pravdepodobne vírus

Zpráva

031adam031 · #1 Příspěvek od **031adam031** » 15 črc 2016 14:00

Zdravím, inštaloval som dnes jeden patch ktory bol stiahnutý z internetu pravdepodobne bol riadne zavírovaný. Na pravej strane obrazovky mi vyskakuje ako keby článok z novín po anglicky a dá sa to vypnuť len kliknutím na X. Len že za 5 min. mi no vyskočí zas a nedá mi to pokoj. Antivirus našiel pár virusov ktore som odstránil dalej som odstrálin všetky tento den nainštalované veci a nepomohlo to ak by ste mi vedeli nejako pomôcť budem vdačný. Posielam sem log z frst.

031adam031 · #2 Příspěvek od **031adam031** » 15 črc 2016 14:03

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2016 02
Ran by Vitko (administrator) on VITKO-PC (15-07-2016 14:57:32)
Running from C:\Users\Vitko\Desktop
Loaded Profiles: Vitko (Available Profiles: Vitko)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\ContentPush\app\bin\nw.exe
() C:\Program Files (x86)\ContentPush\app\bin\nw.exe
() C:\Program Files (x86)\ContentPush\app\bin\nw.exe
() C:\Program Files (x86)\ContentPush\app\bin\nw.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Spotify Ltd) C:\Users\Vitko\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(forum.viry.cz) C:\Users\Vitko\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-15] (Logitech Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5199984 2011-06-24] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [Spotify] => C:\Users\Vitko\AppData\Roaming\Spotify\Spotify.exe [6913648 2016-07-12] (Spotify Ltd)
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [nw] => "C:\Program Files (x86)\Crytek\GFACE Launcher\live\nw.exe" --autostart
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [Spotify Web Helper] => C:\Users\Vitko\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-12] (Spotify Ltd)
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [gflauncher] => "C:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe" --autostart
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [svchost0] => "C:\Program Files (x86)\2345Soft\2345Explorer\2345Explorer.exe" -- "%1"
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\MountPoints2: {350ca561-ab3d-11e5-99c6-6c626d3db0c6} - F:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-11] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0058B07E-AB8F-4662-8E09-C36AF0C72D00}: [NameServer] 82.163.143.187,82.163.142.187
Tcpip\..\Interfaces\{0058B07E-AB8F-4662-8E09-C36AF0C72D00}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E6376FEC-9C4F-4092-8248-C287A9090B15}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/?gws_rd=ssl
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-11] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-11] (AVAST Software)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3075929715-2878364320-3222794422-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-11]

Chrome:
=======
CHR HomePage: fikeselercutherjonocult -> hxxp://www.youndoo.com/?z=6eb071e31ace3c3a713a ... 07&type=hp
CHR StartupUrls: fikeselercutherjonocult -> "hxxp://www.youndoo.com/?z=6eb071e31ace3c3a713a ... 07&type=hp"
CHR DefaultSearchURL: fikeselercutherjonocult -> hxxp://www.youndoo.com/search/?q={searchTerms} ... 07&type=sp
CHR DefaultSearchKeyword: fikeselercutherjonocult -> youndoo
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-11]
CHR HKLM-x32\...\Chrome\Extension: [oaocmnfllndpbbmjmniielgaanaifehp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-11] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-12-24] ()
S2 StejusendfQrp.exe; C:\Program Files (x86)\Qahatain\StejusendfQrp.exe [715552 2016-07-15] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 dowidoly; C:\Program Files (x86)\00000000-1468582854-0000-0000-6C626D3DB0C6\jnst6FB3.tmp [X]
S2 GTFPOQUOTT Updater; C:\Program Files (x86)\GTFPOQUOTT Updater\GTFPOQUOTT Updater.exe [X]
S2 pogygohezbt; C:\Program Files (x86)\00000000-1468582854-0000-0000-6C626D3DB0C6\knsy5460.tmpfs [X]
S2 rijufoze; C:\Program Files (x86)\00000000-1468582854-0000-0000-6C626D3DB0C6\hnsy8C78.tmp [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-11] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-11] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-12-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [46392 2015-12-25] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-15 14:57 - 2016-07-15 14:58 - 00011108 _____ C:\Users\Vitko\Desktop\FRST.txt
2016-07-15 14:57 - 2016-07-15 14:57 - 00112640 _____ (forum.viry.cz) C:\Users\Vitko\Desktop\FRSTLauncher.exe
2016-07-15 14:55 - 2016-07-15 14:55 - 02390528 _____ (Farbar) C:\Users\Vitko\Desktop\FRST64.exe
2016-07-15 13:56 - 2016-07-15 13:56 - 00000000 ____D C:\Users\Vitko\Documents\2345截图
2016-07-15 13:46 - 2016-07-15 13:46 - 00022156 _____ C:\Windows\System32\Tasks\GTFPOQUOTT
2016-07-15 13:45 - 2016-07-15 14:36 - 00000000 ____D C:\Program Files (x86)\mpck
2016-07-15 13:45 - 2016-07-15 13:45 - 00000000 ____D C:\Users\Vitko\AppData\Local\tuto_monetize_120160714
2016-07-15 13:44 - 2016-07-15 14:18 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-07-15 13:41 - 2016-07-15 14:30 - 00000000 ____D C:\Program Files (x86)\2345Soft
2016-07-15 13:41 - 2016-07-15 13:50 - 00000000 ____D C:\Users\Vitko\AppData\Local\2345Explorer
2016-07-15 13:41 - 2016-07-15 13:39 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-07-15 13:40 - 2016-07-15 14:38 - 00000000 ____D C:\Users\Vitko\AppData\Local\app
2016-07-15 13:40 - 2016-07-15 14:19 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-07-15 13:39 - 2016-07-15 14:30 - 00000000 ____D C:\Program Files (x86)\badu
2016-07-15 13:39 - 2016-07-15 13:40 - 00000000 ____D C:\Program Files (x86)\ContentPush
2016-07-15 13:39 - 2016-07-15 13:39 - 00008976 _____ C:\Windows\System32\Tasks\Stejuse Nodifier
2016-07-15 13:39 - 2016-07-15 13:39 - 00000000 ____D C:\Program Files (x86)\WeatherChickn
2016-07-15 13:38 - 2016-07-15 14:38 - 00000000 ____D C:\Program Files (x86)\Qahatain
2016-07-15 13:38 - 2016-07-15 13:39 - 00000000 ____D C:\Users\Vitko\AppData\Local\ckicuseanigightukoly
2016-07-15 13:38 - 2016-07-15 13:38 - 00950272 _____ C:\Users\Vitko\Downloads\PatchFix_v.1.0.0.iso
2016-07-14 22:14 - 2016-07-14 22:14 - 00001043 _____ C:\Users\Public\Desktop\Hitman Absolution.lnk
2016-07-14 22:14 - 2016-07-14 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Absolution
2016-07-14 21:40 - 2016-07-14 22:14 - 00000000 ____D C:\Program Files (x86)\Hitman Absolution
2016-07-14 20:53 - 2016-07-14 21:02 - 00000000 ____D C:\Users\Vitko\Downloads\Hitman.Absolution-SKIDROW
2016-07-14 14:58 - 2016-07-14 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driving Simulator 2011
2016-07-14 14:05 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-07-14 13:39 - 2016-07-15 14:00 - 00000000 ____D C:\Users\Vitko\AppData\LocalLow\stillalive studios GmbH
2016-07-13 19:41 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 19:41 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 19:41 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 19:41 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 19:41 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 19:41 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-13 19:41 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 19:41 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 19:41 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 19:41 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-13 19:41 - 2016-06-14 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-13 19:41 - 2016-06-11 08:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 19:41 - 2016-06-11 06:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-13 19:41 - 2016-06-10 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-13 19:41 - 2016-06-10 23:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-13 19:41 - 2016-06-10 23:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-13 19:41 - 2016-06-10 23:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-13 19:41 - 2016-06-10 23:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-13 19:41 - 2016-06-10 23:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 19:41 - 2016-06-10 23:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-13 19:41 - 2016-06-10 23:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 19:41 - 2016-06-10 23:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-13 19:41 - 2016-06-10 23:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-13 19:41 - 2016-06-10 23:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 19:41 - 2016-06-10 23:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-13 19:41 - 2016-06-10 23:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-13 19:41 - 2016-06-10 23:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-13 19:41 - 2016-06-10 23:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 19:41 - 2016-06-10 23:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-13 19:41 - 2016-06-10 22:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-13 19:41 - 2016-06-10 22:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-13 19:41 - 2016-06-10 22:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 19:41 - 2016-06-10 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 19:41 - 2016-06-10 22:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-13 19:41 - 2016-06-10 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-13 19:41 - 2016-06-10 22:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 19:41 - 2016-06-10 22:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 19:41 - 2016-06-10 22:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-13 19:41 - 2016-06-10 22:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 19:41 - 2016-06-10 22:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 19:41 - 2016-06-10 22:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 19:41 - 2016-06-10 22:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-13 19:41 - 2016-06-10 22:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 19:41 - 2016-06-10 21:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 19:41 - 2016-06-10 21:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 19:41 - 2016-06-10 21:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 19:41 - 2016-06-10 21:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 19:41 - 2016-06-10 21:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-13 19:41 - 2016-06-10 20:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-13 19:41 - 2016-06-10 20:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-13 19:41 - 2016-06-10 20:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-13 19:41 - 2016-06-10 20:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-13 19:41 - 2016-06-10 20:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-13 19:41 - 2016-06-10 20:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-13 19:41 - 2016-06-10 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-13 19:41 - 2016-06-10 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-13 19:41 - 2016-06-10 20:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-13 19:41 - 2016-06-10 20:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-13 19:41 - 2016-06-10 20:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-13 19:41 - 2016-06-10 20:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-13 19:41 - 2016-06-10 20:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-13 19:41 - 2016-06-10 20:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-13 19:41 - 2016-06-10 20:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-13 19:41 - 2016-06-10 20:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-13 19:41 - 2016-06-10 20:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-13 19:41 - 2016-06-10 20:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-13 19:41 - 2016-06-10 20:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-13 19:41 - 2016-06-10 20:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-13 19:41 - 2016-06-10 20:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-13 19:41 - 2016-06-10 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-13 19:41 - 2016-06-10 20:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-13 19:41 - 2016-06-10 20:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-13 19:41 - 2016-06-10 20:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-13 19:41 - 2016-06-10 19:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-13 19:41 - 2016-06-10 19:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-13 19:41 - 2016-06-10 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-13 19:41 - 2016-06-10 19:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-12 13:31 - 2016-07-14 20:31 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-21 22:10 - 2016-06-21 22:10 - 00000000 ____D C:\ProgramData\Gaijin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-15 14:57 - 2016-01-03 19:34 - 00000000 ____D C:\FRST
2016-07-15 14:48 - 2009-07-14 06:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-15 14:48 - 2009-07-14 06:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-15 14:42 - 2016-02-03 20:40 - 00000000 ____D C:\Users\Vitko\AppData\Local\Spotify
2016-07-15 14:42 - 2016-02-03 20:39 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\Spotify
2016-07-15 14:39 - 2016-02-03 15:50 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-15 14:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-15 14:31 - 2016-01-23 18:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-15 14:03 - 2016-02-03 15:50 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-15 14:00 - 2015-12-11 22:54 - 00000000 ____D C:\Games
2016-07-15 13:08 - 2015-12-17 19:19 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\uTorrent
2016-07-15 11:05 - 2015-12-11 22:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-14 20:31 - 2016-01-23 18:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 20:31 - 2015-12-11 23:02 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 20:31 - 2015-12-11 23:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 20:24 - 2016-02-02 20:24 - 00000000 ____D C:\Users\Vitko\Documents\American Truck Simulator
2016-07-14 19:34 - 2015-12-10 16:03 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-14 19:33 - 2015-12-26 17:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-14 16:20 - 2016-05-09 20:22 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quadriga Games
2016-07-14 16:20 - 2016-05-09 20:15 - 00000000 ____D C:\Program Files (x86)\Quadriga Games
2016-07-14 16:17 - 2016-04-10 20:13 - 00000000 ____D C:\Program Files (x86)\Plant Firefighter Simulator 2014
2016-07-14 15:59 - 2016-05-26 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2016-07-14 15:59 - 2016-05-26 11:59 - 00000000 ____D C:\Program Files (x86)\Mr DJ
2016-07-14 15:31 - 2016-02-02 20:24 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2016-07-14 15:24 - 2015-12-19 13:14 - 00000000 ____D C:\Users\Vitko\Documents\My Games
2016-07-14 15:08 - 2015-12-11 22:54 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-07-14 15:08 - 2015-12-11 22:54 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-07-14 15:08 - 2015-12-09 22:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-14 14:58 - 2014-01-18 16:23 - 00000000 ___RD C:\Users\Vitko\Desktop\songs
2016-07-14 13:22 - 2015-12-09 22:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-14 13:06 - 2016-02-02 20:23 - 00000000 ____D C:\2-click run
2016-07-13 21:29 - 2009-07-14 06:45 - 00340688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-13 20:34 - 2015-12-10 15:34 - 00000000 ____D C:\Windows\system32\MRT
2016-07-13 20:30 - 2015-12-10 15:34 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-13 11:07 - 2015-12-11 23:02 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-12 17:31 - 2015-12-11 23:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-12 12:31 - 2015-12-11 23:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 12:31 - 2015-12-11 23:02 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-07 14:21 - 2016-02-01 16:32 - 00003858 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454337144
2016-07-07 14:21 - 2016-02-01 16:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-07 14:20 - 2015-12-14 14:54 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\Skype
2016-07-07 14:17 - 2015-12-14 14:53 - 00000000 ____D C:\ProgramData\Skype
2016-07-03 17:32 - 2009-07-14 07:13 - 00781434 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-03 17:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-29 20:40 - 2015-12-19 13:14 - 00000000 ____D C:\WarThunder
2016-06-27 23:27 - 2016-01-08 12:14 - 00000000 ____D C:\Program Files (x86)\Crytek
2016-06-27 23:14 - 2015-12-17 19:21 - 00000000 ____D C:\ProgramData\GFACE
2016-06-24 22:21 - 2015-12-11 22:51 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-21 12:13 - 2010-11-21 05:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-19 13:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-18 09:28 - 2016-01-02 20:37 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

Some files in TEMP:
====================
C:\Users\Vitko\AppData\Local\Temp\2345Explorer_365146_silence.exe
C:\Users\Vitko\AppData\Local\Temp\388D.tmp.exe
C:\Users\Vitko\AppData\Local\Temp\58AB.tmp.exe
C:\Users\Vitko\AppData\Local\Temp\5E36.tmp.exe
C:\Users\Vitko\AppData\Local\Temp\Browser_V5.6.14087.7_r_4726_(Build1607010949).exe
C:\Users\Vitko\AppData\Local\Temp\comver.dll
C:\Users\Vitko\AppData\Local\Temp\fsd7F2D.exe
C:\Users\Vitko\AppData\Local\Temp\fsdDAE3.exe
C:\Users\Vitko\AppData\Local\Temp\SIntf16.dll
C:\Users\Vitko\AppData\Local\Temp\SIntf32.dll
C:\Users\Vitko\AppData\Local\Temp\SIntfNT.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-07 16:25

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:292.87 GB) (Free:136.99 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Others) (Fixed) (Total:172.79 GB) (Free:114.81 GB) NTFS
Drive f: (HMA) (CDROM) (Total:14.18 GB) (Free:0 GB) CDFS

Available physical RAM: 2724.89 MB
Total physical RAM: 4078.65 MB
Percentage of memory in use: 33%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CD38CD38)
Partition 1: (Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Vitko\Desktop" je 7250 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#3 Příspěvek od **Rudy** » 15 črc 2016 18:09

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

031adam031 · #4 Příspěvek od **031adam031** » 15 črc 2016 21:15

# AdwCleaner v5.027 - Logfile created 04/01/2016 at 00:33:52
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Vitko - VITKO-PC
# Running from : C:\Users\Vitko\Desktop\adwcleaner_5.027.exe
# Option : Cleaning
# Support : hxxp://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : Update Mgr ConstantFun

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Constant Fun
[!] Folder Not Deleted : C:\Program Files (x86)\Constant Fun
[-] Folder Deleted : C:\Users\Vitko\AppData\Roaming\OpenCandy

***** [ Files ] *****

[-] File Deleted : C:\Users\Vitko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Vitko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\Vitko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage
[-] File Deleted : C:\Users\Vitko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage-journal
[-] File Deleted : C:\Users\Vitko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_autopcbackup.dl.myway.com_0.localstorage
[-] File Deleted : C:\Users\Vitko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_autopcbackup.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\Vitko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_autopcbackup.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Vitko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_autopcbackup.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Vitko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.emaildefendsearch.com_0.localstorage
[-] File Deleted : C:\Users\Vitko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.emaildefendsearch.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\ConstantFun
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Constant Fun
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Constant Fun

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2823 bytes] ##########
# AdwCleaner v5.201 - Log vytvorený 15/07/2016 v 22:06:52
# Aktualizované 30/06/2016 by ToolsLib
# Databáza : 2016-07-14.1 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (X64)
# Užívateľské meno : Vitko - VITKO-PC
# Spustené z : C:\Users\Vitko\AppData\Local\Temp\scoped_dir5076_2318\adwcleaner_5.201.exe
# Nastavenie : Čistenie
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

[-] Služba Zmazané : dowidoly
[-] Služba Zmazané : pogygohezbt
[-] Služba Zmazané : rijufoze

***** [ Priečinky ] *****

[-] Priečinok Zmazané : C:\Program Files (x86)\WeatherChickn
[-] Priečinok Zmazané : C:\Program Files (x86)\badu
[-] Priečinok Zmazané : C:\Program Files (x86)\ContentPush
[-] Priečinok Zmazané : C:\Program Files (x86)\mpck
[-] Priečinok Zmazané : C:\Users\Vitko\AppData\Local\tuto_monetize_120160714
[-] Priečinok Zmazané : C:\Users\Vitko\AppData\Local\app

***** [ Súbory ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Zástupcovia ] *****

***** [ Naplánované úlohy ] *****

***** [ Registre ] *****

[-] Kľúč registra Zmazané : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Kľúč registra Zmazané : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Kľúč registra Zmazané : HKCU\Software\PRODUCTSETUP
[-] Kľúč registra Zmazané : HKCU\Software\VIS
[-] Kľúč registra Zmazané : HKCU\Software\MICROSOFT\OTUT
[-] Kľúč registra Zmazané : HKCU\Software\csastats
[-] Kľúč registra Zmazané : HKCU\Software\UCBrowserPID
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\VIS
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\UCBrowserPID
[-] Kľúč registra Zmazané : HKLM\SOFTWARE\youndooSoftware
[-] Dáta Obnovené : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit]
[-] Dáta Obnovené : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0058B07E-AB8F-4662-8E09-C36AF0C72D00} [NameServer]
[-] Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\filmfanatic2.dl.tb.ask.com
[-] Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safepcrepair.dl.tb.ask.com
[-] Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com
[-] Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
[-] Hodnota Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [apphide]
[-] Hodnota Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [apphide]
[#] Hodnota Zmazané : HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\Software\Microsoft\Windows\CurrentVersion\Run [apphide]

***** [ Webové prehliadače ] *****

*************************

:: "Tracing" kľúče zmazané
:: Nastavenia Winsock resetované.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7301 bajtov] - [04/01/2016 01:33:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [7647 bajtov] - [04/01/2016 01:31:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7449 bajtov] ##########

#5 Příspěvek od **Rudy** » 15 črc 2016 21:18

Dejte nový log FRST.

031adam031 · #6 Příspěvek od **031adam031** » 15 črc 2016 21:33

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2016 02
Ran by Vitko (administrator) on VITKO-PC (15-07-2016 22:27:53)
Running from C:\Users\Vitko\Desktop
Loaded Profiles: Vitko (Available Profiles: Vitko)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Spotify Ltd) C:\Users\Vitko\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(forum.viry.cz) C:\Users\Vitko\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-15] (Logitech Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5199984 2011-06-24] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [Spotify] => C:\Users\Vitko\AppData\Roaming\Spotify\Spotify.exe [6913648 2016-07-12] (Spotify Ltd)
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [nw] => "C:\Program Files (x86)\Crytek\GFACE Launcher\live\nw.exe" --autostart
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [Spotify Web Helper] => C:\Users\Vitko\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-12] (Spotify Ltd)
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [gflauncher] => "C:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe" --autostart
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [svchost0] => "C:\Program Files (x86)\2345Soft\2345Explorer\2345Explorer.exe" -- "%1"
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\MountPoints2: {350ca561-ab3d-11e5-99c6-6c626d3db0c6} - F:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-11] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0058B07E-AB8F-4662-8E09-C36AF0C72D00}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E6376FEC-9C4F-4092-8248-C287A9090B15}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/?gws_rd=ssl
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-11] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-11] (AVAST Software)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3075929715-2878364320-3222794422-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-11]

Chrome:
=======
CHR HomePage: fikeselercutherjonocult -> hxxp://www.youndoo.com/?z=6eb071e31ace3c3a713a ... 07&type=hp
CHR StartupUrls: fikeselercutherjonocult -> "hxxp://www.youndoo.com/?z=6eb071e31ace3c3a713a ... 07&type=hp"
CHR DefaultSearchURL: fikeselercutherjonocult -> hxxp://www.youndoo.com/search/?q={searchTerms} ... 07&type=sp
CHR DefaultSearchKeyword: fikeselercutherjonocult -> youndoo
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-11]
CHR HKLM-x32\...\Chrome\Extension: [oaocmnfllndpbbmjmniielgaanaifehp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-11] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-12-24] ()
S2 StejusendfQrp.exe; C:\Program Files (x86)\Qahatain\StejusendfQrp.exe [715552 2016-07-15] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 GTFPOQUOTT Updater; C:\Program Files (x86)\GTFPOQUOTT Updater\GTFPOQUOTT Updater.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-11] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-11] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-12-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [46392 2015-12-25] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-15 22:27 - 2016-07-15 22:27 - 00112640 _____ (forum.viry.cz) C:\Users\Vitko\Desktop\FRSTLauncher.exe
2016-07-15 22:26 - 2016-07-15 22:27 - 02390528 _____ (Farbar) C:\Users\Vitko\Desktop\FRST64 (1).exe
2016-07-15 22:03 - 2016-07-15 22:04 - 03712064 _____ C:\Users\Vitko\Desktop\adwcleaner_5.201.exe
2016-07-15 18:23 - 2016-07-15 18:30 - 00000000 ____D C:\Users\Vitko\Downloads\Anno 2205 Gold Edition by xatab
2016-07-15 18:23 - 2016-07-15 18:23 - 00023839 _____ C:\Users\Vitko\Downloads\Anno_2205-_Gold_Edition_[Update_3]_(2015)_RePack_-_Xatab.torrent
2016-07-15 18:22 - 2016-07-15 18:56 - 00000000 ____D C:\Users\Vitko\Downloads\Anno.2205-CODEX
2016-07-15 14:57 - 2016-07-15 22:28 - 00010760 _____ C:\Users\Vitko\Desktop\FRST.txt
2016-07-15 14:55 - 2016-07-15 14:55 - 02390528 _____ (Farbar) C:\Users\Vitko\Desktop\FRST64.exe
2016-07-15 13:56 - 2016-07-15 13:56 - 00000000 ____D C:\Users\Vitko\Documents\2345截图
2016-07-15 13:46 - 2016-07-15 13:46 - 00022156 _____ C:\Windows\System32\Tasks\GTFPOQUOTT
2016-07-15 13:44 - 2016-07-15 14:18 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-07-15 13:41 - 2016-07-15 14:30 - 00000000 ____D C:\Program Files (x86)\2345Soft
2016-07-15 13:41 - 2016-07-15 13:50 - 00000000 ____D C:\Users\Vitko\AppData\Local\2345Explorer
2016-07-15 13:41 - 2016-07-15 13:39 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-07-15 13:40 - 2016-07-15 14:19 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-07-15 13:39 - 2016-07-15 13:39 - 00008976 _____ C:\Windows\System32\Tasks\Stejuse Nodifier
2016-07-15 13:38 - 2016-07-15 14:38 - 00000000 ____D C:\Program Files (x86)\Qahatain
2016-07-15 13:38 - 2016-07-15 13:39 - 00000000 ____D C:\Users\Vitko\AppData\Local\ckicuseanigightukoly
2016-07-15 13:38 - 2016-07-15 13:38 - 00950272 _____ C:\Users\Vitko\Downloads\PatchFix_v.1.0.0.iso
2016-07-14 22:14 - 2016-07-14 22:14 - 00001043 _____ C:\Users\Public\Desktop\Hitman Absolution.lnk
2016-07-14 22:14 - 2016-07-14 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Absolution
2016-07-14 21:40 - 2016-07-14 22:14 - 00000000 ____D C:\Program Files (x86)\Hitman Absolution
2016-07-14 20:53 - 2016-07-14 21:02 - 00000000 ____D C:\Users\Vitko\Downloads\Hitman.Absolution-SKIDROW
2016-07-14 14:58 - 2016-07-14 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driving Simulator 2011
2016-07-14 14:05 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-07-14 13:39 - 2016-07-15 14:00 - 00000000 ____D C:\Users\Vitko\AppData\LocalLow\stillalive studios GmbH
2016-07-13 19:41 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 19:41 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 19:41 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 19:41 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 19:41 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 19:41 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-13 19:41 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 19:41 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 19:41 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 19:41 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-13 19:41 - 2016-06-14 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-13 19:41 - 2016-06-11 08:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 19:41 - 2016-06-11 06:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-13 19:41 - 2016-06-10 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-13 19:41 - 2016-06-10 23:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-13 19:41 - 2016-06-10 23:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-13 19:41 - 2016-06-10 23:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-13 19:41 - 2016-06-10 23:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-13 19:41 - 2016-06-10 23:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 19:41 - 2016-06-10 23:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-13 19:41 - 2016-06-10 23:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 19:41 - 2016-06-10 23:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-13 19:41 - 2016-06-10 23:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-13 19:41 - 2016-06-10 23:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 19:41 - 2016-06-10 23:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-13 19:41 - 2016-06-10 23:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-13 19:41 - 2016-06-10 23:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-13 19:41 - 2016-06-10 23:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 19:41 - 2016-06-10 23:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-13 19:41 - 2016-06-10 22:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-13 19:41 - 2016-06-10 22:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-13 19:41 - 2016-06-10 22:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 19:41 - 2016-06-10 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 19:41 - 2016-06-10 22:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-13 19:41 - 2016-06-10 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-13 19:41 - 2016-06-10 22:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 19:41 - 2016-06-10 22:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 19:41 - 2016-06-10 22:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-13 19:41 - 2016-06-10 22:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 19:41 - 2016-06-10 22:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 19:41 - 2016-06-10 22:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 19:41 - 2016-06-10 22:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-13 19:41 - 2016-06-10 22:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 19:41 - 2016-06-10 21:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 19:41 - 2016-06-10 21:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 19:41 - 2016-06-10 21:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 19:41 - 2016-06-10 21:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 19:41 - 2016-06-10 21:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-13 19:41 - 2016-06-10 20:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-13 19:41 - 2016-06-10 20:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-13 19:41 - 2016-06-10 20:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-13 19:41 - 2016-06-10 20:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-13 19:41 - 2016-06-10 20:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-13 19:41 - 2016-06-10 20:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-13 19:41 - 2016-06-10 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-13 19:41 - 2016-06-10 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-13 19:41 - 2016-06-10 20:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-13 19:41 - 2016-06-10 20:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-13 19:41 - 2016-06-10 20:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-13 19:41 - 2016-06-10 20:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-13 19:41 - 2016-06-10 20:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-13 19:41 - 2016-06-10 20:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-13 19:41 - 2016-06-10 20:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-13 19:41 - 2016-06-10 20:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-13 19:41 - 2016-06-10 20:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-13 19:41 - 2016-06-10 20:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-13 19:41 - 2016-06-10 20:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-13 19:41 - 2016-06-10 20:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-13 19:41 - 2016-06-10 20:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-13 19:41 - 2016-06-10 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-13 19:41 - 2016-06-10 20:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-13 19:41 - 2016-06-10 20:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-13 19:41 - 2016-06-10 20:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-13 19:41 - 2016-06-10 19:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-13 19:41 - 2016-06-10 19:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-13 19:41 - 2016-06-10 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-13 19:41 - 2016-06-10 19:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-12 13:31 - 2016-07-14 20:31 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-21 22:10 - 2016-06-21 22:10 - 00000000 ____D C:\ProgramData\Gaijin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-15 22:27 - 2016-01-03 19:34 - 00000000 ____D C:\FRST
2016-07-15 22:17 - 2009-07-14 06:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-15 22:17 - 2009-07-14 06:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-15 22:10 - 2016-02-03 20:39 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\Spotify
2016-07-15 22:09 - 2016-02-03 20:40 - 00000000 ____D C:\Users\Vitko\AppData\Local\Spotify
2016-07-15 22:09 - 2016-02-03 15:50 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-15 22:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-15 22:04 - 2016-01-04 01:31 - 00000000 ____D C:\AdwCleaner
2016-07-15 22:03 - 2016-02-03 15:50 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-15 21:31 - 2016-01-23 18:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-15 19:54 - 2015-12-17 19:19 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\uTorrent
2016-07-15 19:24 - 2015-12-11 22:54 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-07-15 19:24 - 2015-12-11 22:54 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-07-15 18:53 - 2015-12-11 22:54 - 00000000 ____D C:\Games
2016-07-15 11:05 - 2015-12-11 22:48 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-14 20:31 - 2016-01-23 18:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 20:31 - 2015-12-11 23:02 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 20:31 - 2015-12-11 23:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 20:24 - 2016-02-02 20:24 - 00000000 ____D C:\Users\Vitko\Documents\American Truck Simulator
2016-07-14 19:34 - 2015-12-10 16:03 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-14 19:33 - 2015-12-26 17:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-14 16:20 - 2016-05-09 20:22 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quadriga Games
2016-07-14 16:20 - 2016-05-09 20:15 - 00000000 ____D C:\Program Files (x86)\Quadriga Games
2016-07-14 16:17 - 2016-04-10 20:13 - 00000000 ____D C:\Program Files (x86)\Plant Firefighter Simulator 2014
2016-07-14 15:59 - 2016-05-26 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2016-07-14 15:59 - 2016-05-26 11:59 - 00000000 ____D C:\Program Files (x86)\Mr DJ
2016-07-14 15:31 - 2016-02-02 20:24 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2016-07-14 15:24 - 2015-12-19 13:14 - 00000000 ____D C:\Users\Vitko\Documents\My Games
2016-07-14 15:08 - 2015-12-09 22:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-14 14:58 - 2014-01-18 16:23 - 00000000 ___RD C:\Users\Vitko\Desktop\songs
2016-07-14 13:22 - 2015-12-09 22:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-14 13:06 - 2016-02-02 20:23 - 00000000 ____D C:\2-click run
2016-07-13 21:29 - 2009-07-14 06:45 - 00340688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-13 20:34 - 2015-12-10 15:34 - 00000000 ____D C:\Windows\system32\MRT
2016-07-13 20:30 - 2015-12-10 15:34 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-13 11:07 - 2015-12-11 23:02 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-12 17:31 - 2015-12-11 23:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-12 12:31 - 2015-12-11 23:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 12:31 - 2015-12-11 23:02 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-07 14:21 - 2016-02-01 16:32 - 00003858 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454337144
2016-07-07 14:21 - 2016-02-01 16:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-07 14:20 - 2015-12-14 14:54 - 00000000 ____D C:\Users\Vitko\AppData\Roaming\Skype
2016-07-07 14:17 - 2015-12-14 14:53 - 00000000 ____D C:\ProgramData\Skype
2016-07-03 17:32 - 2009-07-14 07:13 - 00781434 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-03 17:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-29 20:40 - 2015-12-19 13:14 - 00000000 ____D C:\WarThunder
2016-06-27 23:27 - 2016-01-08 12:14 - 00000000 ____D C:\Program Files (x86)\Crytek
2016-06-27 23:14 - 2015-12-17 19:21 - 00000000 ____D C:\ProgramData\GFACE
2016-06-24 22:21 - 2015-12-11 22:51 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-21 12:13 - 2010-11-21 05:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-19 13:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-18 09:28 - 2016-01-02 20:37 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

Some files in TEMP:
====================
C:\Users\Vitko\AppData\Local\Temp\2345Explorer_365146_silence.exe
C:\Users\Vitko\AppData\Local\Temp\388D.tmp.exe
C:\Users\Vitko\AppData\Local\Temp\58AB.tmp.exe
C:\Users\Vitko\AppData\Local\Temp\5E36.tmp.exe
C:\Users\Vitko\AppData\Local\Temp\Browser_V5.6.14087.7_r_4726_(Build1607010949).exe
C:\Users\Vitko\AppData\Local\Temp\comver.dll
C:\Users\Vitko\AppData\Local\Temp\fsd7F2D.exe
C:\Users\Vitko\AppData\Local\Temp\fsdDAE3.exe
C:\Users\Vitko\AppData\Local\Temp\libeay32.dll
C:\Users\Vitko\AppData\Local\Temp\msvcr120.dll
C:\Users\Vitko\AppData\Local\Temp\SIntf16.dll
C:\Users\Vitko\AppData\Local\Temp\SIntf32.dll
C:\Users\Vitko\AppData\Local\Temp\SIntfNT.dll
C:\Users\Vitko\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-07 16:25

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:292.87 GB) (Free:113.08 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Others) (Fixed) (Total:172.79 GB) (Free:114.81 GB) NTFS
Drive f: (HMA) (CDROM) (Total:14.18 GB) (Free:0 GB) CDFS

Available physical RAM: 2425.36 MB
Total physical RAM: 4078.65 MB
Percentage of memory in use: 40%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CD38CD38)
Partition 1: (Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Vitko\Desktop" je 7255 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#7 Příspěvek od **Rudy** » 15 črc 2016 22:03

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [svchost0] => "C:\Program Files (x86)\2345Soft\2345Explorer\2345Explorer.exe" -- "%1"
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\MountPoints2: {350ca561-ab3d-11e5-99c6-6c626d3db0c6} - F:\Setup.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HomePage: fikeselercutherjonocult -> hxxp://www.youndoo.com/?z=6eb071e31ace3 ... 07&type=hp
CHR StartupUrls: fikeselercutherjonocult -> "hxxp://www.youndoo.com/?z=6eb071e31ace3c3a713a ... 07&type=hp"
CHR DefaultSearchURL: fikeselercutherjonocult -> hxxp://www.youndoo.com/search/?q={searchTerms} ... 07&type=sp
CHR DefaultSearchKeyword: fikeselercutherjonocult -> youndoo
S2 GTFPOQUOTT Updater; C:\Program Files (x86)\GTFPOQUOTT Updater\GTFPOQUOTT Updater.exe [X]
C:\Users\Vitko\Documents\2345截图
C:\Users\Vitko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
C:\Program Files (x86)\2345Soft
C:\Users\Vitko\AppData\Local\2345Explorer
C:\Windows\System32\Tasks\Stejuse Nodifier
C:\Program Files (x86)\Qahatain
C:\Users\Vitko\AppData\Local\ckicuseanigightukoly
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Vitko\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Takový čurbes už jsem dlouho neviděl. Nedivte se: Samý crack, P2P sítě, atd.

Z logu:

Velikost slozky "C:\Users\Vitko\Desktop" je 7255 MB.

To je příliš mnoho a může to způsobovat zpomalení startu systému. Vytvořte v C:\Users\Vitko novou složku. Do ní přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte pro snazší přístup zástupce té složky.

031adam031 · #8 Příspěvek od **031adam031** » 15 črc 2016 22:12

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-07-2016 02
Ran by Vitko (2016-07-15 23:04:14) Run:2
Running from C:\Users\Vitko\Desktop
Loaded Profiles: Vitko (Available Profiles: Vitko)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\Run: [svchost0] => "C:\Program Files (x86)\2345Soft\2345Explorer\2345Explorer.exe" -- "%1"
HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\...\MountPoints2: {350ca561-ab3d-11e5-99c6-6c626d3db0c6} - F:\Setup.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HomePage: fikeselercutherjonocult -> hxxp://www.youndoo.com/?z=6eb071e31ace3 ... 07&type=hp
CHR StartupUrls: fikeselercutherjonocult -> "hxxp://www.youndoo.com/?z=6eb071e31ace3c3a713a ... 07&type=hp"
CHR DefaultSearchURL: fikeselercutherjonocult -> hxxp://www.youndoo.com/search/?q={searchTerms} ... 07&type=sp
CHR DefaultSearchKeyword: fikeselercutherjonocult -> youndoo
S2 GTFPOQUOTT Updater; C:\Program Files (x86)\GTFPOQUOTT Updater\GTFPOQUOTT Updater.exe [X]
C:\Users\Vitko\Documents\2345??
C:\Users\Vitko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???
C:\Program Files (x86)\2345Soft
C:\Users\Vitko\AppData\Local\2345Explorer
C:\Windows\System32\Tasks\Stejuse Nodifier
C:\Program Files (x86)\Qahatain
C:\Users\Vitko\AppData\Local\ckicuseanigightukoly
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Vitko\AppData\Local\Temp
End
*****************

HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\Software\Microsoft\Windows\CurrentVersion\Run\\svchost0 => value removed successfully
"HKU\S-1-5-21-3075929715-2878364320-3222794422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{350ca561-ab3d-11e5-99c6-6c626d3db0c6}" => key removed successfully
HKCR\CLSID\{350ca561-ab3d-11e5-99c6-6c626d3db0c6} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
GTFPOQUOTT Updater => service removed successfully
"C:\Users\Vitko\Documents\2345??" => not found.
"C:\Users\Vitko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???" => not found.
C:\Program Files (x86)\2345Soft => moved successfully
C:\Users\Vitko\AppData\Local\2345Explorer => moved successfully
C:\Windows\System32\Tasks\Stejuse Nodifier => moved successfully
C:\Program Files (x86)\Qahatain => moved successfully
C:\Users\Vitko\AppData\Local\ckicuseanigightukoly => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully

"C:\Users\Vitko\AppData\Local\Temp" folder move:

Could not move "C:\Users\Vitko\AppData\Local\Temp" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-15 23:06:11)

C:\Users\Vitko\AppData\Local\Temp => moved successfully

==== End of Fixlog 23:06:16 ====

#9 Příspěvek od **Rudy** » 15 črc 2016 22:26

Smazáno. Nastala nějaká změna?

031adam031 · #10 Příspěvek od **031adam031** » 15 črc 2016 22:48

Zatial to vyzerá dobre, budem to sledovať v priebehu dňa. Každopádne ďakujem za váš čas a ochotu a prepáčte mi za stav môjho pc. Hry su v dnešnej dobe tak drahé že si ich človek nemôže dovoliť

#11 Příspěvek od **Rudy** » 16 črc 2016 10:14

031adam031 píše:Zatial to vyzerá dobre, budem to sledovať v priebehu dňa. Každopádne ďakujem za váš čas a ochotu a prepáčte mi za stav môjho pc. Hry su v dnešnej dobe tak drahé že si ich človek nemôže dovoliť

Existují také ty free. Crack je ve své podstatě vir, pak se nemůžete divit, že se tohle stane. Musíte si vybrat mezi hrami a čistým a funkčním PC. Obojí nejde dohromady. Nemáte zač!

VIRY.CZ

pravdepodobne vírus

pravdepodobne vírus

Re: pravdepodobne vírus

Re: pravdepodobne vírus

Re: pravdepodobne vírus

Re: pravdepodobne vírus

Re: pravdepodobne vírus

Re: pravdepodobne vírus

Re: pravdepodobne vírus

Re: pravdepodobne vírus

Re: pravdepodobne vírus

Re: pravdepodobne vírus