:40 - 2016-01-24 20:01 - 630569798 _____ C:\Users\Martin\Desktop\VID_20160122_082639.3gp
2016-01-22 16:34 - 2016-01-22 16:34 - 09571239 _____ C:\Users\Martin\Desktop\video-1453476066.mp4.mp4
2016-01-20 17:03 - 2016-01-20 17:03 - 00003354 _____ C:\Users\Martin\.recently-used.xbel
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-10 20:14 - 2015-04-15 17:31 - 00000000 ____D C:\Users\Martin\AppData\Roaming\TS3Client
2016-02-10 18:13 - 2013-02-17 18:25 - 00000000 ____D C:\Users\Martin\Desktop\BlackRaven
2016-02-10 16:02 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-10 16:02 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-10 15:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-09 19:22 - 2015-04-13 15:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-07 20:11 - 2013-03-15 08:25 - 00000000 ___RD C:\Users\Martin\Desktop\Filmy
2016-02-06 15:43 - 2015-09-22 19:59 - 00000000 ____D C:\Users\Martin\Desktop\Muzika
2016-02-02 22:24 - 2015-04-12 04:17 - 00000000 ____D C:\Users\Martin\Documents\Euro Truck Simulator 2
2016-02-02 22:07 - 2016-01-01 18:46 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2016-01-30 09:58 - 2015-04-16 19:51 - 00000000 ____D C:\Users\Martin\Documents\ConvertXToDVD
2016-01-30 09:58 - 2015-04-15 16:22 - 00001057 _____ C:\Users\Martin\AppData\Roaming\vso_ts_preview.xml
2016-01-30 09:58 - 2015-04-15 16:22 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Vso
2016-01-22 21:00 - 2016-01-01 16:57 - 00000000 ____D C:\Users\Martin\Desktop\české písničky
2016-01-22 17:19 - 2015-04-15 16:27 - 00000000 ____D C:\ProgramData\Origin
2016-01-22 16:40 - 2010-11-21 10:27 - 00668138 _____ C:\Windows\system32\perfh005.dat
2016-01-22 16:40 - 2010-11-21 10:27 - 00140798 _____ C:\Windows\system32\perfc005.dat
2016-01-22 16:40 - 2009-07-14 06:13 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-22 16:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-20 17:03 - 2015-04-19 20:05 - 00000000 ____D C:\Users\Martin\.gimp-2.6
2016-01-20 17:03 - 2015-04-13 15:03 - 00000000 ____D C:\Users\Martin
2016-01-20 17:02 - 2015-04-24 20:34 - 00000000 ____D C:\Users\Martin\AppData\Roaming\gtk-2.0
2016-01-15 06:17 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-15 05:49 - 2015-12-31 12:39 - 00000000 ____D C:\Users\Martin\Desktop\Powerwolf - Blessed and Possessed
2016-01-14 20:07 - 2015-05-04 15:12 - 00000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2016-01-14 20:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-13 20:02 - 2015-05-15 18:05 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 20:01 - 2015-11-06 12:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 20:00 - 2015-05-04 20:10 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Free Audio Editor
==================== Files in the root of some directories =======
2015-09-25 19:34 - 2015-09-25 20:30 - 0000104 _____ () C:\Users\Martin\AppData\Roaming\Camdata.ini
2015-09-25 19:34 - 2015-09-25 20:30 - 0000408 _____ () C:\Users\Martin\AppData\Roaming\CamLayout.ini
2015-09-25 19:34 - 2015-09-25 20:30 - 0000408 _____ () C:\Users\Martin\AppData\Roaming\CamShapes.ini
2015-09-25 19:34 - 2015-09-25 20:30 - 0004509 _____ () C:\Users\Martin\AppData\Roaming\CamStudio.cfg
2015-04-15 16:22 - 2016-01-30 09:58 - 0001057 _____ () C:\Users\Martin\AppData\Roaming\vso_ts_preview.xml
2015-07-18 12:34 - 2015-07-18 12:34 - 0002835 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Martin\AppData\Local\Temp\atcMedia2231442141735.exe
C:\Users\Martin\AppData\Local\Temp\comver.dll
C:\Users\Martin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Martin\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Martin\AppData\Local\Temp\FFSetup3.6.0.0.exe
C:\Users\Martin\AppData\Local\Temp\gtapi.dll
C:\Users\Martin\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Martin\AppData\Local\Temp\ntwdblib.dll
C:\Users\Martin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Martin\AppData\Local\Temp\nvStInst.exe
C:\Users\Martin\AppData\Local\Temp\ochelper.exe
C:\Users\Martin\AppData\Local\Temp\patchw32.dll
C:\Users\Martin\AppData\Local\Temp\raptrpatch.exe
C:\Users\Martin\AppData\Local\Temp\raptr_stub.exe
C:\Users\Martin\AppData\Local\Temp\SpOrder.dll
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll
C:\Users\Martin\AppData\Local\Temp\supoptsetup.exe
C:\Users\Martin\AppData\Local\Temp\tmpC7B1.exe
C:\Users\Martin\AppData\Local\Temp\_isA18F.exe
C:\Users\Martin\AppData\Local\Temp\~5429.exe
C:\Users\Martin\AppData\Local\Temp\~CBF7.exe
C:\Users\Martin\AppData\Local\Temp\~E998.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-31 10:02
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119348
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s DNS Unlocker
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {01389058-4955-11e5-85d5-902b341d0060} - J:\Startme.exe
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {04cb978b-f3f2-11e4-9e16-902b341d0060} - I:\Autorun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {001708D9-778E-42a1-9B0C-44697B139FCE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Martin\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Martin Beran
- Návštěvník
- Příspěvky: 5
- Registrován: 09 úno 2016 18:18
Re: Problém s DNS Unlocker
Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Martin (2016-02-11 16:49:56) Run:1
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {01389058-4955-11e5-85d5-902b341d0060} - J:\Startme.exe
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {04cb978b-f3f2-11e4-9e16-902b341d0060} - I:\Autorun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {001708D9-778E-42a1-9B0C-44697B139FCE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Martin\AppData\Local\Temp
End
*****************
HKU\S-1-5-21-468821790-2668219107-660150622-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully
"HKU\S-1-5-21-468821790-2668219107-660150622-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01389058-4955-11e5-85d5-902b341d0060}" => key removed successfully
HKCR\CLSID\{01389058-4955-11e5-85d5-902b341d0060} => key not found.
"HKU\S-1-5-21-468821790-2668219107-660150622-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04cb978b-f3f2-11e4-9e16-902b341d0060}" => key removed successfully
HKCR\CLSID\{04cb978b-f3f2-11e4-9e16-902b341d0060} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-468821790-2668219107-660150622-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{001708D9-778E-42a1-9B0C-44697B139FCE}" => key removed successfully
HKCR\CLSID\{001708D9-778E-42a1-9B0C-44697B139FCE} => key not found.
"HKU\S-1-5-21-468821790-2668219107-660150622-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}" => key removed successfully
HKCR\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"C:\Users\Martin\AppData\Local\Temp" folder move:
Could not move "C:\Users\Martin\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-11 16:51:47)
C:\Users\Martin\AppData\Local\Temp => moved successfully
==== End of Fixlog 16:51:47 ====
Ran by Martin (2016-02-11 16:49:56) Run:1
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {01389058-4955-11e5-85d5-902b341d0060} - J:\Startme.exe
HKU\S-1-5-21-468821790-2668219107-660150622-1000\...\MountPoints2: {04cb978b-f3f2-11e4-9e16-902b341d0060} - I:\Autorun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {001708D9-778E-42a1-9B0C-44697B139FCE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKU\S-1-5-21-468821790-2668219107-660150622-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Martin\AppData\Local\Temp
End
*****************
HKU\S-1-5-21-468821790-2668219107-660150622-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully
"HKU\S-1-5-21-468821790-2668219107-660150622-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01389058-4955-11e5-85d5-902b341d0060}" => key removed successfully
HKCR\CLSID\{01389058-4955-11e5-85d5-902b341d0060} => key not found.
"HKU\S-1-5-21-468821790-2668219107-660150622-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04cb978b-f3f2-11e4-9e16-902b341d0060}" => key removed successfully
HKCR\CLSID\{04cb978b-f3f2-11e4-9e16-902b341d0060} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-468821790-2668219107-660150622-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{001708D9-778E-42a1-9B0C-44697B139FCE}" => key removed successfully
HKCR\CLSID\{001708D9-778E-42a1-9B0C-44697B139FCE} => key not found.
"HKU\S-1-5-21-468821790-2668219107-660150622-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}" => key removed successfully
HKCR\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"C:\Users\Martin\AppData\Local\Temp" folder move:
Could not move "C:\Users\Martin\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-11 16:51:47)
C:\Users\Martin\AppData\Local\Temp => moved successfully
==== End of Fixlog 16:51:47 ====
-
Rudy
- Site Admin
- Příspěvky: 119348
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s DNS Unlocker
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Martin Beran
- Návštěvník
- Příspěvky: 5
- Registrován: 09 úno 2016 18:18
Re: Problém s DNS Unlocker
Ano, po DNS Unlocker ani památky 
Všechno už jede jak má. Moc vám děkuji za pomoc
Všechno už jede jak má. Moc vám děkuji za pomoc -
Rudy
- Site Admin
- Příspěvky: 119348
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s DNS Unlocker
To jsem rád. Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?