Dobrý den,
Po stažení programu a následné instalaci mi automaticky program začal stahovat spoustu souborů (aliexpres...) a podobně. V systému je nainstalováno spousta zbytečností, pravděpodobně různé malwary.
Mohli byste se na to kouknout?
Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 01
Ran by Marťas (administrator) on DESKTOP-IMU1TCG (15-02-2017 17:14:03)
Running from C:\Users\Marťas\Desktop
Loaded Profiles: Marťas (Available Profiles: defaultuser0 & Marťas)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\ProgramData\NetworkPacketManitor\Nettrans.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-12-17] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-09-10] (ELAN Microelectronics Corp.)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\System32\rstrui.exe [268288 2016-07-16] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [OneDrive] => C:\Users\Marťas\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1517280 2017-01-13] (Microsoft Corporation) <===== ATTENTION
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [GoogleChromeAutoLaunch_F2169D7533533C5932816DA6EE4B0D3B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [MyComGames] => C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe [5013392 2017-02-14] (MY.COM B.V.) <===== ATTENTION
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [produpd] => "C:\Users\Marťas\AppData\Roaming\VDI\Shared\Product Updater\produpd.exe" /20506 <===== ATTENTION
HKLM\...\Providers\qs4j0wbq: C:\Program Files (x86)\Coitoy Manager\local64spl.dll [307200 2017-02-14] ()
AppInit_DLLs: C:\ProgramData\Ronzap\Stockin.dll => C:\ProgramData\Ronzap\Stockin.dll [358912 2017-02-15] ()
AppInit_DLLs-x32: C:\ProgramData\Ronzap\U-Zumstrong.dll => C:\ProgramData\Ronzap\U-Zumstrong.dll [248320 2017-02-15] ()
ShellExecuteHooks: No Name - {8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} - C:\Users\Marťas\AppData\Roaming\Grjelyckojule\Coosak.dll -> No File
Startup: C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monhost.lnk [2017-02-15] <===== ATTENTION
ShortcutTarget: monhost.lnk -> C:\Users\Marťas\AppData\Roaming\VDI\Shared\Product Updater\monhost.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{02c273f3-199c-452b-9e83-6cf7b4ac56ca}: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{03d29909-5cf5-4c48-9d1c-6d0c9b13c62d}: [DhcpNameServer] 10.0.0.1 10.0.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXN4MEBW77F2Ugl1z3UZCMgBCEU8cegflI9J2ph4-6lx77xh9b13Cx9zjSzaujmqg3qN89znXixBXCRYlNoNaPJzhF3kt&q={searchTerms}
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXNK-9KXdsNt4TNE5gx242qujwVNkv7VFQPatKgidUULgpokjiR3t_QNSkGSP9oKoVCfMXQBx0uNbS8L36e0FA8kWLIom
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXN4MEBW77F2Ugl1z3UZCMgBCEU8cegflI9J2ph4-6lx77xh9b13Cx9zjSzaujmqg3qN89znXixBXCRYlNoNaPJzhF3kt&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXN4MEBW77F2Ugl1z3UZCMgBCEU8cegflI9J2ph4-6lx77xh9b13Cx9zjSzaujmqg3qN89znXixBXCRYlNoNaPJzhF3kt&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXN4MEBW77F2Ugl1z3UZCMgBCEU8cegflI9J2ph4-6lx77xh9b13Cx9zjSzaujmqg3qN89znXixBXCRYlNoNaPJzhF3kt&q={searchTerms}
FireFox:
========
FF DefaultProfile: pjvuic15.default
FF ProfilePath: C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\pjvuic15.default\Profiles\pjvuic15.default [not found]
FF ProfilePath: C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\Profiles\pjvuic15.default [2017-02-15]
FF NewTab: Mozilla\Firefox\Profiles\pjvuic15.default -> C:\\ProgramData\\Ronzaps\\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\pjvuic15.default -> C:\\ProgramData\\Ronzaps\\ff.HP
FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2017-02-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-05] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1626131941-1098701557-2232362238-1001: @my.com/Games -> C:\Users\Marťas\AppData\Local\MyComGames\NPMyComDetector.dll [2017-02-12] (MY.COM B.V.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}& ... UH&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-15] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-08]
CHR Extension: (Dokumenty Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-08]
CHR Extension: (Disk Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-08]
CHR Extension: (YouTube) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-08]
CHR Extension: (Steam Inventory Helper) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-02-14]
CHR Extension: (Tabulky Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-08]
CHR Extension: (Splinter Search) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho [2017-02-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gndgngmogcnpkcbknmcgpnooljecgadk [2017-02-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-08]
CHR Extension: (Gmail) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328624 2015-10-07] (Intel Corporation)
R2 Nettrans; C:\ProgramData\NetworkPacketManitor\Nettrans.exe [43520 2017-02-15] () [File not signed]
S2 Ronzap; C:\ProgramData\\Ronzap\\Ronzap.exe [983040 2017-02-15] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Marťas\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-02-15] (TODO: <Company name>) [File not signed]
S2 WinSnare; C:\Users\Marťas\AppData\Roaming\WinSnare\WinSnare.dll [779776 2017-02-08] (InterSect Alliance Pty Ltd) [File not signed]
S2 serverss; C:\WINDOWS\Temp\E12D.tmp [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 FreshIO; C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [59840 2015-11-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410848 2015-08-13] (Realsil Semiconductor Corporation)
S1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-15 17:14 - 2017-02-15 17:14 - 00014491 _____ C:\Users\Marťas\Desktop\FRST.txt
2017-02-15 17:13 - 2017-02-15 17:14 - 00000000 ____D C:\FRST
2017-02-15 17:13 - 2017-02-15 17:13 - 02422272 _____ (Farbar) C:\Users\Marťas\Desktop\FRST64.exe
2017-02-15 17:13 - 2017-02-15 17:13 - 00112640 _____ (forum.viry.cz) C:\Users\Marťas\Desktop\FRSTLauncher.exe
2017-02-15 14:47 - 2017-02-15 14:47 - 00003744 _____ C:\WINDOWS\System32\Tasks\{FF362657-05F5-418A-B833-872C21AA43F5}
2017-02-15 14:16 - 2017-02-15 14:16 - 00000000 ___HD C:\$AV_ASW
2017-02-15 14:16 - 2017-02-15 14:16 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG\AppData\Roaming\AVAST Software
2017-02-15 14:15 - 2017-02-15 14:20 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG\AppData\Local\Packages
2017-02-15 14:15 - 2017-02-15 14:20 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG
2017-02-15 14:15 - 2017-02-15 14:15 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVAST Software
2017-02-15 14:11 - 2017-02-15 14:11 - 00000000 ____D C:\Users\Default\AppData\Local\NetworkTiles
2017-02-15 14:11 - 2017-02-15 14:11 - 00000000 ____D C:\Users\Default User\AppData\Local\NetworkTiles
2017-02-15 14:10 - 2017-02-15 14:15 - 00000000 ____D C:\Users\TEMP
2017-02-15 14:08 - 2017-02-15 14:08 - 00000000 ____D C:\Users\Default\winhttp
2017-02-15 13:34 - 2017-02-15 13:34 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\AVAST Software
2017-02-15 13:33 - 2017-02-15 13:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-15 13:22 - 2017-02-15 13:22 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\SMRecorder
2017-02-15 13:21 - 2017-02-15 13:21 - 00000000 ____D C:\Users\Marťas\Documents\SMRecorder
2017-02-15 13:16 - 2017-02-15 13:38 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-15 13:16 - 2017-02-15 13:38 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-15 13:09 - 2017-02-15 13:09 - 00000000 ____D C:\Program Files (x86)\qs4j0wbq
2017-02-15 12:28 - 2017-02-15 12:28 - 00003334 _____ C:\WINDOWS\System32\Tasks\psv_Dentola
2017-02-15 12:27 - 2017-02-15 14:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-15 11:38 - 2017-02-15 11:38 - 00003306 _____ C:\WINDOWS\System32\Tasks\psv_S-it
2017-02-15 11:35 - 2017-02-15 12:31 - 00003658 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-15 11:33 - 2017-02-15 11:33 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Zaamtax
2017-02-15 11:28 - 2017-02-15 11:28 - 00003692 _____ C:\WINDOWS\System32\Tasks\WinTOOL
2017-02-15 11:27 - 2017-02-15 14:45 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.0)
2017-02-15 11:27 - 2017-02-15 14:40 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\WinSnare
2017-02-15 11:27 - 2017-02-15 14:40 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\WinSAPSvc
2017-02-15 11:27 - 2017-02-15 14:40 - 00000000 ____D C:\ProgramData\wintools
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\MIO
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader
2017-02-15 11:26 - 2017-02-15 11:26 - 00003668 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-02-15 11:26 - 2017-02-15 11:26 - 00003354 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-02-15 11:25 - 2017-02-15 13:04 - 00000000 ____D C:\Program Files\qs4j0wbq
2017-02-15 11:25 - 2017-02-15 11:25 - 00034328 _____ (Sysinternals - http://www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-15 11:24 - 2017-02-15 11:24 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Unilax
2017-02-15 08:15 - 2017-02-15 08:15 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-02-15 08:11 - 2017-02-15 14:24 - 00000000 ____D C:\Users\Marťas\AppData\Local\UCBrowser
2017-02-15 08:11 - 2017-02-15 08:11 - 00000000 ____D C:\Users\Marťas\AppData\Local\NoxInsPackFileder
2017-02-15 08:11 - 2017-02-15 08:11 - 00000000 ____D C:\Users\Marťas\AppData\Local\Nox
2017-02-15 08:02 - 2017-02-15 14:46 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-15 07:52 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\xxx
2017-02-15 07:51 - 2017-02-15 14:40 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\gplyra
2017-02-15 07:49 - 2017-02-15 14:40 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Seznam.cz
2017-02-15 07:48 - 2017-02-15 14:23 - 00000000 ____D C:\Program Files (x86)\ContentPush
2017-02-15 07:47 - 2017-02-15 07:47 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\VDI
2017-02-15 07:45 - 2017-02-15 07:45 - 00000000 ____D C:\ProgramData\078aa905-6553-1
2017-02-15 07:45 - 2017-02-15 07:45 - 00000000 ____D C:\ProgramData\078aa905-0147-0
2017-02-15 07:41 - 2017-02-15 08:17 - 00000000 ____D C:\ProgramData\Logic Handler
2017-02-15 07:41 - 2017-02-15 07:41 - 01938536 _____ C:\Users\Marťas\AppData\Roaming\Y-zap.bin
2017-02-15 07:41 - 2017-02-15 07:41 - 00136827 _____ () C:\Users\Marťas\AppData\Roaming\Dongnix.bin
2017-02-15 07:41 - 2017-02-15 07:41 - 00002398 _____ C:\WINDOWS\SysWOW64\findit.xml
2017-02-15 07:41 - 2017-02-15 07:41 - 00000000 ____D C:\ProgramData\Ronzaps
2017-02-15 07:40 - 2017-02-15 14:40 - 00000000 ____D C:\ProgramData\Ronzap
2017-02-15 07:40 - 2017-02-15 14:40 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2017-02-15 07:40 - 2017-02-15 07:40 - 07319040 _____ C:\Users\Marťas\AppData\Roaming\agent.dat
2017-02-15 07:40 - 2017-02-15 07:40 - 01908169 _____ C:\Users\Marťas\AppData\Roaming\Mathbam.tst
2017-02-15 07:40 - 2017-02-15 07:40 - 00278518 _____ C:\Users\Marťas\AppData\Roaming\Inch-Lab.bin
2017-02-15 07:40 - 2017-02-15 07:40 - 00126464 _____ C:\Users\Marťas\AppData\Roaming\noah.dat
2017-02-15 07:40 - 2017-02-15 07:40 - 00070752 _____ C:\Users\Marťas\AppData\Roaming\Config.xml
2017-02-15 07:40 - 2017-02-15 07:40 - 00018432 _____ C:\Users\Marťas\AppData\Roaming\Main.dat
2017-02-15 07:40 - 2017-02-15 07:40 - 00005568 _____ C:\Users\Marťas\AppData\Roaming\md.xml
2017-02-15 07:40 - 2017-02-15 07:39 - 00983040 _____ C:\Users\Marťas\AppData\Roaming\Mathbam.exe
2017-02-15 07:39 - 2017-02-15 07:40 - 00019056 _____ C:\Users\Marťas\AppData\Roaming\InstallationConfiguration.xml
2017-02-15 07:39 - 2017-02-15 07:39 - 00140288 _____ C:\Users\Marťas\AppData\Roaming\Installer.dat
2017-02-15 07:39 - 2017-02-15 07:39 - 00001194 _____ C:\Users\Public\Desktop\SMRecorder.lnk
2017-02-15 07:39 - 2017-02-15 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMRecorder
2017-02-15 07:39 - 2017-02-15 07:39 - 00000000 ____D C:\Program Files (x86)\SMRecorder
2017-02-14 22:17 - 2017-02-14 22:18 - 00000270 __RSH C:\Users\Marťas\ntuser.pol
2017-02-14 22:16 - 2017-02-14 22:16 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-14 22:16 - 2017-02-14 22:16 - 00003396 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-02-14 22:16 - 2017-02-14 22:16 - 00003076 _____ C:\WINDOWS\System32\Tasks\Update Service for Youtube AdBlock2
2017-02-14 22:16 - 2017-02-14 22:16 - 00003042 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Marťas)
2017-02-14 22:16 - 2017-02-14 22:16 - 00000368 _____ C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Marťas\AppData\LocalLow\IObit
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Marťas\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\ProgramData\IObit
2017-02-14 22:15 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Public\Thunder Network
2017-02-14 22:15 - 2017-02-14 22:15 - 00000000 ____D C:\ProgramData\Thunder Network
2017-02-14 22:15 - 2017-02-14 22:15 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-14 22:14 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlock
2017-02-14 22:14 - 2017-02-15 11:32 - 00000000 ____D C:\Program Files (x86)\Buluwardatacack
2017-02-14 22:14 - 2017-02-15 08:14 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Grjelyckojule
2017-02-14 22:14 - 2017-02-14 22:15 - 00000000 ____D C:\Users\Marンas\AppData\Local\Ghezeent
2017-02-14 22:14 - 2017-02-14 22:14 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marンas
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\IObit
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marťas\AppData\Local\Ghezeent
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Program Files (x86)\Coitoy Manager
2017-02-14 22:07 - 2017-02-14 22:26 - 00000000 ____D C:\Users\Marťas\AppData\Local\Dxtory Software
2017-02-14 22:07 - 2017-02-14 22:07 - 00001198 _____ C:\Users\Marťas\Desktop\Dxtory.lnk
2017-02-14 22:07 - 2017-02-14 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2017-02-14 22:07 - 2017-02-14 22:07 - 00000000 ____D C:\Program Files (x86)\ExKode
2017-02-14 22:07 - 2015-08-10 16:00 - 02606144 _____ (ExKode Co. Ltd.) C:\WINDOWS\system32\DxtoryCodec.dll
2017-02-14 22:07 - 2015-08-10 16:00 - 02499648 _____ (ExKode Co. Ltd.) C:\WINDOWS\SysWOW64\DxtoryCodec.dll
2017-02-12 08:16 - 2017-02-12 08:16 - 00002098 _____ C:\Users\Marťas\Desktop\My.com Game Center.lnk
2017-02-12 07:13 - 2017-02-12 07:13 - 00000000 ____D C:\Users\Marťas\AppData\Local\CrashRpt
2017-02-12 06:55 - 2017-02-12 07:12 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2017-02-12 06:54 - 2017-02-15 15:50 - 00000000 ____D C:\Users\Marťas\AppData\Local\MyComGames
2017-02-11 21:08 - 2017-02-11 21:08 - 00000222 _____ C:\Users\Marťas\Desktop\Warface.url
2017-02-08 17:48 - 2017-02-15 17:14 - 00002556 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-08 17:48 - 2017-02-15 17:14 - 00002544 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 17:46 - 2017-02-08 17:55 - 00000000 ____D C:\Users\Marťas\AppData\Local\Google
2017-02-08 17:46 - 2017-02-08 17:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-06 16:14 - 2017-02-06 16:14 - 00000000 ____D C:\Users\Marťas\AppData\Local\Macromedia
2017-02-06 13:35 - 2017-02-06 13:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-02-05 00:17 - 2017-02-05 00:19 - 00000000 ____D C:\Users\Marťas\AppData\Local\Adobe
2017-01-25 14:42 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:42 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 14:35 - 2017-01-24 14:35 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\BANDISOFT
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\Users\Marťas\Documents\Bandicam
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\Program Files (x86)\Bandicam
2017-01-23 16:47 - 2017-02-13 08:40 - 00000000 ____D C:\Users\Marťas\Desktop\Plocha
2017-01-18 21:51 - 2017-02-13 08:40 - 00000000 ____D C:\Users\Marťas\Desktop\Lyže
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-15 17:14 - 2016-12-17 16:19 - 00001260 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-15 17:10 - 2016-12-17 16:19 - 00000000 ____D C:\Users\Marťas\AppData\LocalLow\Mozilla
2017-02-15 15:50 - 2016-12-17 16:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-15 14:50 - 2016-12-17 15:55 - 01867170 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-15 14:50 - 2016-07-16 23:25 - 00677242 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-15 14:50 - 2016-07-16 23:25 - 00153510 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-15 14:44 - 2016-12-17 19:46 - 00000000 __SHD C:\Users\Marťas\IntelGraphicsProfiles
2017-02-15 14:44 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-15 14:43 - 2016-12-17 19:50 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-02-15 14:43 - 2016-12-17 15:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-15 14:40 - 2017-01-09 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreshDevices
2017-02-15 14:40 - 2017-01-09 18:21 - 00000000 ____D C:\Program Files (x86)\FreshDevices
2017-02-15 14:40 - 2016-12-17 16:26 - 00000000 ____D C:\Program Files\Intel
2017-02-15 14:40 - 2016-12-17 16:00 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Skype
2017-02-15 14:40 - 2016-12-17 15:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-15 14:40 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-15 14:37 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-15 14:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration
2017-02-15 14:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 14:24 - 2016-12-17 15:55 - 00000000 ____D C:\Users\Marťas
2017-02-15 14:24 - 2016-12-17 15:51 - 00000000 ____D C:\Users\defaultuser0
2017-02-15 14:15 - 2016-12-17 15:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-15 13:44 - 2016-12-17 15:59 - 00000000 ___RD C:\Users\Marťas\OneDrive
2017-02-15 12:25 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-02-15 12:23 - 2016-12-17 16:28 - 00000436 _____ C:\Users\Marťas\Desktop\Tento počítač.lnk
2017-02-15 07:52 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-14 22:14 - 2016-12-17 15:56 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Adobe
2017-02-14 22:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Škola
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Reniny dorty
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Fotečky
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Epic moments
2017-02-12 22:37 - 2016-11-23 13:59 - 00000000 ____D C:\Games
2017-02-09 14:20 - 2016-12-17 15:56 - 00000000 ____D C:\Users\Marťas\AppData\Local\VirtualStore
2017-02-09 12:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-06 19:45 - 2016-12-25 09:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-06 15:59 - 2016-12-24 22:46 - 00000222 _____ C:\Users\Marťas\Desktop\Rebel Galaxy.url
2017-02-05 00:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-31 16:34 - 2016-12-17 16:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-31 16:34 - 2016-12-17 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-31 15:38 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
==================== Files in the root of some directories =======
2017-02-15 07:40 - 2017-02-15 07:40 - 7319040 _____ () C:\Users\Marťas\AppData\Roaming\agent.dat
2017-02-15 07:51 - 2017-02-15 07:51 - 0023622 _____ () C:\Users\Marťas\AppData\Roaming\aliexpress.ico
2017-02-15 07:50 - 2017-02-15 07:51 - 0099678 _____ () C:\Users\Marťas\AppData\Roaming\booking.ico
2017-02-15 07:40 - 2017-02-15 07:40 - 0070752 _____ () C:\Users\Marťas\AppData\Roaming\Config.xml
2017-02-15 07:41 - 2017-02-15 07:41 - 0136827 _____ () C:\Users\Marťas\AppData\Roaming\Dongnix.bin
2017-02-15 07:40 - 2017-02-15 07:40 - 0278518 _____ () C:\Users\Marťas\AppData\Roaming\Inch-Lab.bin
2017-02-15 07:39 - 2017-02-15 07:40 - 0019056 _____ () C:\Users\Marťas\AppData\Roaming\InstallationConfiguration.xml
2017-02-15 07:39 - 2017-02-15 07:39 - 0140288 _____ () C:\Users\Marťas\AppData\Roaming\Installer.dat
2017-02-15 07:40 - 2017-02-15 07:40 - 0018432 _____ () C:\Users\Marťas\AppData\Roaming\Main.dat
2017-02-15 07:40 - 2017-02-15 07:39 - 0983040 _____ () C:\Users\Marťas\AppData\Roaming\Mathbam.exe
2017-02-15 07:40 - 2017-02-15 07:40 - 1908169 _____ () C:\Users\Marťas\AppData\Roaming\Mathbam.tst
2017-02-15 07:40 - 2017-02-15 07:40 - 0005568 _____ () C:\Users\Marťas\AppData\Roaming\md.xml
2017-02-15 07:40 - 2017-02-15 07:40 - 0126464 _____ () C:\Users\Marťas\AppData\Roaming\noah.dat
2017-02-15 07:42 - 2017-02-15 07:42 - 0001150 _____ () C:\Users\Marťas\AppData\Roaming\uninstall_temp.ico
2017-02-15 07:41 - 2017-02-15 07:41 - 1938536 _____ () C:\Users\Marťas\AppData\Roaming\Y-zap.bin
2016-12-17 16:01 - 2016-12-17 16:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Marťas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe
Some files in TEMP:
====================
2017-02-14 22:14 - 2017-02-14 22:14 - 17628560 _____ (IObit ) C:\Users\Marťas\AppData\Local\Temp\5CCE.tmp.exe
2017-02-15 07:50 - 2017-02-15 07:50 - 1171283 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\8766.tmp.exe
2017-02-14 22:14 - 2017-02-14 22:14 - 2315388 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\AutoTime51495.exe
2013-08-05 07:15 - 2013-08-05 07:15 - 4292136 _____ (http://www.Bandisoft.com) C:\Users\Marťas\AppData\Local\Temp\bdfilters.dll
2017-02-15 07:58 - 2017-02-15 08:00 - 51198352 _____ (UCWeb Inc.) C:\Users\Marťas\AppData\Local\Temp\Browser_V6.0.1121.13_r_4727_(Build1612191708).exe
2017-02-15 08:11 - 2017-02-15 08:11 - 1171283 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\C713.tmp.exe
2017-02-15 07:48 - 2017-02-15 07:48 - 0237624 _____ () C:\Users\Marťas\AppData\Local\Temp\ContentPushSetup.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0550404 _____ () C:\Users\Marťas\AppData\Local\Temp\DBUpdater.exe
2017-02-14 22:14 - 2017-02-14 22:14 - 0075264 _____ () C:\Users\Marťas\AppData\Local\Temp\DriverBoosterSetup.exe
2017-02-14 22:19 - 2003-02-25 13:44 - 0021019 _____ () C:\Users\Marťas\AppData\Local\Temp\guninst.exe
2017-02-15 11:27 - 2017-02-15 11:27 - 26964688 _____ () C:\Users\Marťas\AppData\Local\Temp\inst12.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0983040 _____ () C:\Users\Marťas\AppData\Local\Temp\linker.exe
2017-02-15 07:49 - 2017-02-15 07:49 - 8585520 _____ () C:\Users\Marťas\AppData\Local\Temp\listicka-partner-16194-1.1.8-offline.exe
2017-02-15 08:11 - 2017-02-15 08:11 - 1575048 _____ (Duodian Technology Co. Ltd.) C:\Users\Marťas\AppData\Local\Temp\nox_setup_v3.8.0.0_dl_intl.exe
2016-11-06 09:21 - 2016-11-06 09:21 - 0109568 _____ () C:\Users\Marťas\AppData\Local\Temp\nsu2EFD.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0351232 _____ () C:\Users\Marťas\AppData\Local\Temp\prepreinstaller_win.exe
2007-11-07 15:15 - 2007-11-07 15:15 - 1821192 _____ (Microsoft Corporation) C:\Users\Marťas\AppData\Local\Temp\smd_runtime.exe
2017-02-14 22:13 - 2017-02-14 22:14 - 2984392 _____ () C:\Users\Marťas\AppData\Local\Temp\sys32.exe
2017-02-15 07:42 - 2017-02-15 07:44 - 4446120 _____ () C:\Users\Marťas\AppData\Local\Temp\SystemHealer.exe
2017-02-15 07:48 - 2017-02-15 07:49 - 1821696 _____ () C:\Users\Marťas\AppData\Local\Temp\WindowsUpdateKB12695__7428_il1.exe
2017-02-14 22:13 - 2017-02-14 22:13 - 2560943 _____ () C:\Users\Marťas\AppData\Local\Temp\yt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-14 22:33
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vir po stažení programu na snímaní plochy
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Vir po stažení programu na snímaní plochy
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 01
Ran by Marťas (15-02-2017 17:16:04)
Running from C:\Users\Marťas\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-17 14:52:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1626131941-1098701557-2232362238-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1626131941-1098701557-2232362238-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1626131941-1098701557-2232362238-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1626131941-1098701557-2232362238-501 - Limited - Disabled)
Marťas (S-1-5-21-1626131941-1098701557-2232362238-1001 - Administrator - Enabled) => C:\Users\Marťas
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.0.1175 - Bandisoft.com)
BikaQ Rss Reader (HKLM-x32\...\{56B2B28A-E663-4D28-84A3-3846068A7D63}) (Version: 1.0.0 - BikaQ)
ContentPush (HKLM-x32\...\ContentPush) (Version: - ) <==== ATTENTION
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Dxtory version 2.0.136 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.136 - ExKode Co. Ltd.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
My.com Game Center (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\MyComGames) (Version: 3.195 - My.com B.V.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
Rebel Galaxy (HKLM\...\Steam App 290300) (Version: - Double Damage Games)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SMRecorder 1.1.9 (HKLM-x32\...\SMRecorder) (Version: 1.1.9 - SMRecorder)
SnapDo (HKLM-x32\...\{525A3CDD-2E1E-455A-AC13-6451B14AD793}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Warface (HKLM\...\Steam App 291480) (Version: - Crytek)
Warface My.Com (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Warface My.Com) (Version: 1.27 - My.com B.V.)
World of Tanks (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {110CF65E-5C9E-421F-A2B1-6D2FD30C5C8D} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRssReader\BikaQ.exe [2016-12-06] (IEC)
Task: {2175FBEE-1BBC-4F8B-A98C-1A7AFC6D54A6} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-15] (UC Web Inc.) <==== ATTENTION
Task: {2606F025-A048-4A83-9287-83B63090DFD1} - System32\Tasks\psv_S-it => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Trioflex.reg" & del "C:\ProgramData\Ronzap\Trioflex.reg" & SCHTASKS /Delete /TN "psv_S-it" /F <==== ATTENTION
Task: {8251CAD0-20A2-4770-A0F5-59C63329B24A} - System32\Tasks\psv_Unilax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Volt-Dex.reg" & del "C:\ProgramData\Ronzap\Volt-Dex.reg" & SCHTASKS /Delete /TN "psv_Unilax" /F <==== ATTENTION
Task: {987166B1-06D4-4A3E-996C-1BB63F776906} - System32\Tasks\{FF362657-05F5-418A-B833-872C21AA43F5} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ronphase\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Ronphase\uninstall.dat" -a uninstallme 525A3CDD-2E1E-455A-AC13-6451B14AD793 DeviceId=bb66f1ad-b56f-4fb3-3283-85b1ecb12e29 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {9D41798C-EF5E-421C-B8A0-64DDA3841A78} - System32\Tasks\psv_Dentola => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\SoftKeytouch.reg" & del "C:\ProgramData\Ronzap\SoftKeytouch.reg" & SCHTASKS /Delete /TN "psv_Dentola" /F <==== ATTENTION
Task: {A06BDBB7-C19F-46CF-8F95-4694D7430CE3} - System32\Tasks\psv_Zaamtax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Xxx-eco.reg" & del "C:\ProgramData\Ronzap\Xxx-eco.reg" & SCHTASKS /Delete /TN "psv_Zaamtax" /F <==== ATTENTION
Task: {B74CD506-C19A-4886-A7A2-D405417E2663} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe [2017-02-15] ()
Task: {CFF66CC4-368E-4675-89E8-7E853157DFE8} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Marťas\AppData\Roaming\Adobe\Manager.exe [2017-02-14] ()
Task: {D91394DA-3B21-4832-9EB2-604E7A03E4D6} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-15] ()
Task: {DD3E22CA-0EA0-41A0-A16D-F31AD7C8CFED} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job =>
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-14 22:14 - 2017-02-14 22:14 - 00307200 _____ () C:\Program Files (x86)\Coitoy Manager\local64spl.dll
2017-02-15 07:40 - 2017-02-15 08:35 - 00043520 _____ () C:\ProgramData\NetworkPacketManitor\Nettrans.exe
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 20:21 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:20 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:20 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 13:35 - 2017-02-06 13:35 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-12-17 18:38 - 2016-12-17 18:44 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-02-01 13:16 - 2017-02-01 13:16 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2017-01-25 14:08 - 2017-01-25 14:08 - 03865600 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-17 16:09 - 2016-12-23 19:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-17 16:09 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-17 16:15 - 2017-01-05 04:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-12-17 16:09 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [371912]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2017-02-15 08:05 - 00008603 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.1 - 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5DE2EBB5-5B1A-4CAB-AA4B-5807BAA907E9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08A22725-E8AF-421A-9FE2-04C81CD6AC0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9FC27A19-7CCD-4EFB-8E2B-2168212510CC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{676DFBE9-39F6-436A-B555-095CFC2FBDE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F64412CF-C484-47BD-919D-8D41325C2591}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3DEAA16-2D88-469E-A4EA-2499A1AF734B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F17C0C64-452D-439B-B046-160144278057}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3CC2C7B6-47CB-4A89-BE19-38ED8A339FE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6019CAFA-C564-44D9-AFC0-2A9C208E5813}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A9767C93-CEA0-4FC2-B682-1B5F97D29232}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AE095E22-8C5C-46E1-B14D-68D4A2498A12}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{269E2527-3FBC-4DA5-826F-0D2E07228E9B}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1DF0FB93-51A4-459B-BD23-C9748CDFB29C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{03A197A2-CF15-4BAD-ADA1-DAE87D88345D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{7D5EA29D-17FD-477D-A5E5-E98BC0CBE50B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{9A25E597-E220-4FFB-8E26-1C6C758D9FC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F330A79B-523F-4B99-AF25-BA38E8BC48E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{5B93A760-1409-4A6D-842D-EFEE01F6D8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [TCP Query User{246F3508-79FE-4F62-BA3E-BB8266005F7A}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{C6613F0F-3F9F-4008-B787-5FED8B3E6081}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe
==================== Restore Points =========================
31-01-2017 15:10:32 Windows Update
06-02-2017 13:33:54 Windows Update
15-02-2017 07:50:34 Instalační služba modulů systému Windows
15-02-2017 07:51:47 Instalační služba modulů systému Windows
15-02-2017 12:33:30 Operace obnovení
==================== Faulty Device Manager Devices =============
Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2017 02:20:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP.DESKTOP-IMU1TCG>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.
PODROBNOSTI – Adresář není prázdný.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat
Error: (02/15/2017 02:15:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.
PODROBNOSTI – Adresář není prázdný.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat
System errors:
=============
Error: (02/15/2017 03:40:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba WinSnare byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 21600000 milisekund: Restartovat službu.
Error: (02/15/2017 02:47:33 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IMU1TCG)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli DESKTOP-IMU1TCG\Marťas (SID: S-1-5-21-1626131941-1098701557-2232362238-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 02:46:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IMU1TCG)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli DESKTOP-IMU1TCG\Marťas (SID: S-1-5-21-1626131941-1098701557-2232362238-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 02:46:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IMU1TCG)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli DESKTOP-IMU1TCG\Marťas (SID: S-1-5-21-1626131941-1098701557-2232362238-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 02:44:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 02:43:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_39b87 byla ukončena s následující chybou:
Nespecifikovaná chyba
Error: (02/15/2017 02:43:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Intel(R) Content Protection HECI Service byla ukončena s následující chybou:
%%2147942659 = Žádná další data nejsou k dispozici.
Error: (02/15/2017 02:43:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Ronzap neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (02/15/2017 02:43:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Ronzap bylo dosaženo časového limitu (30000 ms).
Error: (02/15/2017 02:43:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
CodeIntegrity:
===================================
Date: 2017-02-15 16:06:06.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:44:19.485
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:43:08.213
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:42:11.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:31.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.983
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.860
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.705
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\wcwfnsjvghnrfrjyu.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.628
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\wcwfnsjvghnrfrjyu.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 38%
Total physical RAM: 3977.98 MB
Available physical RAM: 2462.03 MB
Total Virtual: 4681.98 MB
Available Virtual: 2573.56 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:449.63 GB) (Free:367.59 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 042A475B)
Partition: GPT.
==================== End of Addition.txt ============================
Ran by Marťas (15-02-2017 17:16:04)
Running from C:\Users\Marťas\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-17 14:52:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1626131941-1098701557-2232362238-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1626131941-1098701557-2232362238-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1626131941-1098701557-2232362238-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1626131941-1098701557-2232362238-501 - Limited - Disabled)
Marťas (S-1-5-21-1626131941-1098701557-2232362238-1001 - Administrator - Enabled) => C:\Users\Marťas
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.0.1175 - Bandisoft.com)
BikaQ Rss Reader (HKLM-x32\...\{56B2B28A-E663-4D28-84A3-3846068A7D63}) (Version: 1.0.0 - BikaQ)
ContentPush (HKLM-x32\...\ContentPush) (Version: - ) <==== ATTENTION
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Dxtory version 2.0.136 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.136 - ExKode Co. Ltd.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
My.com Game Center (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\MyComGames) (Version: 3.195 - My.com B.V.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
Rebel Galaxy (HKLM\...\Steam App 290300) (Version: - Double Damage Games)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SMRecorder 1.1.9 (HKLM-x32\...\SMRecorder) (Version: 1.1.9 - SMRecorder)
SnapDo (HKLM-x32\...\{525A3CDD-2E1E-455A-AC13-6451B14AD793}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Warface (HKLM\...\Steam App 291480) (Version: - Crytek)
Warface My.Com (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Warface My.Com) (Version: 1.27 - My.com B.V.)
World of Tanks (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {110CF65E-5C9E-421F-A2B1-6D2FD30C5C8D} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRssReader\BikaQ.exe [2016-12-06] (IEC)
Task: {2175FBEE-1BBC-4F8B-A98C-1A7AFC6D54A6} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-15] (UC Web Inc.) <==== ATTENTION
Task: {2606F025-A048-4A83-9287-83B63090DFD1} - System32\Tasks\psv_S-it => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Trioflex.reg" & del "C:\ProgramData\Ronzap\Trioflex.reg" & SCHTASKS /Delete /TN "psv_S-it" /F <==== ATTENTION
Task: {8251CAD0-20A2-4770-A0F5-59C63329B24A} - System32\Tasks\psv_Unilax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Volt-Dex.reg" & del "C:\ProgramData\Ronzap\Volt-Dex.reg" & SCHTASKS /Delete /TN "psv_Unilax" /F <==== ATTENTION
Task: {987166B1-06D4-4A3E-996C-1BB63F776906} - System32\Tasks\{FF362657-05F5-418A-B833-872C21AA43F5} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ronphase\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Ronphase\uninstall.dat" -a uninstallme 525A3CDD-2E1E-455A-AC13-6451B14AD793 DeviceId=bb66f1ad-b56f-4fb3-3283-85b1ecb12e29 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {9D41798C-EF5E-421C-B8A0-64DDA3841A78} - System32\Tasks\psv_Dentola => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\SoftKeytouch.reg" & del "C:\ProgramData\Ronzap\SoftKeytouch.reg" & SCHTASKS /Delete /TN "psv_Dentola" /F <==== ATTENTION
Task: {A06BDBB7-C19F-46CF-8F95-4694D7430CE3} - System32\Tasks\psv_Zaamtax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Xxx-eco.reg" & del "C:\ProgramData\Ronzap\Xxx-eco.reg" & SCHTASKS /Delete /TN "psv_Zaamtax" /F <==== ATTENTION
Task: {B74CD506-C19A-4886-A7A2-D405417E2663} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe [2017-02-15] ()
Task: {CFF66CC4-368E-4675-89E8-7E853157DFE8} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Marťas\AppData\Roaming\Adobe\Manager.exe [2017-02-14] ()
Task: {D91394DA-3B21-4832-9EB2-604E7A03E4D6} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-15] ()
Task: {DD3E22CA-0EA0-41A0-A16D-F31AD7C8CFED} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job =>
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-14 22:14 - 2017-02-14 22:14 - 00307200 _____ () C:\Program Files (x86)\Coitoy Manager\local64spl.dll
2017-02-15 07:40 - 2017-02-15 08:35 - 00043520 _____ () C:\ProgramData\NetworkPacketManitor\Nettrans.exe
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 20:21 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:20 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:20 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 13:35 - 2017-02-06 13:35 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-12-17 18:38 - 2016-12-17 18:44 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-02-01 13:16 - 2017-02-01 13:16 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2017-01-25 14:08 - 2017-01-25 14:08 - 03865600 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-17 16:09 - 2016-12-23 19:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-17 16:09 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-17 16:15 - 2017-01-05 04:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-12-17 16:09 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [371912]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2017-02-15 08:05 - 00008603 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.1 - 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5DE2EBB5-5B1A-4CAB-AA4B-5807BAA907E9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08A22725-E8AF-421A-9FE2-04C81CD6AC0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9FC27A19-7CCD-4EFB-8E2B-2168212510CC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{676DFBE9-39F6-436A-B555-095CFC2FBDE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F64412CF-C484-47BD-919D-8D41325C2591}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3DEAA16-2D88-469E-A4EA-2499A1AF734B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F17C0C64-452D-439B-B046-160144278057}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3CC2C7B6-47CB-4A89-BE19-38ED8A339FE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6019CAFA-C564-44D9-AFC0-2A9C208E5813}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A9767C93-CEA0-4FC2-B682-1B5F97D29232}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AE095E22-8C5C-46E1-B14D-68D4A2498A12}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{269E2527-3FBC-4DA5-826F-0D2E07228E9B}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1DF0FB93-51A4-459B-BD23-C9748CDFB29C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{03A197A2-CF15-4BAD-ADA1-DAE87D88345D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{7D5EA29D-17FD-477D-A5E5-E98BC0CBE50B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{9A25E597-E220-4FFB-8E26-1C6C758D9FC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F330A79B-523F-4B99-AF25-BA38E8BC48E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{5B93A760-1409-4A6D-842D-EFEE01F6D8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [TCP Query User{246F3508-79FE-4F62-BA3E-BB8266005F7A}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{C6613F0F-3F9F-4008-B787-5FED8B3E6081}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe
==================== Restore Points =========================
31-01-2017 15:10:32 Windows Update
06-02-2017 13:33:54 Windows Update
15-02-2017 07:50:34 Instalační služba modulů systému Windows
15-02-2017 07:51:47 Instalační služba modulů systému Windows
15-02-2017 12:33:30 Operace obnovení
==================== Faulty Device Manager Devices =============
Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2017 02:20:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP.DESKTOP-IMU1TCG>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.
PODROBNOSTI – Adresář není prázdný.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat
Error: (02/15/2017 02:15:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.
PODROBNOSTI – Adresář není prázdný.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat
System errors:
=============
Error: (02/15/2017 03:40:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba WinSnare byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 21600000 milisekund: Restartovat službu.
Error: (02/15/2017 02:47:33 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IMU1TCG)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli DESKTOP-IMU1TCG\Marťas (SID: S-1-5-21-1626131941-1098701557-2232362238-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 02:46:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IMU1TCG)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli DESKTOP-IMU1TCG\Marťas (SID: S-1-5-21-1626131941-1098701557-2232362238-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 02:46:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IMU1TCG)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli DESKTOP-IMU1TCG\Marťas (SID: S-1-5-21-1626131941-1098701557-2232362238-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 02:44:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 02:43:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_39b87 byla ukončena s následující chybou:
Nespecifikovaná chyba
Error: (02/15/2017 02:43:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Intel(R) Content Protection HECI Service byla ukončena s následující chybou:
%%2147942659 = Žádná další data nejsou k dispozici.
Error: (02/15/2017 02:43:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Ronzap neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (02/15/2017 02:43:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Ronzap bylo dosaženo časového limitu (30000 ms).
Error: (02/15/2017 02:43:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
CodeIntegrity:
===================================
Date: 2017-02-15 16:06:06.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:44:19.485
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:43:08.213
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:42:11.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:31.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.983
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.860
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.705
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\wcwfnsjvghnrfrjyu.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.628
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\wcwfnsjvghnrfrjyu.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 38%
Total physical RAM: 3977.98 MB
Available physical RAM: 2462.03 MB
Total Virtual: 4681.98 MB
Available Virtual: 2573.56 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:449.63 GB) (Free:367.59 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 042A475B)
Partition: GPT.
==================== End of Addition.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir po stažení programu na snímaní plochy
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir po stažení programu na snímaní plochy
Provedl jsem vše podle Vašeho návodu.
Log:
# AdwCleaner v6.043 - Log vytvořen 15/02/2017 v 19:56:52
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-13.1 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Marťas - DESKTOP-IMU1TCG
# Spuštěno z : C:\Users\Marťas\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: Ronzap
[-] Služba smazána: Nettrans
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ucdrv
[-] Služba smazána: WinSnare
***** [ Složky ] *****
[-] Složka smazána: C:\Program Files (x86)\WinSnare(4.1.0)
[-] Složka smazána: C:\Program Files (x86)\Youtube AdBlock
[-] Složka smazána: C:\ProgramData\078aa905-0147-0
[-] Složka smazána: C:\ProgramData\078aa905-6553-1
[-] Složka smazána: C:\Users\Marťas\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\gplyra
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\VDI
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\WinSAPSvc
[#] Složka smazána po restartu: C:\Users\Marťas\AppData\Roaming\VDI\Shared\Product Updater
[#] Složka smazána po restartu: C:\Users\Marťas\AppData\Roaming\winsapsvc
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\WinSnare
[#] Složka smazána po restartu: C:\ProgramData\Ronzap
[-] Složka smazána: C:\ProgramData\Ronzaps
[-] Složka smazána: C:\ProgramData\Logic Handler
[-] Složka smazána: C:\ProgramData\NetworkPacketManitor
[-] Složka smazána: C:\Program Files (x86)\ContentPush
[#] Složka smazána po restartu: C:\Program Files (x86)\Youtube AdBlock
[-] Složka smazána: C:\Program Files (x86)\MIO
[-] Složka smazána: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Solvusoft
[-] Složka smazána: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[-] Složka smazána: C:\ProgramData\WinTools
[#] Složka smazána po restartu: C:\Users\Marťas\AppData\Roaming\WinSnare
[#] Složka smazána po restartu: C:\Program Files (x86)\MIO
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\booking.ico
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\aliexpress.ico
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monhost.lnk
[-] Soubor smazán: C:\WINDOWS\SysWoW64\findit.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Adobe\Manager.exe
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\md.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Config.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\noah.dat
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Installer.dat
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\InstallationConfiguration.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Main.dat
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\agent.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Update Service for Youtube AdBlock2
[-] Úloha smazána: WinTOOL
[-] Úloha smazána: Microsoft\Windows\Multimedia\Manager
[-] Úloha smazána: UCBrowserSecureUpdater
[-] Úloha smazána: Milimili
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKU\.DEFAULT\Software\jhdbca
[-] Klíč smazán: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Installer
[-] Klíč smazán: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\AutoTime
[-] Klíč smazán: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\dlr
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\jhdbca
[#] Klíč smazán po restartu: HKCU\Software\Installer
[#] Klíč smazán po restartu: HKCU\Software\AutoTime
[#] Klíč smazán po restartu: HKCU\Software\dlr
[-] Klíč smazán: HKLM\SOFTWARE\mtRonzap
[-] Klíč smazán: HKLM\SOFTWARE\trotuxSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentPush
[#] Klíč smazán po restartu: [x64] HKCU\Software\Installer
[#] Klíč smazán po restartu: [x64] HKCU\Software\AutoTime
[#] Klíč smazán po restartu: [x64] HKCU\Software\dlr
[-] Klíč smazán: [x64] HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] C:\WINDOWS\system32\userinit.exe,
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] C:\WINDOWS\system32\userinit.exe,
[-] Hodnota smazána: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Windows\CurrentVersion\Run [produpd]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [produpd]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [produpd]
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Klíč smazán: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Hodnota smazána: HKCU\Environment [SNF]
[-] Hodnota smazána: HKCU\Environment [SNP]
[#] Klíč smazán po restartu: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Klíč smazán: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
[-] Klíč smazán: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
[#] Klíč smazán po restartu: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Klíč smazán po restartu: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Klíč smazán po restartu: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [7387 Bajty] - [15/02/2017 19:56:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [7255 Bajty] - [15/02/2017 19:47:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [7330 Bajty] - [15/02/2017 19:51:44]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7606 Bajty] ##########
Log:
# AdwCleaner v6.043 - Log vytvořen 15/02/2017 v 19:56:52
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-13.1 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Marťas - DESKTOP-IMU1TCG
# Spuštěno z : C:\Users\Marťas\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: Ronzap
[-] Služba smazána: Nettrans
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ucdrv
[-] Služba smazána: WinSnare
***** [ Složky ] *****
[-] Složka smazána: C:\Program Files (x86)\WinSnare(4.1.0)
[-] Složka smazána: C:\Program Files (x86)\Youtube AdBlock
[-] Složka smazána: C:\ProgramData\078aa905-0147-0
[-] Složka smazána: C:\ProgramData\078aa905-6553-1
[-] Složka smazána: C:\Users\Marťas\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\gplyra
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\VDI
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\WinSAPSvc
[#] Složka smazána po restartu: C:\Users\Marťas\AppData\Roaming\VDI\Shared\Product Updater
[#] Složka smazána po restartu: C:\Users\Marťas\AppData\Roaming\winsapsvc
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\WinSnare
[#] Složka smazána po restartu: C:\ProgramData\Ronzap
[-] Složka smazána: C:\ProgramData\Ronzaps
[-] Složka smazána: C:\ProgramData\Logic Handler
[-] Složka smazána: C:\ProgramData\NetworkPacketManitor
[-] Složka smazána: C:\Program Files (x86)\ContentPush
[#] Složka smazána po restartu: C:\Program Files (x86)\Youtube AdBlock
[-] Složka smazána: C:\Program Files (x86)\MIO
[-] Složka smazána: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Solvusoft
[-] Složka smazána: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[-] Složka smazána: C:\ProgramData\WinTools
[#] Složka smazána po restartu: C:\Users\Marťas\AppData\Roaming\WinSnare
[#] Složka smazána po restartu: C:\Program Files (x86)\MIO
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\booking.ico
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\aliexpress.ico
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monhost.lnk
[-] Soubor smazán: C:\WINDOWS\SysWoW64\findit.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Adobe\Manager.exe
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\md.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Config.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\noah.dat
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Installer.dat
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\InstallationConfiguration.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Main.dat
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\agent.dat
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Update Service for Youtube AdBlock2
[-] Úloha smazána: WinTOOL
[-] Úloha smazána: Microsoft\Windows\Multimedia\Manager
[-] Úloha smazána: UCBrowserSecureUpdater
[-] Úloha smazána: Milimili
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKU\.DEFAULT\Software\jhdbca
[-] Klíč smazán: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Installer
[-] Klíč smazán: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\AutoTime
[-] Klíč smazán: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\dlr
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\jhdbca
[#] Klíč smazán po restartu: HKCU\Software\Installer
[#] Klíč smazán po restartu: HKCU\Software\AutoTime
[#] Klíč smazán po restartu: HKCU\Software\dlr
[-] Klíč smazán: HKLM\SOFTWARE\mtRonzap
[-] Klíč smazán: HKLM\SOFTWARE\trotuxSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentPush
[#] Klíč smazán po restartu: [x64] HKCU\Software\Installer
[#] Klíč smazán po restartu: [x64] HKCU\Software\AutoTime
[#] Klíč smazán po restartu: [x64] HKCU\Software\dlr
[-] Klíč smazán: [x64] HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] C:\WINDOWS\system32\userinit.exe,
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] C:\WINDOWS\system32\userinit.exe,
[-] Hodnota smazána: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Windows\CurrentVersion\Run [produpd]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [produpd]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [produpd]
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Klíč smazán: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Hodnota smazána: HKCU\Environment [SNF]
[-] Hodnota smazána: HKCU\Environment [SNP]
[#] Klíč smazán po restartu: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Klíč smazán: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
[-] Klíč smazán: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
[#] Klíč smazán po restartu: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Klíč smazán po restartu: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Klíč smazán po restartu: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [7387 Bajty] - [15/02/2017 19:56:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [7255 Bajty] - [15/02/2017 19:47:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [7330 Bajty] - [15/02/2017 19:51:44]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7606 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir po stažení programu na snímaní plochy
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir po stažení programu na snímaní plochy
Log-FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Marťas (administrator) on DESKTOP-IMU1TCG (16-02-2017 13:58:47)
Running from C:\Users\Marťas\Desktop
Loaded Profiles: Marťas (Available Profiles: defaultuser0 & Marťas)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-12-17] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-09-10] (ELAN Microelectronics Corp.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [GoogleChromeAutoLaunch_F2169D7533533C5932816DA6EE4B0D3B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [MyComGames] => C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe [5013392 2017-02-14] (MY.COM B.V.) <===== ATTENTION
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKLM\...\Providers\qs4j0wbq: C:\Program Files (x86)\Coitoy Manager\local64spl.dll [307200 2017-02-14] ()
ShellExecuteHooks: No Name - {8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} - C:\Users\Marťas\AppData\Roaming\Grjelyckojule\Coosak.dll -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{02c273f3-199c-452b-9e83-6cf7b4ac56ca}: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{03d29909-5cf5-4c48-9d1c-6d0c9b13c62d}: [DhcpNameServer] 10.0.0.1 10.0.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXN4MEBW77F2Ugl1z3UZCMgBCEU8cegflI9J2ph4-6lx77xh9b13Cx9zjSzaujmqg3qN89znXixBXCRYlNoNaPJzhF3kt&q={searchTerms}
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXNK-9KXdsNt4TNE5gx242qujwVNkv7VFQPatKgidUULgpokjiR3t_QNSkGSP9oKoVCfMXQBx0uNbS8L36e0FA8kWLIom
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001 -> DefaultScope {ielnksrch} URL =
FireFox:
========
FF DefaultProfile: pjvuic15.default
FF ProfilePath: C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\Profiles\pjvuic15.default [2017-02-16]
FF NewTab: Mozilla\Firefox\Profiles\pjvuic15.default -> C:\\ProgramData\\Ronzaps\\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\pjvuic15.default -> hxxps://www.seznam.cz/
FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2017-02-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-05] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1626131941-1098701557-2232362238-1001: @my.com/Games -> C:\Users\Marťas\AppData\Local\MyComGames\NPMyComDetector.dll [2017-02-12] (MY.COM B.V.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}& ... UH&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-16] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-08]
CHR Extension: (Dokumenty Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-08]
CHR Extension: (Disk Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-08]
CHR Extension: (YouTube) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-08]
CHR Extension: (Steam Inventory Helper) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-02-14]
CHR Extension: (Tabulky Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-08]
CHR Extension: (Splinter Search) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho [2017-02-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gndgngmogcnpkcbknmcgpnooljecgadk [2017-02-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-08]
CHR Extension: (Gmail) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328624 2015-10-07] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 serverss; C:\WINDOWS\Temp\E12D.tmp [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 FreshIO; C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [59840 2015-11-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410848 2015-08-13] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-16 13:58 - 2017-02-16 14:00 - 00012281 _____ C:\Users\Marťas\Desktop\FRST.txt
2017-02-16 13:58 - 2017-02-16 13:58 - 00000000 ____D C:\Users\Marťas\Desktop\FRST-OlderVersion
2017-02-16 06:26 - 2017-02-16 06:26 - 00000000 ___HD C:\OneDriveTemp
2017-02-15 19:43 - 2017-02-15 19:56 - 00000000 ____D C:\AdwCleaner
2017-02-15 17:13 - 2017-02-16 13:58 - 02422272 _____ (Farbar) C:\Users\Marťas\Desktop\FRST64.exe
2017-02-15 17:13 - 2017-02-16 13:58 - 00000000 ____D C:\FRST
2017-02-15 14:47 - 2017-02-15 14:47 - 00003744 _____ C:\WINDOWS\System32\Tasks\{FF362657-05F5-418A-B833-872C21AA43F5}
2017-02-15 14:16 - 2017-02-15 14:16 - 00000000 ___HD C:\$AV_ASW
2017-02-15 14:16 - 2017-02-15 14:16 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG\AppData\Roaming\AVAST Software
2017-02-15 14:15 - 2017-02-15 14:20 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG\AppData\Local\Packages
2017-02-15 14:15 - 2017-02-15 14:20 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG
2017-02-15 14:15 - 2017-02-15 14:15 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVAST Software
2017-02-15 14:11 - 2017-02-15 14:11 - 00000000 ____D C:\Users\Default\AppData\Local\NetworkTiles
2017-02-15 14:11 - 2017-02-15 14:11 - 00000000 ____D C:\Users\Default User\AppData\Local\NetworkTiles
2017-02-15 14:10 - 2017-02-15 14:15 - 00000000 ____D C:\Users\TEMP
2017-02-15 14:08 - 2017-02-15 14:08 - 00000000 ____D C:\Users\Default\winhttp
2017-02-15 13:34 - 2017-02-15 13:34 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\AVAST Software
2017-02-15 13:33 - 2017-02-15 13:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-15 13:22 - 2017-02-15 13:22 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\SMRecorder
2017-02-15 13:21 - 2017-02-15 13:21 - 00000000 ____D C:\Users\Marťas\Documents\SMRecorder
2017-02-15 13:16 - 2017-02-15 13:38 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-15 13:16 - 2017-02-15 13:38 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-15 13:09 - 2017-02-15 13:09 - 00000000 ____D C:\Program Files (x86)\qs4j0wbq
2017-02-15 12:28 - 2017-02-15 12:28 - 00003334 _____ C:\WINDOWS\System32\Tasks\psv_Dentola
2017-02-15 12:27 - 2017-02-15 14:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-15 11:38 - 2017-02-15 11:38 - 00003306 _____ C:\WINDOWS\System32\Tasks\psv_S-it
2017-02-15 11:35 - 2017-02-15 12:31 - 00003658 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-15 11:33 - 2017-02-15 11:33 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Zaamtax
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader
2017-02-15 11:26 - 2017-02-15 11:26 - 00003354 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-02-15 11:25 - 2017-02-15 13:04 - 00000000 ____D C:\Program Files\qs4j0wbq
2017-02-15 11:25 - 2017-02-15 11:25 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-15 11:24 - 2017-02-15 11:24 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Unilax
2017-02-15 08:11 - 2017-02-15 14:24 - 00000000 ____D C:\Users\Marťas\AppData\Local\UCBrowser
2017-02-15 08:11 - 2017-02-15 08:11 - 00000000 ____D C:\Users\Marťas\AppData\Local\NoxInsPackFileder
2017-02-15 08:11 - 2017-02-15 08:11 - 00000000 ____D C:\Users\Marťas\AppData\Local\Nox
2017-02-15 08:02 - 2017-02-15 14:46 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-15 07:52 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\xxx
2017-02-15 07:49 - 2017-02-15 14:40 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Seznam.cz
2017-02-15 07:41 - 2017-02-15 07:41 - 01938536 _____ C:\Users\Marťas\AppData\Roaming\Y-zap.bin
2017-02-15 07:41 - 2017-02-15 07:41 - 00136827 _____ () C:\Users\Marťas\AppData\Roaming\Dongnix.bin
2017-02-15 07:40 - 2017-02-15 19:57 - 00000000 ____D C:\ProgramData\Ronzap
2017-02-15 07:40 - 2017-02-15 07:40 - 01908169 _____ C:\Users\Marťas\AppData\Roaming\Mathbam.tst
2017-02-15 07:40 - 2017-02-15 07:40 - 00278518 _____ C:\Users\Marťas\AppData\Roaming\Inch-Lab.bin
2017-02-15 07:40 - 2017-02-15 07:39 - 00983040 _____ C:\Users\Marťas\AppData\Roaming\Mathbam.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 00001194 _____ C:\Users\Public\Desktop\SMRecorder.lnk
2017-02-15 07:39 - 2017-02-15 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMRecorder
2017-02-15 07:39 - 2017-02-15 07:39 - 00000000 ____D C:\Program Files (x86)\SMRecorder
2017-02-14 22:17 - 2017-02-14 22:18 - 00000270 __RSH C:\Users\Marťas\ntuser.pol
2017-02-14 22:16 - 2017-02-14 22:16 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-14 22:16 - 2017-02-14 22:16 - 00003396 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-02-14 22:16 - 2017-02-14 22:16 - 00003042 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Marťas)
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Marťas\AppData\LocalLow\IObit
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\ProgramData\IObit
2017-02-14 22:15 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Public\Thunder Network
2017-02-14 22:15 - 2017-02-14 22:15 - 00000000 ____D C:\ProgramData\Thunder Network
2017-02-14 22:15 - 2017-02-14 22:15 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-14 22:14 - 2017-02-15 11:32 - 00000000 ____D C:\Program Files (x86)\Buluwardatacack
2017-02-14 22:14 - 2017-02-15 08:14 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Grjelyckojule
2017-02-14 22:14 - 2017-02-14 22:15 - 00000000 ____D C:\Users\Marンas\AppData\Local\Ghezeent
2017-02-14 22:14 - 2017-02-14 22:14 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marンas
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\IObit
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marťas\AppData\Local\Ghezeent
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Program Files (x86)\Coitoy Manager
2017-02-14 22:07 - 2017-02-14 22:26 - 00000000 ____D C:\Users\Marťas\AppData\Local\Dxtory Software
2017-02-14 22:07 - 2017-02-14 22:07 - 00001198 _____ C:\Users\Marťas\Desktop\Dxtory.lnk
2017-02-14 22:07 - 2017-02-14 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2017-02-14 22:07 - 2017-02-14 22:07 - 00000000 ____D C:\Program Files (x86)\ExKode
2017-02-14 22:07 - 2015-08-10 16:00 - 02606144 _____ (ExKode Co. Ltd.) C:\WINDOWS\system32\DxtoryCodec.dll
2017-02-14 22:07 - 2015-08-10 16:00 - 02499648 _____ (ExKode Co. Ltd.) C:\WINDOWS\SysWOW64\DxtoryCodec.dll
2017-02-12 08:16 - 2017-02-12 08:16 - 00002098 _____ C:\Users\Marťas\Desktop\My.com Game Center.lnk
2017-02-12 07:13 - 2017-02-12 07:13 - 00000000 ____D C:\Users\Marťas\AppData\Local\CrashRpt
2017-02-12 06:55 - 2017-02-12 07:12 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2017-02-12 06:54 - 2017-02-16 13:28 - 00000000 ____D C:\Users\Marťas\AppData\Local\MyComGames
2017-02-11 21:08 - 2017-02-11 21:08 - 00000222 _____ C:\Users\Marťas\Desktop\Warface.url
2017-02-08 17:48 - 2017-02-16 13:58 - 00002556 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-08 17:48 - 2017-02-16 13:58 - 00002544 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 17:46 - 2017-02-08 17:55 - 00000000 ____D C:\Users\Marťas\AppData\Local\Google
2017-02-08 17:46 - 2017-02-08 17:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-06 16:14 - 2017-02-06 16:14 - 00000000 ____D C:\Users\Marťas\AppData\Local\Macromedia
2017-02-06 13:35 - 2017-02-06 13:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-02-05 00:17 - 2017-02-05 00:19 - 00000000 ____D C:\Users\Marťas\AppData\Local\Adobe
2017-01-25 14:42 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:42 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 14:35 - 2017-01-24 14:35 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\BANDISOFT
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\Users\Marťas\Documents\Bandicam
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\Program Files (x86)\Bandicam
2017-01-23 16:47 - 2017-02-13 08:40 - 00000000 ____D C:\Users\Marťas\Desktop\Plocha
2017-01-18 21:51 - 2017-02-13 08:40 - 00000000 ____D C:\Users\Marťas\Desktop\Lyže
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-16 13:58 - 2016-12-17 16:19 - 00001260 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-16 13:28 - 2016-12-17 16:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-16 13:28 - 2016-12-17 15:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-16 13:05 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 13:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-16 13:00 - 2016-12-17 16:19 - 00000000 ____D C:\Users\Marťas\AppData\LocalLow\Mozilla
2017-02-16 06:27 - 2016-12-17 16:00 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Skype
2017-02-16 06:26 - 2016-12-17 19:46 - 00000000 __SHD C:\Users\Marťas\IntelGraphicsProfiles
2017-02-16 06:26 - 2016-12-17 15:59 - 00000000 ___RD C:\Users\Marťas\OneDrive
2017-02-15 20:03 - 2016-12-17 15:55 - 01895820 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-15 20:03 - 2016-07-16 23:25 - 00692040 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-15 20:03 - 2016-07-16 23:25 - 00157910 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-15 19:58 - 2016-12-17 15:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-15 19:57 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-02-15 19:56 - 2016-12-17 15:56 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Adobe
2017-02-15 14:43 - 2016-12-17 19:50 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-02-15 14:40 - 2017-01-09 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreshDevices
2017-02-15 14:40 - 2017-01-09 18:21 - 00000000 ____D C:\Program Files (x86)\FreshDevices
2017-02-15 14:40 - 2016-12-17 16:26 - 00000000 ____D C:\Program Files\Intel
2017-02-15 14:40 - 2016-12-17 15:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-15 14:40 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-15 14:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration
2017-02-15 14:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 14:24 - 2016-12-17 15:55 - 00000000 ____D C:\Users\Marťas
2017-02-15 14:24 - 2016-12-17 15:51 - 00000000 ____D C:\Users\defaultuser0
2017-02-15 12:23 - 2016-12-17 16:28 - 00000436 _____ C:\Users\Marťas\Desktop\Tento počítač.lnk
2017-02-15 07:52 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-14 22:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Škola
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Reniny dorty
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Fotečky
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Epic moments
2017-02-12 22:37 - 2016-11-23 13:59 - 00000000 ____D C:\Games
2017-02-09 14:20 - 2016-12-17 15:56 - 00000000 ____D C:\Users\Marťas\AppData\Local\VirtualStore
2017-02-09 12:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-06 19:45 - 2016-12-25 09:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-06 15:59 - 2016-12-24 22:46 - 00000222 _____ C:\Users\Marťas\Desktop\Rebel Galaxy.url
2017-02-05 00:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-31 16:34 - 2016-12-17 16:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-31 16:34 - 2016-12-17 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-31 15:38 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
==================== Files in the root of some directories =======
2017-02-15 07:41 - 2017-02-15 07:41 - 0136827 _____ () C:\Users\Marťas\AppData\Roaming\Dongnix.bin
2017-02-15 07:40 - 2017-02-15 07:40 - 0278518 _____ () C:\Users\Marťas\AppData\Roaming\Inch-Lab.bin
2017-02-15 07:40 - 2017-02-15 07:39 - 0983040 _____ () C:\Users\Marťas\AppData\Roaming\Mathbam.exe
2017-02-15 07:40 - 2017-02-15 07:40 - 1908169 _____ () C:\Users\Marťas\AppData\Roaming\Mathbam.tst
2017-02-15 07:42 - 2017-02-15 07:42 - 0001150 _____ () C:\Users\Marťas\AppData\Roaming\uninstall_temp.ico
2017-02-15 07:41 - 2017-02-15 07:41 - 1938536 _____ () C:\Users\Marťas\AppData\Roaming\Y-zap.bin
2016-12-17 16:01 - 2016-12-17 16:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe
Some files in TEMP:
====================
2017-02-14 22:14 - 2017-02-14 22:14 - 17628560 _____ (IObit ) C:\Users\Marťas\AppData\Local\Temp\5CCE.tmp.exe
2017-02-15 07:50 - 2017-02-15 07:50 - 1171283 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\8766.tmp.exe
2017-02-14 22:14 - 2017-02-14 22:14 - 2315388 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\AutoTime51495.exe
2013-08-05 07:15 - 2013-08-05 07:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\Marťas\AppData\Local\Temp\bdfilters.dll
2017-02-15 07:58 - 2017-02-15 08:00 - 51198352 _____ (UCWeb Inc.) C:\Users\Marťas\AppData\Local\Temp\Browser_V6.0.1121.13_r_4727_(Build1612191708).exe
2017-02-15 08:11 - 2017-02-15 08:11 - 1171283 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\C713.tmp.exe
2017-02-15 07:48 - 2017-02-15 07:48 - 0237624 _____ () C:\Users\Marťas\AppData\Local\Temp\ContentPushSetup.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0550404 _____ () C:\Users\Marťas\AppData\Local\Temp\DBUpdater.exe
2017-02-14 22:14 - 2017-02-14 22:14 - 0075264 _____ () C:\Users\Marťas\AppData\Local\Temp\DriverBoosterSetup.exe
2017-02-14 22:19 - 2003-02-25 13:44 - 0021019 _____ () C:\Users\Marťas\AppData\Local\Temp\guninst.exe
2017-02-15 11:27 - 2017-02-15 11:27 - 26964688 _____ () C:\Users\Marťas\AppData\Local\Temp\inst12.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0983040 _____ () C:\Users\Marťas\AppData\Local\Temp\linker.exe
2017-02-15 07:49 - 2017-02-15 07:49 - 8585520 _____ () C:\Users\Marťas\AppData\Local\Temp\listicka-partner-16194-1.1.8-offline.exe
2017-02-15 08:11 - 2017-02-15 08:11 - 1575048 _____ (Duodian Technology Co. Ltd.) C:\Users\Marťas\AppData\Local\Temp\nox_setup_v3.8.0.0_dl_intl.exe
2016-11-06 09:21 - 2016-11-06 09:21 - 0109568 _____ () C:\Users\Marťas\AppData\Local\Temp\nsu2EFD.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0351232 _____ () C:\Users\Marťas\AppData\Local\Temp\prepreinstaller_win.exe
2007-11-07 15:15 - 2007-11-07 15:15 - 1821192 _____ (Microsoft Corporation) C:\Users\Marťas\AppData\Local\Temp\smd_runtime.exe
2017-02-14 22:13 - 2017-02-14 22:14 - 2984392 _____ () C:\Users\Marťas\AppData\Local\Temp\sys32.exe
2017-02-15 07:42 - 2017-02-15 07:44 - 4446120 _____ () C:\Users\Marťas\AppData\Local\Temp\SystemHealer.exe
2017-02-15 07:48 - 2017-02-15 07:49 - 1821696 _____ () C:\Users\Marťas\AppData\Local\Temp\WindowsUpdateKB12695__7428_il1.exe
2017-02-14 22:13 - 2017-02-14 22:13 - 2560943 _____ () C:\Users\Marťas\AppData\Local\Temp\yt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-14 22:33
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Marťas (administrator) on DESKTOP-IMU1TCG (16-02-2017 13:58:47)
Running from C:\Users\Marťas\Desktop
Loaded Profiles: Marťas (Available Profiles: defaultuser0 & Marťas)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-12-17] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-09-10] (ELAN Microelectronics Corp.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [GoogleChromeAutoLaunch_F2169D7533533C5932816DA6EE4B0D3B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [MyComGames] => C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe [5013392 2017-02-14] (MY.COM B.V.) <===== ATTENTION
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKLM\...\Providers\qs4j0wbq: C:\Program Files (x86)\Coitoy Manager\local64spl.dll [307200 2017-02-14] ()
ShellExecuteHooks: No Name - {8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} - C:\Users\Marťas\AppData\Roaming\Grjelyckojule\Coosak.dll -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{02c273f3-199c-452b-9e83-6cf7b4ac56ca}: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{03d29909-5cf5-4c48-9d1c-6d0c9b13c62d}: [DhcpNameServer] 10.0.0.1 10.0.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXN4MEBW77F2Ugl1z3UZCMgBCEU8cegflI9J2ph4-6lx77xh9b13Cx9zjSzaujmqg3qN89znXixBXCRYlNoNaPJzhF3kt&q={searchTerms}
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXNK-9KXdsNt4TNE5gx242qujwVNkv7VFQPatKgidUULgpokjiR3t_QNSkGSP9oKoVCfMXQBx0uNbS8L36e0FA8kWLIom
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001 -> DefaultScope {ielnksrch} URL =
FireFox:
========
FF DefaultProfile: pjvuic15.default
FF ProfilePath: C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\Profiles\pjvuic15.default [2017-02-16]
FF NewTab: Mozilla\Firefox\Profiles\pjvuic15.default -> C:\\ProgramData\\Ronzaps\\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\pjvuic15.default -> hxxps://www.seznam.cz/
FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2017-02-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-05] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1626131941-1098701557-2232362238-1001: @my.com/Games -> C:\Users\Marťas\AppData\Local\MyComGames\NPMyComDetector.dll [2017-02-12] (MY.COM B.V.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}& ... UH&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-16] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-08]
CHR Extension: (Dokumenty Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-08]
CHR Extension: (Disk Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-08]
CHR Extension: (YouTube) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-08]
CHR Extension: (Steam Inventory Helper) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-02-14]
CHR Extension: (Tabulky Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-08]
CHR Extension: (Splinter Search) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho [2017-02-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gndgngmogcnpkcbknmcgpnooljecgadk [2017-02-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-08]
CHR Extension: (Gmail) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328624 2015-10-07] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 serverss; C:\WINDOWS\Temp\E12D.tmp [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 FreshIO; C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [59840 2015-11-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410848 2015-08-13] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-16 13:58 - 2017-02-16 14:00 - 00012281 _____ C:\Users\Marťas\Desktop\FRST.txt
2017-02-16 13:58 - 2017-02-16 13:58 - 00000000 ____D C:\Users\Marťas\Desktop\FRST-OlderVersion
2017-02-16 06:26 - 2017-02-16 06:26 - 00000000 ___HD C:\OneDriveTemp
2017-02-15 19:43 - 2017-02-15 19:56 - 00000000 ____D C:\AdwCleaner
2017-02-15 17:13 - 2017-02-16 13:58 - 02422272 _____ (Farbar) C:\Users\Marťas\Desktop\FRST64.exe
2017-02-15 17:13 - 2017-02-16 13:58 - 00000000 ____D C:\FRST
2017-02-15 14:47 - 2017-02-15 14:47 - 00003744 _____ C:\WINDOWS\System32\Tasks\{FF362657-05F5-418A-B833-872C21AA43F5}
2017-02-15 14:16 - 2017-02-15 14:16 - 00000000 ___HD C:\$AV_ASW
2017-02-15 14:16 - 2017-02-15 14:16 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG\AppData\Roaming\AVAST Software
2017-02-15 14:15 - 2017-02-15 14:20 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG\AppData\Local\Packages
2017-02-15 14:15 - 2017-02-15 14:20 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG
2017-02-15 14:15 - 2017-02-15 14:15 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVAST Software
2017-02-15 14:11 - 2017-02-15 14:11 - 00000000 ____D C:\Users\Default\AppData\Local\NetworkTiles
2017-02-15 14:11 - 2017-02-15 14:11 - 00000000 ____D C:\Users\Default User\AppData\Local\NetworkTiles
2017-02-15 14:10 - 2017-02-15 14:15 - 00000000 ____D C:\Users\TEMP
2017-02-15 14:08 - 2017-02-15 14:08 - 00000000 ____D C:\Users\Default\winhttp
2017-02-15 13:34 - 2017-02-15 13:34 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\AVAST Software
2017-02-15 13:33 - 2017-02-15 13:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-15 13:22 - 2017-02-15 13:22 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\SMRecorder
2017-02-15 13:21 - 2017-02-15 13:21 - 00000000 ____D C:\Users\Marťas\Documents\SMRecorder
2017-02-15 13:16 - 2017-02-15 13:38 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-15 13:16 - 2017-02-15 13:38 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-15 13:09 - 2017-02-15 13:09 - 00000000 ____D C:\Program Files (x86)\qs4j0wbq
2017-02-15 12:28 - 2017-02-15 12:28 - 00003334 _____ C:\WINDOWS\System32\Tasks\psv_Dentola
2017-02-15 12:27 - 2017-02-15 14:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-15 11:38 - 2017-02-15 11:38 - 00003306 _____ C:\WINDOWS\System32\Tasks\psv_S-it
2017-02-15 11:35 - 2017-02-15 12:31 - 00003658 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-15 11:33 - 2017-02-15 11:33 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Zaamtax
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader
2017-02-15 11:26 - 2017-02-15 11:26 - 00003354 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-02-15 11:25 - 2017-02-15 13:04 - 00000000 ____D C:\Program Files\qs4j0wbq
2017-02-15 11:25 - 2017-02-15 11:25 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-15 11:24 - 2017-02-15 11:24 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Unilax
2017-02-15 08:11 - 2017-02-15 14:24 - 00000000 ____D C:\Users\Marťas\AppData\Local\UCBrowser
2017-02-15 08:11 - 2017-02-15 08:11 - 00000000 ____D C:\Users\Marťas\AppData\Local\NoxInsPackFileder
2017-02-15 08:11 - 2017-02-15 08:11 - 00000000 ____D C:\Users\Marťas\AppData\Local\Nox
2017-02-15 08:02 - 2017-02-15 14:46 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-15 07:52 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\xxx
2017-02-15 07:49 - 2017-02-15 14:40 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Seznam.cz
2017-02-15 07:41 - 2017-02-15 07:41 - 01938536 _____ C:\Users\Marťas\AppData\Roaming\Y-zap.bin
2017-02-15 07:41 - 2017-02-15 07:41 - 00136827 _____ () C:\Users\Marťas\AppData\Roaming\Dongnix.bin
2017-02-15 07:40 - 2017-02-15 19:57 - 00000000 ____D C:\ProgramData\Ronzap
2017-02-15 07:40 - 2017-02-15 07:40 - 01908169 _____ C:\Users\Marťas\AppData\Roaming\Mathbam.tst
2017-02-15 07:40 - 2017-02-15 07:40 - 00278518 _____ C:\Users\Marťas\AppData\Roaming\Inch-Lab.bin
2017-02-15 07:40 - 2017-02-15 07:39 - 00983040 _____ C:\Users\Marťas\AppData\Roaming\Mathbam.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 00001194 _____ C:\Users\Public\Desktop\SMRecorder.lnk
2017-02-15 07:39 - 2017-02-15 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMRecorder
2017-02-15 07:39 - 2017-02-15 07:39 - 00000000 ____D C:\Program Files (x86)\SMRecorder
2017-02-14 22:17 - 2017-02-14 22:18 - 00000270 __RSH C:\Users\Marťas\ntuser.pol
2017-02-14 22:16 - 2017-02-14 22:16 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-14 22:16 - 2017-02-14 22:16 - 00003396 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-02-14 22:16 - 2017-02-14 22:16 - 00003042 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Marťas)
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Marťas\AppData\LocalLow\IObit
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\ProgramData\IObit
2017-02-14 22:15 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Public\Thunder Network
2017-02-14 22:15 - 2017-02-14 22:15 - 00000000 ____D C:\ProgramData\Thunder Network
2017-02-14 22:15 - 2017-02-14 22:15 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-14 22:14 - 2017-02-15 11:32 - 00000000 ____D C:\Program Files (x86)\Buluwardatacack
2017-02-14 22:14 - 2017-02-15 08:14 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Grjelyckojule
2017-02-14 22:14 - 2017-02-14 22:15 - 00000000 ____D C:\Users\Marンas\AppData\Local\Ghezeent
2017-02-14 22:14 - 2017-02-14 22:14 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marンas
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\IObit
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marťas\AppData\Local\Ghezeent
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Program Files (x86)\Coitoy Manager
2017-02-14 22:07 - 2017-02-14 22:26 - 00000000 ____D C:\Users\Marťas\AppData\Local\Dxtory Software
2017-02-14 22:07 - 2017-02-14 22:07 - 00001198 _____ C:\Users\Marťas\Desktop\Dxtory.lnk
2017-02-14 22:07 - 2017-02-14 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2017-02-14 22:07 - 2017-02-14 22:07 - 00000000 ____D C:\Program Files (x86)\ExKode
2017-02-14 22:07 - 2015-08-10 16:00 - 02606144 _____ (ExKode Co. Ltd.) C:\WINDOWS\system32\DxtoryCodec.dll
2017-02-14 22:07 - 2015-08-10 16:00 - 02499648 _____ (ExKode Co. Ltd.) C:\WINDOWS\SysWOW64\DxtoryCodec.dll
2017-02-12 08:16 - 2017-02-12 08:16 - 00002098 _____ C:\Users\Marťas\Desktop\My.com Game Center.lnk
2017-02-12 07:13 - 2017-02-12 07:13 - 00000000 ____D C:\Users\Marťas\AppData\Local\CrashRpt
2017-02-12 06:55 - 2017-02-12 07:12 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2017-02-12 06:54 - 2017-02-16 13:28 - 00000000 ____D C:\Users\Marťas\AppData\Local\MyComGames
2017-02-11 21:08 - 2017-02-11 21:08 - 00000222 _____ C:\Users\Marťas\Desktop\Warface.url
2017-02-08 17:48 - 2017-02-16 13:58 - 00002556 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-08 17:48 - 2017-02-16 13:58 - 00002544 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 17:46 - 2017-02-08 17:55 - 00000000 ____D C:\Users\Marťas\AppData\Local\Google
2017-02-08 17:46 - 2017-02-08 17:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-06 16:14 - 2017-02-06 16:14 - 00000000 ____D C:\Users\Marťas\AppData\Local\Macromedia
2017-02-06 13:35 - 2017-02-06 13:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-02-05 00:17 - 2017-02-05 00:19 - 00000000 ____D C:\Users\Marťas\AppData\Local\Adobe
2017-01-25 14:42 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:42 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 14:35 - 2017-01-24 14:35 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\BANDISOFT
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\Users\Marťas\Documents\Bandicam
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\Program Files (x86)\Bandicam
2017-01-23 16:47 - 2017-02-13 08:40 - 00000000 ____D C:\Users\Marťas\Desktop\Plocha
2017-01-18 21:51 - 2017-02-13 08:40 - 00000000 ____D C:\Users\Marťas\Desktop\Lyže
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-16 13:58 - 2016-12-17 16:19 - 00001260 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-16 13:28 - 2016-12-17 16:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-16 13:28 - 2016-12-17 15:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-16 13:05 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 13:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-16 13:00 - 2016-12-17 16:19 - 00000000 ____D C:\Users\Marťas\AppData\LocalLow\Mozilla
2017-02-16 06:27 - 2016-12-17 16:00 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Skype
2017-02-16 06:26 - 2016-12-17 19:46 - 00000000 __SHD C:\Users\Marťas\IntelGraphicsProfiles
2017-02-16 06:26 - 2016-12-17 15:59 - 00000000 ___RD C:\Users\Marťas\OneDrive
2017-02-15 20:03 - 2016-12-17 15:55 - 01895820 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-15 20:03 - 2016-07-16 23:25 - 00692040 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-15 20:03 - 2016-07-16 23:25 - 00157910 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-15 19:58 - 2016-12-17 15:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-15 19:57 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-02-15 19:56 - 2016-12-17 15:56 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Adobe
2017-02-15 14:43 - 2016-12-17 19:50 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-02-15 14:40 - 2017-01-09 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreshDevices
2017-02-15 14:40 - 2017-01-09 18:21 - 00000000 ____D C:\Program Files (x86)\FreshDevices
2017-02-15 14:40 - 2016-12-17 16:26 - 00000000 ____D C:\Program Files\Intel
2017-02-15 14:40 - 2016-12-17 15:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-15 14:40 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-15 14:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration
2017-02-15 14:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 14:24 - 2016-12-17 15:55 - 00000000 ____D C:\Users\Marťas
2017-02-15 14:24 - 2016-12-17 15:51 - 00000000 ____D C:\Users\defaultuser0
2017-02-15 12:23 - 2016-12-17 16:28 - 00000436 _____ C:\Users\Marťas\Desktop\Tento počítač.lnk
2017-02-15 07:52 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-14 22:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Škola
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Reniny dorty
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Fotečky
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Epic moments
2017-02-12 22:37 - 2016-11-23 13:59 - 00000000 ____D C:\Games
2017-02-09 14:20 - 2016-12-17 15:56 - 00000000 ____D C:\Users\Marťas\AppData\Local\VirtualStore
2017-02-09 12:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-06 19:45 - 2016-12-25 09:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-06 15:59 - 2016-12-24 22:46 - 00000222 _____ C:\Users\Marťas\Desktop\Rebel Galaxy.url
2017-02-05 00:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-31 16:34 - 2016-12-17 16:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-31 16:34 - 2016-12-17 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-31 15:38 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
==================== Files in the root of some directories =======
2017-02-15 07:41 - 2017-02-15 07:41 - 0136827 _____ () C:\Users\Marťas\AppData\Roaming\Dongnix.bin
2017-02-15 07:40 - 2017-02-15 07:40 - 0278518 _____ () C:\Users\Marťas\AppData\Roaming\Inch-Lab.bin
2017-02-15 07:40 - 2017-02-15 07:39 - 0983040 _____ () C:\Users\Marťas\AppData\Roaming\Mathbam.exe
2017-02-15 07:40 - 2017-02-15 07:40 - 1908169 _____ () C:\Users\Marťas\AppData\Roaming\Mathbam.tst
2017-02-15 07:42 - 2017-02-15 07:42 - 0001150 _____ () C:\Users\Marťas\AppData\Roaming\uninstall_temp.ico
2017-02-15 07:41 - 2017-02-15 07:41 - 1938536 _____ () C:\Users\Marťas\AppData\Roaming\Y-zap.bin
2016-12-17 16:01 - 2016-12-17 16:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe
Some files in TEMP:
====================
2017-02-14 22:14 - 2017-02-14 22:14 - 17628560 _____ (IObit ) C:\Users\Marťas\AppData\Local\Temp\5CCE.tmp.exe
2017-02-15 07:50 - 2017-02-15 07:50 - 1171283 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\8766.tmp.exe
2017-02-14 22:14 - 2017-02-14 22:14 - 2315388 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\AutoTime51495.exe
2013-08-05 07:15 - 2013-08-05 07:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\Marťas\AppData\Local\Temp\bdfilters.dll
2017-02-15 07:58 - 2017-02-15 08:00 - 51198352 _____ (UCWeb Inc.) C:\Users\Marťas\AppData\Local\Temp\Browser_V6.0.1121.13_r_4727_(Build1612191708).exe
2017-02-15 08:11 - 2017-02-15 08:11 - 1171283 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\C713.tmp.exe
2017-02-15 07:48 - 2017-02-15 07:48 - 0237624 _____ () C:\Users\Marťas\AppData\Local\Temp\ContentPushSetup.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0550404 _____ () C:\Users\Marťas\AppData\Local\Temp\DBUpdater.exe
2017-02-14 22:14 - 2017-02-14 22:14 - 0075264 _____ () C:\Users\Marťas\AppData\Local\Temp\DriverBoosterSetup.exe
2017-02-14 22:19 - 2003-02-25 13:44 - 0021019 _____ () C:\Users\Marťas\AppData\Local\Temp\guninst.exe
2017-02-15 11:27 - 2017-02-15 11:27 - 26964688 _____ () C:\Users\Marťas\AppData\Local\Temp\inst12.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0983040 _____ () C:\Users\Marťas\AppData\Local\Temp\linker.exe
2017-02-15 07:49 - 2017-02-15 07:49 - 8585520 _____ () C:\Users\Marťas\AppData\Local\Temp\listicka-partner-16194-1.1.8-offline.exe
2017-02-15 08:11 - 2017-02-15 08:11 - 1575048 _____ (Duodian Technology Co. Ltd.) C:\Users\Marťas\AppData\Local\Temp\nox_setup_v3.8.0.0_dl_intl.exe
2016-11-06 09:21 - 2016-11-06 09:21 - 0109568 _____ () C:\Users\Marťas\AppData\Local\Temp\nsu2EFD.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0351232 _____ () C:\Users\Marťas\AppData\Local\Temp\prepreinstaller_win.exe
2007-11-07 15:15 - 2007-11-07 15:15 - 1821192 _____ (Microsoft Corporation) C:\Users\Marťas\AppData\Local\Temp\smd_runtime.exe
2017-02-14 22:13 - 2017-02-14 22:14 - 2984392 _____ () C:\Users\Marťas\AppData\Local\Temp\sys32.exe
2017-02-15 07:42 - 2017-02-15 07:44 - 4446120 _____ () C:\Users\Marťas\AppData\Local\Temp\SystemHealer.exe
2017-02-15 07:48 - 2017-02-15 07:49 - 1821696 _____ () C:\Users\Marťas\AppData\Local\Temp\WindowsUpdateKB12695__7428_il1.exe
2017-02-14 22:13 - 2017-02-14 22:13 - 2560943 _____ () C:\Users\Marťas\AppData\Local\Temp\yt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-14 22:33
==================== End of FRST.txt ============================
Re: Vir po stažení programu na snímaní plochy
Log-Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Marťas (16-02-2017 14:01:12)
Running from C:\Users\Marťas\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-17 14:52:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1626131941-1098701557-2232362238-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1626131941-1098701557-2232362238-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1626131941-1098701557-2232362238-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1626131941-1098701557-2232362238-501 - Limited - Disabled)
Marťas (S-1-5-21-1626131941-1098701557-2232362238-1001 - Administrator - Enabled) => C:\Users\Marťas
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.0.1175 - Bandisoft.com)
BikaQ Rss Reader (HKLM-x32\...\{56B2B28A-E663-4D28-84A3-3846068A7D63}) (Version: 1.0.0 - BikaQ)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Dxtory version 2.0.136 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.136 - ExKode Co. Ltd.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
My.com Game Center (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\MyComGames) (Version: 3.195 - My.com B.V.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
Rebel Galaxy (HKLM\...\Steam App 290300) (Version: - Double Damage Games)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SMRecorder 1.1.9 (HKLM-x32\...\SMRecorder) (Version: 1.1.9 - SMRecorder)
SnapDo (HKLM-x32\...\{525A3CDD-2E1E-455A-AC13-6451B14AD793}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Warface (HKLM\...\Steam App 291480) (Version: - Crytek)
Warface My.Com (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Warface My.Com) (Version: 1.27 - My.com B.V.)
World of Tanks (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {110CF65E-5C9E-421F-A2B1-6D2FD30C5C8D} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRssReader\BikaQ.exe [2016-12-06] (IEC)
Task: {2606F025-A048-4A83-9287-83B63090DFD1} - System32\Tasks\psv_S-it => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Trioflex.reg" & del "C:\ProgramData\Ronzap\Trioflex.reg" & SCHTASKS /Delete /TN "psv_S-it" /F <==== ATTENTION
Task: {8251CAD0-20A2-4770-A0F5-59C63329B24A} - System32\Tasks\psv_Unilax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Volt-Dex.reg" & del "C:\ProgramData\Ronzap\Volt-Dex.reg" & SCHTASKS /Delete /TN "psv_Unilax" /F <==== ATTENTION
Task: {987166B1-06D4-4A3E-996C-1BB63F776906} - System32\Tasks\{FF362657-05F5-418A-B833-872C21AA43F5} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ronphase\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Ronphase\uninstall.dat" -a uninstallme 525A3CDD-2E1E-455A-AC13-6451B14AD793 DeviceId=bb66f1ad-b56f-4fb3-3283-85b1ecb12e29 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {9D41798C-EF5E-421C-B8A0-64DDA3841A78} - System32\Tasks\psv_Dentola => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\SoftKeytouch.reg" & del "C:\ProgramData\Ronzap\SoftKeytouch.reg" & SCHTASKS /Delete /TN "psv_Dentola" /F <==== ATTENTION
Task: {A06BDBB7-C19F-46CF-8F95-4694D7430CE3} - System32\Tasks\psv_Zaamtax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Xxx-eco.reg" & del "C:\ProgramData\Ronzap\Xxx-eco.reg" & SCHTASKS /Delete /TN "psv_Zaamtax" /F <==== ATTENTION
Task: {DD3E22CA-0EA0-41A0-A16D-F31AD7C8CFED} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
==================== Loaded Modules (Whitelisted) ==============
2017-02-14 22:14 - 2017-02-14 22:14 - 00307200 _____ () C:\Program Files (x86)\Coitoy Manager\local64spl.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 20:21 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:20 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:20 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-08 17:48 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-08 17:48 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 13:35 - 2017-02-06 13:35 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-12-17 18:38 - 2016-12-17 18:44 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-02-01 13:16 - 2017-02-01 13:16 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2017-02-16 13:04 - 2017-02-16 13:04 - 03865088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-17 16:09 - 2016-12-23 19:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-17 16:09 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-17 16:15 - 2017-01-05 04:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [371912]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2017-02-15 08:05 - 00008603 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.1 - 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5DE2EBB5-5B1A-4CAB-AA4B-5807BAA907E9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08A22725-E8AF-421A-9FE2-04C81CD6AC0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9FC27A19-7CCD-4EFB-8E2B-2168212510CC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{676DFBE9-39F6-436A-B555-095CFC2FBDE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F64412CF-C484-47BD-919D-8D41325C2591}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3DEAA16-2D88-469E-A4EA-2499A1AF734B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F17C0C64-452D-439B-B046-160144278057}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3CC2C7B6-47CB-4A89-BE19-38ED8A339FE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6019CAFA-C564-44D9-AFC0-2A9C208E5813}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A9767C93-CEA0-4FC2-B682-1B5F97D29232}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AE095E22-8C5C-46E1-B14D-68D4A2498A12}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{269E2527-3FBC-4DA5-826F-0D2E07228E9B}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1DF0FB93-51A4-459B-BD23-C9748CDFB29C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{03A197A2-CF15-4BAD-ADA1-DAE87D88345D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{7D5EA29D-17FD-477D-A5E5-E98BC0CBE50B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{9A25E597-E220-4FFB-8E26-1C6C758D9FC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F330A79B-523F-4B99-AF25-BA38E8BC48E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{5B93A760-1409-4A6D-842D-EFEE01F6D8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [TCP Query User{246F3508-79FE-4F62-BA3E-BB8266005F7A}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{C6613F0F-3F9F-4008-B787-5FED8B3E6081}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe
==================== Restore Points =========================
31-01-2017 15:10:32 Windows Update
06-02-2017 13:33:54 Windows Update
15-02-2017 07:50:34 Instalační služba modulů systému Windows
15-02-2017 07:51:47 Instalační služba modulů systému Windows
15-02-2017 12:33:30 Operace obnovení
==================== Faulty Device Manager Devices =============
Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2017 02:20:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP.DESKTOP-IMU1TCG>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.
PODROBNOSTI – Adresář není prázdný.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat
Error: (02/15/2017 02:15:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.
PODROBNOSTI – Adresář není prázdný.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat
System errors:
=============
Error: (02/16/2017 07:09:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/16/2017 06:26:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_4fece3 byla ukončena s následující chybou:
Nespecifikovaná chyba
Error: (02/16/2017 06:26:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/16/2017 06:26:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 10:44:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 10:01:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 09:04:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 07:58:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 07:58:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 07:58:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_2e739 byla ukončena s následující chybou:
Nespecifikovaná chyba
CodeIntegrity:
===================================
Date: 2017-02-15 19:44:39.091
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 17:55:19.870
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 16:06:06.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:44:19.485
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:43:08.213
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:42:11.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:31.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.983
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.860
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 38%
Total physical RAM: 3977.98 MB
Available physical RAM: 2429.22 MB
Total Virtual: 4681.98 MB
Available Virtual: 2580.94 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:449.63 GB) (Free:367.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 042A475B)
Partition: GPT.
==================== End of Addition.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Marťas (16-02-2017 14:01:12)
Running from C:\Users\Marťas\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-17 14:52:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1626131941-1098701557-2232362238-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1626131941-1098701557-2232362238-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1626131941-1098701557-2232362238-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1626131941-1098701557-2232362238-501 - Limited - Disabled)
Marťas (S-1-5-21-1626131941-1098701557-2232362238-1001 - Administrator - Enabled) => C:\Users\Marťas
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.0.1175 - Bandisoft.com)
BikaQ Rss Reader (HKLM-x32\...\{56B2B28A-E663-4D28-84A3-3846068A7D63}) (Version: 1.0.0 - BikaQ)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Dxtory version 2.0.136 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.136 - ExKode Co. Ltd.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
My.com Game Center (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\MyComGames) (Version: 3.195 - My.com B.V.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
Rebel Galaxy (HKLM\...\Steam App 290300) (Version: - Double Damage Games)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SMRecorder 1.1.9 (HKLM-x32\...\SMRecorder) (Version: 1.1.9 - SMRecorder)
SnapDo (HKLM-x32\...\{525A3CDD-2E1E-455A-AC13-6451B14AD793}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Warface (HKLM\...\Steam App 291480) (Version: - Crytek)
Warface My.Com (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Warface My.Com) (Version: 1.27 - My.com B.V.)
World of Tanks (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {110CF65E-5C9E-421F-A2B1-6D2FD30C5C8D} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRssReader\BikaQ.exe [2016-12-06] (IEC)
Task: {2606F025-A048-4A83-9287-83B63090DFD1} - System32\Tasks\psv_S-it => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Trioflex.reg" & del "C:\ProgramData\Ronzap\Trioflex.reg" & SCHTASKS /Delete /TN "psv_S-it" /F <==== ATTENTION
Task: {8251CAD0-20A2-4770-A0F5-59C63329B24A} - System32\Tasks\psv_Unilax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Volt-Dex.reg" & del "C:\ProgramData\Ronzap\Volt-Dex.reg" & SCHTASKS /Delete /TN "psv_Unilax" /F <==== ATTENTION
Task: {987166B1-06D4-4A3E-996C-1BB63F776906} - System32\Tasks\{FF362657-05F5-418A-B833-872C21AA43F5} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ronphase\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Ronphase\uninstall.dat" -a uninstallme 525A3CDD-2E1E-455A-AC13-6451B14AD793 DeviceId=bb66f1ad-b56f-4fb3-3283-85b1ecb12e29 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {9D41798C-EF5E-421C-B8A0-64DDA3841A78} - System32\Tasks\psv_Dentola => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\SoftKeytouch.reg" & del "C:\ProgramData\Ronzap\SoftKeytouch.reg" & SCHTASKS /Delete /TN "psv_Dentola" /F <==== ATTENTION
Task: {A06BDBB7-C19F-46CF-8F95-4694D7430CE3} - System32\Tasks\psv_Zaamtax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Xxx-eco.reg" & del "C:\ProgramData\Ronzap\Xxx-eco.reg" & SCHTASKS /Delete /TN "psv_Zaamtax" /F <==== ATTENTION
Task: {DD3E22CA-0EA0-41A0-A16D-F31AD7C8CFED} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
==================== Loaded Modules (Whitelisted) ==============
2017-02-14 22:14 - 2017-02-14 22:14 - 00307200 _____ () C:\Program Files (x86)\Coitoy Manager\local64spl.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 20:21 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:20 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:20 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-08 17:48 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-08 17:48 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 13:35 - 2017-02-06 13:35 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-12-17 18:38 - 2016-12-17 18:44 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-02-01 13:16 - 2017-02-01 13:16 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2017-02-16 13:04 - 2017-02-16 13:04 - 03865088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-17 16:09 - 2016-12-23 19:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-17 16:09 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-17 16:15 - 2017-01-05 04:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [371912]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2017-02-15 08:05 - 00008603 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.1 - 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5DE2EBB5-5B1A-4CAB-AA4B-5807BAA907E9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08A22725-E8AF-421A-9FE2-04C81CD6AC0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9FC27A19-7CCD-4EFB-8E2B-2168212510CC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{676DFBE9-39F6-436A-B555-095CFC2FBDE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F64412CF-C484-47BD-919D-8D41325C2591}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3DEAA16-2D88-469E-A4EA-2499A1AF734B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F17C0C64-452D-439B-B046-160144278057}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3CC2C7B6-47CB-4A89-BE19-38ED8A339FE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6019CAFA-C564-44D9-AFC0-2A9C208E5813}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A9767C93-CEA0-4FC2-B682-1B5F97D29232}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AE095E22-8C5C-46E1-B14D-68D4A2498A12}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{269E2527-3FBC-4DA5-826F-0D2E07228E9B}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1DF0FB93-51A4-459B-BD23-C9748CDFB29C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{03A197A2-CF15-4BAD-ADA1-DAE87D88345D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{7D5EA29D-17FD-477D-A5E5-E98BC0CBE50B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{9A25E597-E220-4FFB-8E26-1C6C758D9FC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F330A79B-523F-4B99-AF25-BA38E8BC48E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{5B93A760-1409-4A6D-842D-EFEE01F6D8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [TCP Query User{246F3508-79FE-4F62-BA3E-BB8266005F7A}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{C6613F0F-3F9F-4008-B787-5FED8B3E6081}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe
==================== Restore Points =========================
31-01-2017 15:10:32 Windows Update
06-02-2017 13:33:54 Windows Update
15-02-2017 07:50:34 Instalační služba modulů systému Windows
15-02-2017 07:51:47 Instalační služba modulů systému Windows
15-02-2017 12:33:30 Operace obnovení
==================== Faulty Device Manager Devices =============
Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2017 02:20:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP.DESKTOP-IMU1TCG>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.
PODROBNOSTI – Adresář není prázdný.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat
Error: (02/15/2017 02:15:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.
PODROBNOSTI – Adresář není prázdný.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.
PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat
System errors:
=============
Error: (02/16/2017 07:09:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/16/2017 06:26:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_4fece3 byla ukončena s následující chybou:
Nespecifikovaná chyba
Error: (02/16/2017 06:26:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/16/2017 06:26:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 10:44:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 10:01:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 09:04:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 07:58:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 07:58:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.
Error: (02/15/2017 07:58:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_2e739 byla ukončena s následující chybou:
Nespecifikovaná chyba
CodeIntegrity:
===================================
Date: 2017-02-15 19:44:39.091
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 17:55:19.870
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 16:06:06.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:44:19.485
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:43:08.213
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 14:42:11.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:31.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.983
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.860
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-15 13:10:30.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 38%
Total physical RAM: 3977.98 MB
Available physical RAM: 2429.22 MB
Total Virtual: 4681.98 MB
Available Virtual: 2580.94 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:449.63 GB) (Free:367.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 042A475B)
Partition: GPT.
==================== End of Addition.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir po stažení programu na snímaní plochy
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
SnapDo (HKLM-x32\...\{525A3CDD-2E1E-455A-AC13-6451B14AD793}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION
Task: {2606F025-A048-4A83-9287-83B63090DFD1} - System32\Tasks\psv_S-it => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Trioflex.reg" & del "C:\ProgramData\Ronzap\Trioflex.reg" & SCHTASKS /Delete /TN "psv_S-it" /F <==== ATTENTION
Task: {8251CAD0-20A2-4770-A0F5-59C63329B24A} - System32\Tasks\psv_Unilax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Volt-Dex.reg" & del "C:\ProgramData\Ronzap\Volt-Dex.reg" & SCHTASKS /Delete /TN "psv_Unilax" /F <==== ATTENTION
Task: {9D41798C-EF5E-421C-B8A0-64DDA3841A78} - System32\Tasks\psv_Dentola => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\SoftKeytouch.reg" & del "C:\ProgramData\Ronzap\SoftKeytouch.reg" & SCHTASKS /Delete /TN "psv_Dentola" /F <==== ATTENTION
Task: {A06BDBB7-C19F-46CF-8F95-4694D7430CE3} - System32\Tasks\psv_Zaamtax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Xxx-eco.reg" & del "C:\ProgramData\Ronzap\Xxx-eco.reg" & SCHTASKS /Delete /TN "psv_Zaamtax" /F <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [371912]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [MyComGames] => C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe [5013392 2017-02-14] (MY.COM B.V.) <===== ATTENTION
ShellExecuteHooks: No Name - {8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} - C:\Users\Marťas\AppData\Roaming\Grjelyckojule\Coosak.dll -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... JzhF3kt&q={searchTerms}
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F ... 0FA8kWLIom
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001 -> DefaultScope {ielnksrch} URL =
CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=0193a36a0277fe ... UH&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}& ... UH&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-16] <==== ATTENTION
S2 serverss; C:\WINDOWS\Temp\E12D.tmp [X]
C:\WINDOWS\LastGood.Tmp
C:\Program Files\qs4j0wbq
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\ProgramData\DP45977C.lfl
C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe
C:\Users\Marťas\AppData\Local\Temp
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir po stažení programu na snímaní plochy
Log
EmptyTemp:
End
*****************
SnapDo (HKLM-x32\...\{525A3CDD-2E1E-455A-AC13-6451B14AD793}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2606F025-A048-4A83-9287-83B63090DFD1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2606F025-A048-4A83-9287-83B63090DFD1} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_S-it => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_S-it => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8251CAD0-20A2-4770-A0F5-59C63329B24A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8251CAD0-20A2-4770-A0F5-59C63329B24A} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Unilax => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Unilax => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D41798C-EF5E-421C-B8A0-64DDA3841A78} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D41798C-EF5E-421C-B8A0-64DDA3841A78} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Dentola => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Dentola => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A06BDBB7-C19F-46CF-8F95-4694D7430CE3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A06BDBB7-C19F-46CF-8F95-4694D7430CE3} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Zaamtax => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Zaamtax => key removed successfully
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully
C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
C:\WINDOWS\system32\drivers => ":x64" ADS removed successfully.
C:\WINDOWS\system32\drivers => ":x86" ADS removed successfully.
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MyComGames => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} => value removed successfully
HKCR\CLSID\{8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\serverss => key removed successfully
serverss => service removed successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
C:\Program Files\qs4j0wbq => moved successfully
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe => moved successfully
"C:\Users\Marťas\AppData\Local\Temp" folder move:
Could not move "C:\Users\Marťas\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 39624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34085511 B
Java, Flash, Steam htmlcache => 736 B
Windows/system/drivers => 68630458 B
Edge => 71432471 B
Chrome => 0 B
Firefox => 107636056 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 794 B
NetworkService => 0 B
defaultuser0 => 7296 B
Marťas => 1260544527 B
RecycleBin => 24368595 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-02-2017 19:55:33)
C:\Users\Marťas\AppData\Local\Temp => moved successfully
==== End of Fixlog 19:55:36 ====
EmptyTemp:
End
*****************
SnapDo (HKLM-x32\...\{525A3CDD-2E1E-455A-AC13-6451B14AD793}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2606F025-A048-4A83-9287-83B63090DFD1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2606F025-A048-4A83-9287-83B63090DFD1} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_S-it => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_S-it => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8251CAD0-20A2-4770-A0F5-59C63329B24A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8251CAD0-20A2-4770-A0F5-59C63329B24A} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Unilax => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Unilax => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D41798C-EF5E-421C-B8A0-64DDA3841A78} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D41798C-EF5E-421C-B8A0-64DDA3841A78} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Dentola => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Dentola => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A06BDBB7-C19F-46CF-8F95-4694D7430CE3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A06BDBB7-C19F-46CF-8F95-4694D7430CE3} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Zaamtax => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Zaamtax => key removed successfully
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully
C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
C:\WINDOWS\system32\drivers => ":x64" ADS removed successfully.
C:\WINDOWS\system32\drivers => ":x86" ADS removed successfully.
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MyComGames => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} => value removed successfully
HKCR\CLSID\{8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\serverss => key removed successfully
serverss => service removed successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
C:\Program Files\qs4j0wbq => moved successfully
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe => moved successfully
"C:\Users\Marťas\AppData\Local\Temp" folder move:
Could not move "C:\Users\Marťas\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 39624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34085511 B
Java, Flash, Steam htmlcache => 736 B
Windows/system/drivers => 68630458 B
Edge => 71432471 B
Chrome => 0 B
Firefox => 107636056 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 794 B
NetworkService => 0 B
defaultuser0 => 7296 B
Marťas => 1260544527 B
RecycleBin => 24368595 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-02-2017 19:55:33)
C:\Users\Marťas\AppData\Local\Temp => moved successfully
==== End of Fixlog 19:55:36 ====
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir po stažení programu na snímaní plochy
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vir po stažení programu na snímaní plochy
Vše je už v pohodě, děkuji za pomoc.
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vir po stažení programu na snímaní plochy
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?