Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
reerd com
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: reerd com
Zdravim 
Uplne jste minul sekci, takze jak pujde kolem moderator, prosim o presunuti.
Dejte log z FRST a mrknem, co se s tim da delat http://forum.viry.cz/viewtopic.php?f=13&t=133100
Uplne jste minul sekci, takze jak pujde kolem moderator, prosim o presunuti. Dejte log z FRST a mrknem, co se s tim da delat http://forum.viry.cz/viewtopic.php?f=13&t=133100Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: reerd com
Ospravedlnujem sa za nespravnu sekciu 
Dostala som sa len k 3.bodu "Stažení FRSTLauncheru" kedze ho neviem stiahnut lebo aj ked vypnem antivirak tak mi to blokuje
Dostala som sa len k 3.bodu "Stažení FRSTLauncheru" kedze ho neviem stiahnut lebo aj ked vypnem antivirak tak mi to blokuje
Re: reerd com
Pokracujte tedy bez FRSTLauncheru - samotnym FRST.exe/FRST64.exe
Rudymu dekuji za presunuti do spravne sekce.
Rudymu dekuji za presunuti do spravne sekce.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: reerd com
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Patricia (administrator) on PATRICIA-PC on 16-03-2015 22:31:32
Running from C:\Users\Patricia\Desktop
Loaded Profiles: Patricia (Available profiles: Patricia)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
() C:\Program Files\XSManager\WTGService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Huawei Technologies Co., Ltd.) C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Huawei Technologies Co., Ltd.) C:\Users\Patricia\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [820520 2007-11-22] (Synaptics, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [DataCardMonitor] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2014-06-02] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [msdhbdSrv] => C:\Windows\system32\msdhbd.vbe [649 2014-06-23] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [DriverTurbo] => C:\Program Files\DriverTurbo\DriverTurbo.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491b7-ea40-11e3-b205-002268ee70e8} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491c2-ea40-11e3-b205-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {53d73ab2-1088-11e4-8791-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {e8da7702-0aa8-11e4-bd10-001e101fe5e1} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {f87dcbf8-e839-11e3-9feb-002268ee70e8} - F:\XSManagerinstallation.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reerd.com
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\cktnx9w2.default
FF Homepage: hxxp://www.reerd.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-30]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329872 2013-04-15] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-09] (Avira Operations GmbH & Co. KG)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [120320 2015-02-28] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [107520 2015-02-28] (Wireless Device)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-09] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 tcpipBM; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 22:31 - 2015-03-16 22:32 - 00010013 _____ () C:\Users\Patricia\Desktop\FRST.txt
2015-03-16 22:30 - 2015-03-16 22:31 - 00000000 ____D () C:\FRST
2015-03-16 22:30 - 2015-03-16 22:30 - 01135104 _____ (Farbar) C:\Users\Patricia\Desktop\FRST.exe
2015-03-16 21:53 - 2015-03-16 21:53 - 00112107 _____ (forum.viry.cz) C:\Users\Patricia\Downloads\VerzeOS.exe
2015-03-16 21:30 - 2015-03-16 21:32 - 00000000 ____D () C:\AdwCleaner
2015-03-16 21:29 - 2015-03-16 21:29 - 02171392 _____ () C:\Users\Patricia\Downloads\adwcleaner_4.112.exe
2015-03-16 20:26 - 2015-03-16 20:26 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\RainbowGames
2015-03-12 18:10 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 18:09 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 18:08 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 18:08 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 18:08 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 18:07 - 2015-02-26 02:45 - 03608504 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 18:07 - 2015-02-26 02:45 - 03556280 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 18:07 - 2015-02-26 02:31 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 18:07 - 2015-02-26 01:16 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 18:07 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 18:06 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 18:04 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 18:03 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 17:59 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 17:59 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 17:59 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 17:59 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 17:59 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 17:59 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 17:59 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 17:59 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 17:59 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 17:59 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 17:59 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 17:59 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 17:59 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-06 18:54 - 2015-03-06 18:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-28 14:40 - 2015-02-28 15:47 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\XSManager
2015-02-28 14:40 - 2015-02-28 14:33 - 00134144 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCWwan.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00133120 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_netamd.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00120320 _____ (Wireless Data Device) C:\Windows\system32\Drivers\cmntnet.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00118272 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_seramd.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00112640 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_net32.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00108032 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00107520 _____ (Wireless Device) C:\Windows\system32\Drivers\cmnuusbser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00103680 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_ser32.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00103424 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00101056 _____ () C:\Windows\system32\Drivers\dvb_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00092456 _____ () C:\Windows\system32\Drivers\isdbt_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00079036 _____ () C:\Windows\system32\Drivers\tdmb_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00052128 _____ (Siano) C:\Windows\system32\Drivers\smsbda.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00019968 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\MobileBroadbandDCUsb.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00000040 _____ () C:\Windows\system32\Drivers\smsbda.cfg
2015-02-28 14:33 - 2015-02-28 14:33 - 00001718 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk
2015-02-28 14:33 - 2015-02-28 14:33 - 00001712 _____ () C:\Users\Public\Desktop\XSManager.lnk
2015-02-28 14:33 - 2015-02-28 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
2015-02-27 21:34 - 2015-02-27 21:34 - 00000000 ____D () C:\ProgramData\ShinyTales
2015-02-25 11:21 - 2015-02-25 11:21 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\NanoTitans
2015-02-25 09:21 - 2015-02-25 09:23 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\wld
2015-02-24 23:44 - 2015-02-24 23:46 - 00000000 ____D () C:\ProgramData\SpookyMall
2015-02-23 23:00 - 2015-02-23 23:00 - 00000000 __RSH () C:\MSDOS.SYS
2015-02-23 23:00 - 2015-02-23 23:00 - 00000000 __RSH () C:\IO.SYS
2015-02-23 21:33 - 2015-02-27 22:34 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\BlamGames
2015-02-20 17:42 - 2015-02-20 17:42 - 00011894 _____ () C:\Users\Patricia\Downloads\Training overview Gatekeeper.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 22:24 - 2014-05-30 22:39 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\Skype
2015-03-16 21:46 - 2009-04-11 17:51 - 01565038 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 21:44 - 2014-06-03 17:15 - 00000000 ____D () C:\ProgramData\Big Fish
2015-03-16 21:44 - 2006-11-02 13:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-16 21:26 - 2014-06-03 17:21 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-16 21:26 - 2009-04-11 13:34 - 02071499 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 20:38 - 2006-11-02 13:45 - 00004224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-16 20:38 - 2006-11-02 13:45 - 00004224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 18:41 - 2014-11-24 19:37 - 00000030 _____ () C:\Users\Patricia\AppData\Roaming\mstaxdr.dat
2015-03-16 18:38 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 00:00 - 2014-05-30 11:35 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-16 00:00 - 2006-11-02 13:58 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-14 22:58 - 2014-12-29 14:08 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\GameHouse
2015-03-12 18:36 - 2006-11-02 13:44 - 00377064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 17:48 - 2014-05-30 12:09 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 17:48 - 2014-05-30 12:09 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-08 14:00 - 2014-05-30 12:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-06 20:24 - 2014-05-30 22:41 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\vlc
2015-03-05 18:07 - 2014-05-30 12:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 18:06 - 2014-05-30 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 18:06 - 2014-05-30 12:07 - 00000000 ____D () C:\Program Files\Avira
2015-03-03 20:54 - 2008-01-21 04:02 - 00155974 _____ () C:\Windows\PFRO.log
2015-02-28 14:40 - 2014-05-30 11:41 - 00000000 ____D () C:\Users\Patricia
2015-02-28 14:33 - 2014-05-30 22:00 - 00000000 ____D () C:\Program Files\XSManager
2015-02-28 00:32 - 2014-06-13 22:24 - 00000000 ____D () C:\ProgramData\OrganicCoffee
2015-02-27 12:41 - 2014-10-02 11:19 - 00000000 ___RD () C:\Program Files\Skype
2015-02-27 12:41 - 2014-05-30 22:38 - 00000000 ____D () C:\ProgramData\Skype
2015-02-26 13:04 - 2014-06-03 20:36 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\YoudaGames
2015-02-26 09:28 - 2015-02-10 15:30 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-26 09:28 - 2014-11-13 20:27 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2015-02-25 11:21 - 2014-06-03 17:10 - 00000000 ____D () C:\Users\Patricia\AppData\Local\Big Fish
2015-02-24 19:37 - 2015-02-10 20:46 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\VisualShape
2015-02-24 19:37 - 2015-02-10 20:46 - 00000000 ____D () C:\ProgramData\VisualShape
==================== Files in the root of some directories =======
2014-11-24 19:38 - 2014-11-24 19:38 - 0009111 _____ () C:\Users\Patricia\AppData\Roaming\msnwmuo.dat
2014-11-24 19:37 - 2015-03-16 18:41 - 0000030 _____ () C:\Users\Patricia\AppData\Roaming\mstaxdr.dat
2014-05-30 11:41 - 2014-10-17 23:27 - 0006756 _____ () C:\Users\Patricia\AppData\Local\d3d9caps.dat
2014-05-30 20:29 - 2015-02-11 21:42 - 0026112 _____ () C:\Users\Patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\Patricia\AppData\Local\Temp\avgnt.exe
C:\Users\Patricia\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Patricia\AppData\Local\Temp\mfc80.dll
C:\Users\Patricia\AppData\Local\Temp\mfc80u.dll
C:\Users\Patricia\AppData\Local\Temp\mfcm80.dll
C:\Users\Patricia\AppData\Local\Temp\mfcm80u.dll
C:\Users\Patricia\AppData\Local\Temp\msvcm80.dll
C:\Users\Patricia\AppData\Local\Temp\msvcp80.dll
C:\Users\Patricia\AppData\Local\Temp\msvcr80.dll
C:\Users\Patricia\AppData\Local\Temp\ose00000.exe
C:\Users\Patricia\AppData\Local\Temp\ose00001.exe
C:\Users\Patricia\AppData\Local\Temp\ose00002.exe
C:\Users\Patricia\AppData\Local\Temp\tempmessage.bfg
C:\Users\Patricia\AppData\Local\Temp\Uninstall.exe
C:\Users\Patricia\AppData\Local\Temp\Uninstaller.exe
C:\Users\Patricia\AppData\Local\Temp\UninstallerGer.dll
C:\Users\Patricia\AppData\Local\Temp\UninstallerIta.dll
C:\Users\Patricia\AppData\Local\Temp\WtgDriverInstallX.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-16 18:45
==================== End Of Log ============================
Ran by Patricia (administrator) on PATRICIA-PC on 16-03-2015 22:31:32
Running from C:\Users\Patricia\Desktop
Loaded Profiles: Patricia (Available profiles: Patricia)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
() C:\Program Files\XSManager\WTGService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Huawei Technologies Co., Ltd.) C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Huawei Technologies Co., Ltd.) C:\Users\Patricia\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [820520 2007-11-22] (Synaptics, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [DataCardMonitor] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2014-06-02] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [msdhbdSrv] => C:\Windows\system32\msdhbd.vbe [649 2014-06-23] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [DriverTurbo] => C:\Program Files\DriverTurbo\DriverTurbo.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491b7-ea40-11e3-b205-002268ee70e8} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491c2-ea40-11e3-b205-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {53d73ab2-1088-11e4-8791-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {e8da7702-0aa8-11e4-bd10-001e101fe5e1} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {f87dcbf8-e839-11e3-9feb-002268ee70e8} - F:\XSManagerinstallation.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reerd.com
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\cktnx9w2.default
FF Homepage: hxxp://www.reerd.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-30]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329872 2013-04-15] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-09] (Avira Operations GmbH & Co. KG)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [120320 2015-02-28] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [107520 2015-02-28] (Wireless Device)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-09] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 tcpipBM; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 22:31 - 2015-03-16 22:32 - 00010013 _____ () C:\Users\Patricia\Desktop\FRST.txt
2015-03-16 22:30 - 2015-03-16 22:31 - 00000000 ____D () C:\FRST
2015-03-16 22:30 - 2015-03-16 22:30 - 01135104 _____ (Farbar) C:\Users\Patricia\Desktop\FRST.exe
2015-03-16 21:53 - 2015-03-16 21:53 - 00112107 _____ (forum.viry.cz) C:\Users\Patricia\Downloads\VerzeOS.exe
2015-03-16 21:30 - 2015-03-16 21:32 - 00000000 ____D () C:\AdwCleaner
2015-03-16 21:29 - 2015-03-16 21:29 - 02171392 _____ () C:\Users\Patricia\Downloads\adwcleaner_4.112.exe
2015-03-16 20:26 - 2015-03-16 20:26 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\RainbowGames
2015-03-12 18:10 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 18:09 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 18:08 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 18:08 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 18:08 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 18:07 - 2015-02-26 02:45 - 03608504 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 18:07 - 2015-02-26 02:45 - 03556280 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 18:07 - 2015-02-26 02:31 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 18:07 - 2015-02-26 01:16 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 18:07 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 18:06 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 18:04 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 18:03 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 17:59 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 17:59 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 17:59 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 17:59 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 17:59 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 17:59 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 17:59 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 17:59 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 17:59 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 17:59 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 17:59 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 17:59 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 17:59 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-06 18:54 - 2015-03-06 18:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-28 14:40 - 2015-02-28 15:47 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\XSManager
2015-02-28 14:40 - 2015-02-28 14:33 - 00134144 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCWwan.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00133120 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_netamd.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00120320 _____ (Wireless Data Device) C:\Windows\system32\Drivers\cmntnet.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00118272 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_seramd.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00112640 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_net32.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00108032 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00107520 _____ (Wireless Device) C:\Windows\system32\Drivers\cmnuusbser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00103680 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_ser32.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00103424 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00101056 _____ () C:\Windows\system32\Drivers\dvb_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00092456 _____ () C:\Windows\system32\Drivers\isdbt_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00079036 _____ () C:\Windows\system32\Drivers\tdmb_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00052128 _____ (Siano) C:\Windows\system32\Drivers\smsbda.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00019968 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\MobileBroadbandDCUsb.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00000040 _____ () C:\Windows\system32\Drivers\smsbda.cfg
2015-02-28 14:33 - 2015-02-28 14:33 - 00001718 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk
2015-02-28 14:33 - 2015-02-28 14:33 - 00001712 _____ () C:\Users\Public\Desktop\XSManager.lnk
2015-02-28 14:33 - 2015-02-28 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
2015-02-27 21:34 - 2015-02-27 21:34 - 00000000 ____D () C:\ProgramData\ShinyTales
2015-02-25 11:21 - 2015-02-25 11:21 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\NanoTitans
2015-02-25 09:21 - 2015-02-25 09:23 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\wld
2015-02-24 23:44 - 2015-02-24 23:46 - 00000000 ____D () C:\ProgramData\SpookyMall
2015-02-23 23:00 - 2015-02-23 23:00 - 00000000 __RSH () C:\MSDOS.SYS
2015-02-23 23:00 - 2015-02-23 23:00 - 00000000 __RSH () C:\IO.SYS
2015-02-23 21:33 - 2015-02-27 22:34 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\BlamGames
2015-02-20 17:42 - 2015-02-20 17:42 - 00011894 _____ () C:\Users\Patricia\Downloads\Training overview Gatekeeper.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 22:24 - 2014-05-30 22:39 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\Skype
2015-03-16 21:46 - 2009-04-11 17:51 - 01565038 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 21:44 - 2014-06-03 17:15 - 00000000 ____D () C:\ProgramData\Big Fish
2015-03-16 21:44 - 2006-11-02 13:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-16 21:26 - 2014-06-03 17:21 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-16 21:26 - 2009-04-11 13:34 - 02071499 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 20:38 - 2006-11-02 13:45 - 00004224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-16 20:38 - 2006-11-02 13:45 - 00004224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 18:41 - 2014-11-24 19:37 - 00000030 _____ () C:\Users\Patricia\AppData\Roaming\mstaxdr.dat
2015-03-16 18:38 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 00:00 - 2014-05-30 11:35 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-16 00:00 - 2006-11-02 13:58 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-14 22:58 - 2014-12-29 14:08 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\GameHouse
2015-03-12 18:36 - 2006-11-02 13:44 - 00377064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 17:48 - 2014-05-30 12:09 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 17:48 - 2014-05-30 12:09 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-08 14:00 - 2014-05-30 12:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-06 20:24 - 2014-05-30 22:41 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\vlc
2015-03-05 18:07 - 2014-05-30 12:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 18:06 - 2014-05-30 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 18:06 - 2014-05-30 12:07 - 00000000 ____D () C:\Program Files\Avira
2015-03-03 20:54 - 2008-01-21 04:02 - 00155974 _____ () C:\Windows\PFRO.log
2015-02-28 14:40 - 2014-05-30 11:41 - 00000000 ____D () C:\Users\Patricia
2015-02-28 14:33 - 2014-05-30 22:00 - 00000000 ____D () C:\Program Files\XSManager
2015-02-28 00:32 - 2014-06-13 22:24 - 00000000 ____D () C:\ProgramData\OrganicCoffee
2015-02-27 12:41 - 2014-10-02 11:19 - 00000000 ___RD () C:\Program Files\Skype
2015-02-27 12:41 - 2014-05-30 22:38 - 00000000 ____D () C:\ProgramData\Skype
2015-02-26 13:04 - 2014-06-03 20:36 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\YoudaGames
2015-02-26 09:28 - 2015-02-10 15:30 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-26 09:28 - 2014-11-13 20:27 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2015-02-25 11:21 - 2014-06-03 17:10 - 00000000 ____D () C:\Users\Patricia\AppData\Local\Big Fish
2015-02-24 19:37 - 2015-02-10 20:46 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\VisualShape
2015-02-24 19:37 - 2015-02-10 20:46 - 00000000 ____D () C:\ProgramData\VisualShape
==================== Files in the root of some directories =======
2014-11-24 19:38 - 2014-11-24 19:38 - 0009111 _____ () C:\Users\Patricia\AppData\Roaming\msnwmuo.dat
2014-11-24 19:37 - 2015-03-16 18:41 - 0000030 _____ () C:\Users\Patricia\AppData\Roaming\mstaxdr.dat
2014-05-30 11:41 - 2014-10-17 23:27 - 0006756 _____ () C:\Users\Patricia\AppData\Local\d3d9caps.dat
2014-05-30 20:29 - 2015-02-11 21:42 - 0026112 _____ () C:\Users\Patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\Patricia\AppData\Local\Temp\avgnt.exe
C:\Users\Patricia\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Patricia\AppData\Local\Temp\mfc80.dll
C:\Users\Patricia\AppData\Local\Temp\mfc80u.dll
C:\Users\Patricia\AppData\Local\Temp\mfcm80.dll
C:\Users\Patricia\AppData\Local\Temp\mfcm80u.dll
C:\Users\Patricia\AppData\Local\Temp\msvcm80.dll
C:\Users\Patricia\AppData\Local\Temp\msvcp80.dll
C:\Users\Patricia\AppData\Local\Temp\msvcr80.dll
C:\Users\Patricia\AppData\Local\Temp\ose00000.exe
C:\Users\Patricia\AppData\Local\Temp\ose00001.exe
C:\Users\Patricia\AppData\Local\Temp\ose00002.exe
C:\Users\Patricia\AppData\Local\Temp\tempmessage.bfg
C:\Users\Patricia\AppData\Local\Temp\Uninstall.exe
C:\Users\Patricia\AppData\Local\Temp\Uninstaller.exe
C:\Users\Patricia\AppData\Local\Temp\UninstallerGer.dll
C:\Users\Patricia\AppData\Local\Temp\UninstallerIta.dll
C:\Users\Patricia\AppData\Local\Temp\WtgDriverInstallX.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-16 18:45
==================== End Of Log ============================
Re: reerd com
V ramci cisteni Vam budou vyprazdneny cache prohlizecu (vcetne historie) a docasne adresare (vcetne Kose). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Cleaning
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: reerd com
# AdwCleaner v4.112 - Bericht erstellt 16/03/2015 um 22:51:00
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (x86)
# Benutzername : Patricia - PATRICIA-PC
# Gestarted von : C:\Users\Patricia\Desktop\adwcleaner_4.112.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\BigFishSavedGames
Ordner Gelöscht : C:\Users\Patricia\AppData\Local\Temp\DriverTurbo
Ordner Gelöscht : C:\Users\Patricia\AppData\Roaming\quickclick
Ordner Gelöscht : C:\Users\Patricia\AppData\Roaming\DriverTurbo
Datei Gelöscht : C:\Users\Patricia\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Patricia\AppData\Local\Temp\uninstaller.exe
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-00B2-0409-0000-0000000FF1CE}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16633
-\\ Mozilla Firefox v36.0.1 (x86 de)
*************************
AdwCleaner[R0].txt - [1491 Bytes] - [16/03/2015 21:30:54]
AdwCleaner[R1].txt - [1548 Bytes] - [16/03/2015 22:49:03]
AdwCleaner[S0].txt - [1470 Bytes] - [16/03/2015 22:51:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1529 Bytes] ##########
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (x86)
# Benutzername : Patricia - PATRICIA-PC
# Gestarted von : C:\Users\Patricia\Desktop\adwcleaner_4.112.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\BigFishSavedGames
Ordner Gelöscht : C:\Users\Patricia\AppData\Local\Temp\DriverTurbo
Ordner Gelöscht : C:\Users\Patricia\AppData\Roaming\quickclick
Ordner Gelöscht : C:\Users\Patricia\AppData\Roaming\DriverTurbo
Datei Gelöscht : C:\Users\Patricia\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Patricia\AppData\Local\Temp\uninstaller.exe
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-00B2-0409-0000-0000000FF1CE}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16633
-\\ Mozilla Firefox v36.0.1 (x86 de)
*************************
AdwCleaner[R0].txt - [1491 Bytes] - [16/03/2015 21:30:54]
AdwCleaner[R1].txt - [1548 Bytes] - [16/03/2015 22:49:03]
AdwCleaner[S0].txt - [1470 Bytes] - [16/03/2015 22:51:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1529 Bytes] ##########
Re: reerd com
Dejte aktualni log z FRST, prilozte opet i Addition.txt (pri druhem a dalsim spusteni musite explicitne zatrhnout volbu Addition, aby byl Addition.txt vytvoren).Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: reerd com
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Patricia (administrator) on PATRICIA-PC on 16-03-2015 23:07:16
Running from C:\Users\Patricia\Desktop
Loaded Profiles: Patricia (Available profiles: Patricia)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
() C:\Program Files\XSManager\WTGService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Huawei Technologies Co., Ltd.) C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Huawei Technologies Co., Ltd.) C:\Users\Patricia\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [820520 2007-11-22] (Synaptics, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [DataCardMonitor] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2014-06-02] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [msdhbdSrv] => C:\Windows\system32\msdhbd.vbe [649 2014-06-23] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [DriverTurbo] => C:\Program Files\DriverTurbo\DriverTurbo.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491b7-ea40-11e3-b205-002268ee70e8} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491c2-ea40-11e3-b205-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {53d73ab2-1088-11e4-8791-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {e8da7702-0aa8-11e4-bd10-001e101fe5e1} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {f87dcbf8-e839-11e3-9feb-002268ee70e8} - F:\XSManagerinstallation.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reerd.com
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\cktnx9w2.default
FF Homepage: hxxp://www.reerd.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-30]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329872 2013-04-15] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-09] (Avira Operations GmbH & Co. KG)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [120320 2015-02-28] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [107520 2015-02-28] (Wireless Device)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-09] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 tcpipBM; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 22:40 - 2015-03-16 22:40 - 00006483 _____ () C:\Users\Patricia\Desktop\Addition.zip
2015-03-16 22:32 - 2015-03-16 22:35 - 00026445 _____ () C:\Users\Patricia\Desktop\Addition.txt
2015-03-16 22:31 - 2015-03-16 23:07 - 00010226 _____ () C:\Users\Patricia\Desktop\FRST.txt
2015-03-16 22:30 - 2015-03-16 23:07 - 00000000 ____D () C:\FRST
2015-03-16 22:30 - 2015-03-16 22:30 - 01135104 _____ (Farbar) C:\Users\Patricia\Desktop\FRST.exe
2015-03-16 21:53 - 2015-03-16 21:53 - 00112107 _____ (forum.viry.cz) C:\Users\Patricia\Downloads\VerzeOS.exe
2015-03-16 21:30 - 2015-03-16 22:51 - 00000000 ____D () C:\AdwCleaner
2015-03-16 21:29 - 2015-03-16 21:29 - 02171392 _____ () C:\Users\Patricia\Desktop\adwcleaner_4.112.exe
2015-03-16 20:26 - 2015-03-16 20:26 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\RainbowGames
2015-03-12 18:10 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 18:09 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 18:08 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 18:08 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 18:08 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 18:07 - 2015-02-26 02:45 - 03608504 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 18:07 - 2015-02-26 02:45 - 03556280 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 18:07 - 2015-02-26 02:31 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 18:07 - 2015-02-26 01:16 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 18:07 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 18:06 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 18:04 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 18:03 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 17:59 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 17:59 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 17:59 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 17:59 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 17:59 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 17:59 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 17:59 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 17:59 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 17:59 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 17:59 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 17:59 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 17:59 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 17:59 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-06 18:54 - 2015-03-06 18:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-28 14:40 - 2015-02-28 15:47 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\XSManager
2015-02-28 14:40 - 2015-02-28 14:33 - 00134144 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCWwan.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00133120 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_netamd.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00120320 _____ (Wireless Data Device) C:\Windows\system32\Drivers\cmntnet.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00118272 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_seramd.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00112640 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_net32.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00108032 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00107520 _____ (Wireless Device) C:\Windows\system32\Drivers\cmnuusbser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00103680 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_ser32.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00103424 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00101056 _____ () C:\Windows\system32\Drivers\dvb_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00092456 _____ () C:\Windows\system32\Drivers\isdbt_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00079036 _____ () C:\Windows\system32\Drivers\tdmb_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00052128 _____ (Siano) C:\Windows\system32\Drivers\smsbda.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00019968 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\MobileBroadbandDCUsb.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00000040 _____ () C:\Windows\system32\Drivers\smsbda.cfg
2015-02-28 14:33 - 2015-02-28 14:33 - 00001718 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk
2015-02-28 14:33 - 2015-02-28 14:33 - 00001712 _____ () C:\Users\Public\Desktop\XSManager.lnk
2015-02-28 14:33 - 2015-02-28 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
2015-02-27 21:34 - 2015-02-27 21:34 - 00000000 ____D () C:\ProgramData\ShinyTales
2015-02-25 11:21 - 2015-02-25 11:21 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\NanoTitans
2015-02-25 09:21 - 2015-02-25 09:23 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\wld
2015-02-24 23:44 - 2015-02-24 23:46 - 00000000 ____D () C:\ProgramData\SpookyMall
2015-02-23 23:00 - 2015-02-23 23:00 - 00000000 __RSH () C:\MSDOS.SYS
2015-02-23 23:00 - 2015-02-23 23:00 - 00000000 __RSH () C:\IO.SYS
2015-02-23 21:33 - 2015-02-27 22:34 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\BlamGames
2015-02-20 17:42 - 2015-02-20 17:42 - 00011894 _____ () C:\Users\Patricia\Downloads\Training overview Gatekeeper.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 22:58 - 2009-04-11 13:34 - 02082453 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 22:56 - 2014-05-30 22:39 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\Skype
2015-03-16 22:53 - 2008-01-21 04:02 - 00159888 _____ () C:\Windows\PFRO.log
2015-03-16 22:53 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 22:53 - 2006-11-02 13:45 - 00004224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-16 22:53 - 2006-11-02 13:45 - 00004224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 22:51 - 2014-05-30 11:35 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-16 22:51 - 2006-11-02 13:58 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-16 21:46 - 2009-04-11 17:51 - 01565038 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 21:44 - 2014-06-03 17:15 - 00000000 ____D () C:\ProgramData\Big Fish
2015-03-16 21:44 - 2006-11-02 13:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-16 21:26 - 2014-06-03 17:21 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-16 18:41 - 2014-11-24 19:37 - 00000030 _____ () C:\Users\Patricia\AppData\Roaming\mstaxdr.dat
2015-03-14 22:58 - 2014-12-29 14:08 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\GameHouse
2015-03-12 18:36 - 2006-11-02 13:44 - 00377064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 17:48 - 2014-05-30 12:09 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 17:48 - 2014-05-30 12:09 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-08 14:00 - 2014-05-30 12:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-06 20:24 - 2014-05-30 22:41 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\vlc
2015-03-05 18:07 - 2014-05-30 12:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 18:06 - 2014-05-30 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 18:06 - 2014-05-30 12:07 - 00000000 ____D () C:\Program Files\Avira
2015-02-28 14:40 - 2014-05-30 11:41 - 00000000 ____D () C:\Users\Patricia
2015-02-28 14:33 - 2014-05-30 22:00 - 00000000 ____D () C:\Program Files\XSManager
2015-02-28 00:32 - 2014-06-13 22:24 - 00000000 ____D () C:\ProgramData\OrganicCoffee
2015-02-27 12:41 - 2014-10-02 11:19 - 00000000 ___RD () C:\Program Files\Skype
2015-02-27 12:41 - 2014-05-30 22:38 - 00000000 ____D () C:\ProgramData\Skype
2015-02-26 13:04 - 2014-06-03 20:36 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\YoudaGames
2015-02-26 09:28 - 2015-02-10 15:30 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-26 09:28 - 2014-11-13 20:27 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2015-02-25 11:21 - 2014-06-03 17:10 - 00000000 ____D () C:\Users\Patricia\AppData\Local\Big Fish
2015-02-24 19:37 - 2015-02-10 20:46 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\VisualShape
2015-02-24 19:37 - 2015-02-10 20:46 - 00000000 ____D () C:\ProgramData\VisualShape
==================== Files in the root of some directories =======
2014-11-24 19:38 - 2014-11-24 19:38 - 0009111 _____ () C:\Users\Patricia\AppData\Roaming\msnwmuo.dat
2014-11-24 19:37 - 2015-03-16 18:41 - 0000030 _____ () C:\Users\Patricia\AppData\Roaming\mstaxdr.dat
2014-05-30 11:41 - 2014-10-17 23:27 - 0006756 _____ () C:\Users\Patricia\AppData\Local\d3d9caps.dat
2014-05-30 20:29 - 2015-02-11 21:42 - 0026112 _____ () C:\Users\Patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\Patricia\AppData\Local\Temp\avgnt.exe
C:\Users\Patricia\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Patricia\AppData\Local\Temp\mfc80.dll
C:\Users\Patricia\AppData\Local\Temp\mfc80u.dll
C:\Users\Patricia\AppData\Local\Temp\mfcm80.dll
C:\Users\Patricia\AppData\Local\Temp\mfcm80u.dll
C:\Users\Patricia\AppData\Local\Temp\msvcm80.dll
C:\Users\Patricia\AppData\Local\Temp\msvcp80.dll
C:\Users\Patricia\AppData\Local\Temp\msvcr80.dll
C:\Users\Patricia\AppData\Local\Temp\ose00000.exe
C:\Users\Patricia\AppData\Local\Temp\ose00001.exe
C:\Users\Patricia\AppData\Local\Temp\ose00002.exe
C:\Users\Patricia\AppData\Local\Temp\Quarantine.exe
C:\Users\Patricia\AppData\Local\Temp\sqlite3.dll
C:\Users\Patricia\AppData\Local\Temp\tempmessage.bfg
C:\Users\Patricia\AppData\Local\Temp\UninstallerGer.dll
C:\Users\Patricia\AppData\Local\Temp\UninstallerIta.dll
C:\Users\Patricia\AppData\Local\Temp\WtgDriverInstallX.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-16 23:00
==================== End Of Log ============================
Ran by Patricia (administrator) on PATRICIA-PC on 16-03-2015 23:07:16
Running from C:\Users\Patricia\Desktop
Loaded Profiles: Patricia (Available profiles: Patricia)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
() C:\Program Files\XSManager\WTGService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Huawei Technologies Co., Ltd.) C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Huawei Technologies Co., Ltd.) C:\Users\Patricia\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [820520 2007-11-22] (Synaptics, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [DataCardMonitor] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2014-06-02] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [msdhbdSrv] => C:\Windows\system32\msdhbd.vbe [649 2014-06-23] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [DriverTurbo] => C:\Program Files\DriverTurbo\DriverTurbo.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491b7-ea40-11e3-b205-002268ee70e8} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491c2-ea40-11e3-b205-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {53d73ab2-1088-11e4-8791-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {e8da7702-0aa8-11e4-bd10-001e101fe5e1} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {f87dcbf8-e839-11e3-9feb-002268ee70e8} - F:\XSManagerinstallation.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reerd.com
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\cktnx9w2.default
FF Homepage: hxxp://www.reerd.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-30]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-10] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329872 2013-04-15] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-05-09] (Avira Operations GmbH & Co. KG)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2008-10-09] (Bytemobile, Inc.) [File not signed]
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [120320 2015-02-28] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [107520 2015-02-28] (Wireless Device)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-05-09] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 tcpipBM; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 22:40 - 2015-03-16 22:40 - 00006483 _____ () C:\Users\Patricia\Desktop\Addition.zip
2015-03-16 22:32 - 2015-03-16 22:35 - 00026445 _____ () C:\Users\Patricia\Desktop\Addition.txt
2015-03-16 22:31 - 2015-03-16 23:07 - 00010226 _____ () C:\Users\Patricia\Desktop\FRST.txt
2015-03-16 22:30 - 2015-03-16 23:07 - 00000000 ____D () C:\FRST
2015-03-16 22:30 - 2015-03-16 22:30 - 01135104 _____ (Farbar) C:\Users\Patricia\Desktop\FRST.exe
2015-03-16 21:53 - 2015-03-16 21:53 - 00112107 _____ (forum.viry.cz) C:\Users\Patricia\Downloads\VerzeOS.exe
2015-03-16 21:30 - 2015-03-16 22:51 - 00000000 ____D () C:\AdwCleaner
2015-03-16 21:29 - 2015-03-16 21:29 - 02171392 _____ () C:\Users\Patricia\Desktop\adwcleaner_4.112.exe
2015-03-16 20:26 - 2015-03-16 20:26 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\RainbowGames
2015-03-12 18:10 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 18:09 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 18:08 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 18:08 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 18:08 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 18:07 - 2015-02-26 02:45 - 03608504 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 18:07 - 2015-02-26 02:45 - 03556280 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 18:07 - 2015-02-26 02:31 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 18:07 - 2015-02-26 01:16 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 18:07 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 18:06 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 18:04 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 18:03 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 17:59 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 17:59 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 17:59 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 17:59 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 17:59 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 17:59 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 17:59 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 17:59 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 17:59 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 17:59 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 17:59 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 17:59 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 17:59 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 17:59 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 17:59 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-06 18:54 - 2015-03-06 18:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-28 14:40 - 2015-02-28 15:47 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\XSManager
2015-02-28 14:40 - 2015-02-28 14:33 - 00134144 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCWwan.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00133120 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_netamd.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00120320 _____ (Wireless Data Device) C:\Windows\system32\Drivers\cmntnet.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00118272 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_seramd.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00112640 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_net32.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00108032 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00107520 _____ (Wireless Device) C:\Windows\system32\Drivers\cmnuusbser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00103680 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_ser32.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00103424 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00101056 _____ () C:\Windows\system32\Drivers\dvb_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00092456 _____ () C:\Windows\system32\Drivers\isdbt_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00079036 _____ () C:\Windows\system32\Drivers\tdmb_nova_12mhz_b0.inp
2015-02-28 14:40 - 2015-02-28 14:33 - 00052128 _____ (Siano) C:\Windows\system32\Drivers\smsbda.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00019968 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\MobileBroadbandDCUsb.sys
2015-02-28 14:40 - 2015-02-28 14:33 - 00000040 _____ () C:\Windows\system32\Drivers\smsbda.cfg
2015-02-28 14:33 - 2015-02-28 14:33 - 00001718 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk
2015-02-28 14:33 - 2015-02-28 14:33 - 00001712 _____ () C:\Users\Public\Desktop\XSManager.lnk
2015-02-28 14:33 - 2015-02-28 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
2015-02-27 21:34 - 2015-02-27 21:34 - 00000000 ____D () C:\ProgramData\ShinyTales
2015-02-25 11:21 - 2015-02-25 11:21 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\NanoTitans
2015-02-25 09:21 - 2015-02-25 09:23 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\wld
2015-02-24 23:44 - 2015-02-24 23:46 - 00000000 ____D () C:\ProgramData\SpookyMall
2015-02-23 23:00 - 2015-02-23 23:00 - 00000000 __RSH () C:\MSDOS.SYS
2015-02-23 23:00 - 2015-02-23 23:00 - 00000000 __RSH () C:\IO.SYS
2015-02-23 21:33 - 2015-02-27 22:34 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\BlamGames
2015-02-20 17:42 - 2015-02-20 17:42 - 00011894 _____ () C:\Users\Patricia\Downloads\Training overview Gatekeeper.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 22:58 - 2009-04-11 13:34 - 02082453 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 22:56 - 2014-05-30 22:39 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\Skype
2015-03-16 22:53 - 2008-01-21 04:02 - 00159888 _____ () C:\Windows\PFRO.log
2015-03-16 22:53 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 22:53 - 2006-11-02 13:45 - 00004224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-16 22:53 - 2006-11-02 13:45 - 00004224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 22:51 - 2014-05-30 11:35 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-03-16 22:51 - 2006-11-02 13:58 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-16 21:46 - 2009-04-11 17:51 - 01565038 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 21:44 - 2014-06-03 17:15 - 00000000 ____D () C:\ProgramData\Big Fish
2015-03-16 21:44 - 2006-11-02 13:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-16 21:26 - 2014-06-03 17:21 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-16 18:41 - 2014-11-24 19:37 - 00000030 _____ () C:\Users\Patricia\AppData\Roaming\mstaxdr.dat
2015-03-14 22:58 - 2014-12-29 14:08 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\GameHouse
2015-03-12 18:36 - 2006-11-02 13:44 - 00377064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 17:48 - 2014-05-30 12:09 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 17:48 - 2014-05-30 12:09 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-08 14:00 - 2014-05-30 12:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-06 20:24 - 2014-05-30 22:41 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\vlc
2015-03-05 18:07 - 2014-05-30 12:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 18:06 - 2014-05-30 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 18:06 - 2014-05-30 12:07 - 00000000 ____D () C:\Program Files\Avira
2015-02-28 14:40 - 2014-05-30 11:41 - 00000000 ____D () C:\Users\Patricia
2015-02-28 14:33 - 2014-05-30 22:00 - 00000000 ____D () C:\Program Files\XSManager
2015-02-28 00:32 - 2014-06-13 22:24 - 00000000 ____D () C:\ProgramData\OrganicCoffee
2015-02-27 12:41 - 2014-10-02 11:19 - 00000000 ___RD () C:\Program Files\Skype
2015-02-27 12:41 - 2014-05-30 22:38 - 00000000 ____D () C:\ProgramData\Skype
2015-02-26 13:04 - 2014-06-03 20:36 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\YoudaGames
2015-02-26 09:28 - 2015-02-10 15:30 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-26 09:28 - 2014-11-13 20:27 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2015-02-25 11:21 - 2014-06-03 17:10 - 00000000 ____D () C:\Users\Patricia\AppData\Local\Big Fish
2015-02-24 19:37 - 2015-02-10 20:46 - 00000000 ____D () C:\Users\Patricia\AppData\Roaming\VisualShape
2015-02-24 19:37 - 2015-02-10 20:46 - 00000000 ____D () C:\ProgramData\VisualShape
==================== Files in the root of some directories =======
2014-11-24 19:38 - 2014-11-24 19:38 - 0009111 _____ () C:\Users\Patricia\AppData\Roaming\msnwmuo.dat
2014-11-24 19:37 - 2015-03-16 18:41 - 0000030 _____ () C:\Users\Patricia\AppData\Roaming\mstaxdr.dat
2014-05-30 11:41 - 2014-10-17 23:27 - 0006756 _____ () C:\Users\Patricia\AppData\Local\d3d9caps.dat
2014-05-30 20:29 - 2015-02-11 21:42 - 0026112 _____ () C:\Users\Patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\Patricia\AppData\Local\Temp\avgnt.exe
C:\Users\Patricia\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Patricia\AppData\Local\Temp\mfc80.dll
C:\Users\Patricia\AppData\Local\Temp\mfc80u.dll
C:\Users\Patricia\AppData\Local\Temp\mfcm80.dll
C:\Users\Patricia\AppData\Local\Temp\mfcm80u.dll
C:\Users\Patricia\AppData\Local\Temp\msvcm80.dll
C:\Users\Patricia\AppData\Local\Temp\msvcp80.dll
C:\Users\Patricia\AppData\Local\Temp\msvcr80.dll
C:\Users\Patricia\AppData\Local\Temp\ose00000.exe
C:\Users\Patricia\AppData\Local\Temp\ose00001.exe
C:\Users\Patricia\AppData\Local\Temp\ose00002.exe
C:\Users\Patricia\AppData\Local\Temp\Quarantine.exe
C:\Users\Patricia\AppData\Local\Temp\sqlite3.dll
C:\Users\Patricia\AppData\Local\Temp\tempmessage.bfg
C:\Users\Patricia\AppData\Local\Temp\UninstallerGer.dll
C:\Users\Patricia\AppData\Local\Temp\UninstallerIta.dll
C:\Users\Patricia\AppData\Local\Temp\WtgDriverInstallX.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-16 23:00
==================== End Of Log ============================
Re: reerd com
- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi
Kód: Vybrat vše
Start CloseProcesses: HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [msdhbdSrv] => C:\Windows\system32\msdhbd.vbe [649 2014-06-23] () C:\Windows\system32\msdhbd.vbe C:\Windows\system32\msdhbd.inf HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491b7-ea40-11e3-b205-002268ee70e8} - F:\AutoRun.exe HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491c2-ea40-11e3-b205-001e101f2500} - F:\AutoRun.exe HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {53d73ab2-1088-11e4-8791-001e101f8ed0} - F:\AutoRun.exe HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {e8da7702-0aa8-11e4-bd10-001e101fe5e1} - F:\AutoRun.exe HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {f87dcbf8-e839-11e3-9feb-002268ee70e8} - F:\XSManagerinstallation.exe HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reerd.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF Homepage: hxxp://www.reerd.com 2015-03-16 22:40 - 2015-03-16 22:40 - 00006483 _____ () C:\Users\Patricia\Desktop\Addition.zip 2015-03-16 22:32 - 2015-03-16 22:35 - 00026445 _____ () C:\Users\Patricia\Desktop\Addition.txt 2015-03-16 22:31 - 2015-03-16 23:07 - 00010226 _____ () C:\Users\Patricia\Desktop\FRST.txt 2015-03-16 21:53 - 2015-03-16 21:53 - 00112107 _____ (forum.viry.cz) C:\Users\Patricia\Downloads\VerzeOS.exe 2015-03-16 21:30 - 2015-03-16 22:51 - 00000000 ____D () C:\AdwCleaner 2015-03-16 21:29 - 2015-03-16 21:29 - 02171392 _____ () C:\Users\Patricia\Desktop\adwcleaner_4.112.exe 2014-11-24 19:38 - 2014-11-24 19:38 - 0009111 _____ () C:\Users\Patricia\AppData\Roaming\msnwmuo.dat 2014-11-24 19:37 - 2015-03-16 18:41 - 0000030 _____ () C:\Users\Patricia\AppData\Roaming\mstaxdr.dat 2014-05-30 11:41 - 2014-10-17 23:27 - 0006756 _____ () C:\Users\Patricia\AppData\Local\d3d9caps.dat AlternateDataStreams: C:\ProgramData\TEMP:014BC3B4 AlternateDataStreams: C:\ProgramData\TEMP:02B823FE AlternateDataStreams: C:\ProgramData\TEMP:059167AF AlternateDataStreams: C:\ProgramData\TEMP:0915A718 AlternateDataStreams: C:\ProgramData\TEMP:0BABC4C8 AlternateDataStreams: C:\ProgramData\TEMP:0C2F9CC7 AlternateDataStreams: C:\ProgramData\TEMP:0E67073E AlternateDataStreams: C:\ProgramData\TEMP:10D45FC3 AlternateDataStreams: C:\ProgramData\TEMP:10D98D98 AlternateDataStreams: C:\ProgramData\TEMP:11FC043F AlternateDataStreams: C:\ProgramData\TEMP:122B409D AlternateDataStreams: C:\ProgramData\TEMP:1419F1F4 AlternateDataStreams: C:\ProgramData\TEMP:151760F0 AlternateDataStreams: C:\ProgramData\TEMP:178093AE AlternateDataStreams: C:\ProgramData\TEMP:1B3549F2 AlternateDataStreams: C:\ProgramData\TEMP:269C0B5C AlternateDataStreams: C:\ProgramData\TEMP:28819F45 AlternateDataStreams: C:\ProgramData\TEMP:2ADF9928 AlternateDataStreams: C:\ProgramData\TEMP:2C399CCA AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:30E0D641 AlternateDataStreams: C:\ProgramData\TEMP:31F2397C AlternateDataStreams: C:\ProgramData\TEMP:349E5B74 AlternateDataStreams: C:\ProgramData\TEMP:373DF935 AlternateDataStreams: C:\ProgramData\TEMP:3B07E6F4 AlternateDataStreams: C:\ProgramData\TEMP:3BAD65EA AlternateDataStreams: C:\ProgramData\TEMP:3BF63E4A AlternateDataStreams: C:\ProgramData\TEMP:3C0F646D AlternateDataStreams: C:\ProgramData\TEMP:439E3411 AlternateDataStreams: C:\ProgramData\TEMP:43E95997 AlternateDataStreams: C:\ProgramData\TEMP:4709F39D AlternateDataStreams: C:\ProgramData\TEMP:4826868B AlternateDataStreams: C:\ProgramData\TEMP:483AC68A AlternateDataStreams: C:\ProgramData\TEMP:49B217F7 AlternateDataStreams: C:\ProgramData\TEMP:49EB0FDC AlternateDataStreams: C:\ProgramData\TEMP:4B70A9FA AlternateDataStreams: C:\ProgramData\TEMP:4C49306C AlternateDataStreams: C:\ProgramData\TEMP:512336B9 AlternateDataStreams: C:\ProgramData\TEMP:52E1DB1D AlternateDataStreams: C:\ProgramData\TEMP:554C6431 AlternateDataStreams: C:\ProgramData\TEMP:57173DB4 AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E AlternateDataStreams: C:\ProgramData\TEMP:5A8F8A0C AlternateDataStreams: C:\ProgramData\TEMP:5C0940F1 AlternateDataStreams: C:\ProgramData\TEMP:5C92988B AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8 AlternateDataStreams: C:\ProgramData\TEMP:61C6B926 AlternateDataStreams: C:\ProgramData\TEMP:62525FE7 AlternateDataStreams: C:\ProgramData\TEMP:63C68F03 AlternateDataStreams: C:\ProgramData\TEMP:6677D85A AlternateDataStreams: C:\ProgramData\TEMP:67BA17B9 AlternateDataStreams: C:\ProgramData\TEMP:69B658DD AlternateDataStreams: C:\ProgramData\TEMP:69FE2EE4 AlternateDataStreams: C:\ProgramData\TEMP:6AD65294 AlternateDataStreams: C:\ProgramData\TEMP:6B28173C AlternateDataStreams: C:\ProgramData\TEMP:6FD36C4B AlternateDataStreams: C:\ProgramData\TEMP:6FDE1666 AlternateDataStreams: C:\ProgramData\TEMP:705EDCAA AlternateDataStreams: C:\ProgramData\TEMP:716C3D9F AlternateDataStreams: C:\ProgramData\TEMP:7804B508 AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB AlternateDataStreams: C:\ProgramData\TEMP:7CEDF9F3 AlternateDataStreams: C:\ProgramData\TEMP:81067530 AlternateDataStreams: C:\ProgramData\TEMP:81653DC8 AlternateDataStreams: C:\ProgramData\TEMP:82756AB7 AlternateDataStreams: C:\ProgramData\TEMP:86043CD3 AlternateDataStreams: C:\ProgramData\TEMP:88AE8AB0 AlternateDataStreams: C:\ProgramData\TEMP:8C6D1905 AlternateDataStreams: C:\ProgramData\TEMP:8C81B36D AlternateDataStreams: C:\ProgramData\TEMP:908A1B53 AlternateDataStreams: C:\ProgramData\TEMP:90C5140C AlternateDataStreams: C:\ProgramData\TEMP:93226FE3 AlternateDataStreams: C:\ProgramData\TEMP:96646EC1 AlternateDataStreams: C:\ProgramData\TEMP:969C0C96 AlternateDataStreams: C:\ProgramData\TEMP:9B711F92 AlternateDataStreams: C:\ProgramData\TEMP:9C5EEE30 AlternateDataStreams: C:\ProgramData\TEMP:A1023D41 AlternateDataStreams: C:\ProgramData\TEMP:A43B789A AlternateDataStreams: C:\ProgramData\TEMP:A59DD4AD AlternateDataStreams: C:\ProgramData\TEMP:A6A65B80 AlternateDataStreams: C:\ProgramData\TEMP:AA18FA3A AlternateDataStreams: C:\ProgramData\TEMP:AE2EA3C2 AlternateDataStreams: C:\ProgramData\TEMP:B059B88E AlternateDataStreams: C:\ProgramData\TEMP:B3942462 AlternateDataStreams: C:\ProgramData\TEMP:B3A6CA11 AlternateDataStreams: C:\ProgramData\TEMP:B72454C6 AlternateDataStreams: C:\ProgramData\TEMP:BA24E689 AlternateDataStreams: C:\ProgramData\TEMP:BBF60A29 AlternateDataStreams: C:\ProgramData\TEMP:BD8010FE AlternateDataStreams: C:\ProgramData\TEMP:BE33915E AlternateDataStreams: C:\ProgramData\TEMP:C3B5FCD5 AlternateDataStreams: C:\ProgramData\TEMP:C695B256 AlternateDataStreams: C:\ProgramData\TEMP:C69BA1D0 AlternateDataStreams: C:\ProgramData\TEMP:CC7738DB AlternateDataStreams: C:\ProgramData\TEMP:CF33321C AlternateDataStreams: C:\ProgramData\TEMP:D02FBAEC AlternateDataStreams: C:\ProgramData\TEMP:D0D17155 AlternateDataStreams: C:\ProgramData\TEMP:D0EC116C AlternateDataStreams: C:\ProgramData\TEMP:D2032EBB AlternateDataStreams: C:\ProgramData\TEMP:D2249B7E AlternateDataStreams: C:\ProgramData\TEMP:D5151683 AlternateDataStreams: C:\ProgramData\TEMP:D8DB81DC AlternateDataStreams: C:\ProgramData\TEMP:D994162E AlternateDataStreams: C:\ProgramData\TEMP:D9987109 AlternateDataStreams: C:\ProgramData\TEMP:DD629819 AlternateDataStreams: C:\ProgramData\TEMP:DF0BC727 AlternateDataStreams: C:\ProgramData\TEMP:DF30C7A6 AlternateDataStreams: C:\ProgramData\TEMP:E07EA07E AlternateDataStreams: C:\ProgramData\TEMP:E0EBA003 AlternateDataStreams: C:\ProgramData\TEMP:E153075C AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC AlternateDataStreams: C:\ProgramData\TEMP:E1D06077 AlternateDataStreams: C:\ProgramData\TEMP:E5CD413B AlternateDataStreams: C:\ProgramData\TEMP:E6537A16 AlternateDataStreams: C:\ProgramData\TEMP:E8FC771D AlternateDataStreams: C:\ProgramData\TEMP:EC0279DC AlternateDataStreams: C:\ProgramData\TEMP:EC7C9796 AlternateDataStreams: C:\ProgramData\TEMP:EEF1584F AlternateDataStreams: C:\ProgramData\TEMP:F19A4790 AlternateDataStreams: C:\ProgramData\TEMP:F2327E82 AlternateDataStreams: C:\ProgramData\TEMP:F67AAFC5 AlternateDataStreams: C:\ProgramData\TEMP:F81E7082 AlternateDataStreams: C:\ProgramData\TEMP:F8E188F6 AlternateDataStreams: C:\ProgramData\TEMP:F9EE38AE AlternateDataStreams: C:\ProgramData\TEMP:FBE5FDB9 AlternateDataStreams: C:\ProgramData\TEMP:FC60E0F8 AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9 Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: reerd com
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Patricia at 2015-03-16 23:23:25 Run:1
Running from C:\Users\Patricia\Desktop
Loaded Profiles: Patricia (Available profiles: Patricia)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [msdhbdSrv] => C:\Windows\system32\msdhbd.vbe [649 2014-06-23] ()
C:\Windows\system32\msdhbd.vbe
C:\Windows\system32\msdhbd.inf
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491b7-ea40-11e3-b205-002268ee70e8} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491c2-ea40-11e3-b205-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {53d73ab2-1088-11e4-8791-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {e8da7702-0aa8-11e4-bd10-001e101fe5e1} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {f87dcbf8-e839-11e3-9feb-002268ee70e8} - F:\XSManagerinstallation.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reerd.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Homepage: hxxp://www.reerd.com
2015-03-16 22:40 - 2015-03-16 22:40 - 00006483 _____ () C:\Users\Patricia\Desktop\Addition.zip
2015-03-16 22:32 - 2015-03-16 22:35 - 00026445 _____ () C:\Users\Patricia\Desktop\Addition.txt
2015-03-16 22:31 - 2015-03-16 23:07 - 00010226 _____ () C:\Users\Patricia\Desktop\FRST.txt
2015-03-16 21:53 - 2015-03-16 21:53 - 00112107 _____ (forum.viry.cz) C:\Users\Patricia\Downloads\VerzeOS.exe
2015-03-16 21:30 - 2015-03-16 22:51 - 00000000 ____D () C:\AdwCleaner
2015-03-16 21:29 - 2015-03-16 21:29 - 02171392 _____ () C:\Users\Patricia\Desktop\adwcleaner_4.112.exe
2014-11-24 19:38 - 2014-11-24 19:38 - 0009111 _____ () C:\Users\Patricia\AppData\Roaming\msnwmuo.dat
2014-11-24 19:37 - 2015-03-16 18:41 - 0000030 _____ () C:\Users\Patricia\AppData\Roaming\mstaxdr.dat
2014-05-30 11:41 - 2014-10-17 23:27 - 0006756 _____ () C:\Users\Patricia\AppData\Local\d3d9caps.dat
AlternateDataStreams: C:\ProgramData\TEMP:014BC3B4
AlternateDataStreams: C:\ProgramData\TEMP:02B823FE
AlternateDataStreams: C:\ProgramData\TEMP:059167AF
AlternateDataStreams: C:\ProgramData\TEMP:0915A718
AlternateDataStreams: C:\ProgramData\TEMP:0BABC4C8
AlternateDataStreams: C:\ProgramData\TEMP:0C2F9CC7
AlternateDataStreams: C:\ProgramData\TEMP:0E67073E
AlternateDataStreams: C:\ProgramData\TEMP:10D45FC3
AlternateDataStreams: C:\ProgramData\TEMP:10D98D98
AlternateDataStreams: C:\ProgramData\TEMP:11FC043F
AlternateDataStreams: C:\ProgramData\TEMP:122B409D
AlternateDataStreams: C:\ProgramData\TEMP:1419F1F4
AlternateDataStreams: C:\ProgramData\TEMP:151760F0
AlternateDataStreams: C:\ProgramData\TEMP:178093AE
AlternateDataStreams: C:\ProgramData\TEMP:1B3549F2
AlternateDataStreams: C:\ProgramData\TEMP:269C0B5C
AlternateDataStreams: C:\ProgramData\TEMP:28819F45
AlternateDataStreams: C:\ProgramData\TEMP:2ADF9928
AlternateDataStreams: C:\ProgramData\TEMP:2C399CCA
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:31F2397C
AlternateDataStreams: C:\ProgramData\TEMP:349E5B74
AlternateDataStreams: C:\ProgramData\TEMP:373DF935
AlternateDataStreams: C:\ProgramData\TEMP:3B07E6F4
AlternateDataStreams: C:\ProgramData\TEMP:3BAD65EA
AlternateDataStreams: C:\ProgramData\TEMP:3BF63E4A
AlternateDataStreams: C:\ProgramData\TEMP:3C0F646D
AlternateDataStreams: C:\ProgramData\TEMP:439E3411
AlternateDataStreams: C:\ProgramData\TEMP:43E95997
AlternateDataStreams: C:\ProgramData\TEMP:4709F39D
AlternateDataStreams: C:\ProgramData\TEMP:4826868B
AlternateDataStreams: C:\ProgramData\TEMP:483AC68A
AlternateDataStreams: C:\ProgramData\TEMP:49B217F7
AlternateDataStreams: C:\ProgramData\TEMP:49EB0FDC
AlternateDataStreams: C:\ProgramData\TEMP:4B70A9FA
AlternateDataStreams: C:\ProgramData\TEMP:4C49306C
AlternateDataStreams: C:\ProgramData\TEMP:512336B9
AlternateDataStreams: C:\ProgramData\TEMP:52E1DB1D
AlternateDataStreams: C:\ProgramData\TEMP:554C6431
AlternateDataStreams: C:\ProgramData\TEMP:57173DB4
AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E
AlternateDataStreams: C:\ProgramData\TEMP:5A8F8A0C
AlternateDataStreams: C:\ProgramData\TEMP:5C0940F1
AlternateDataStreams: C:\ProgramData\TEMP:5C92988B
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:61C6B926
AlternateDataStreams: C:\ProgramData\TEMP:62525FE7
AlternateDataStreams: C:\ProgramData\TEMP:63C68F03
AlternateDataStreams: C:\ProgramData\TEMP:6677D85A
AlternateDataStreams: C:\ProgramData\TEMP:67BA17B9
AlternateDataStreams: C:\ProgramData\TEMP:69B658DD
AlternateDataStreams: C:\ProgramData\TEMP:69FE2EE4
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294
AlternateDataStreams: C:\ProgramData\TEMP:6B28173C
AlternateDataStreams: C:\ProgramData\TEMP:6FD36C4B
AlternateDataStreams: C:\ProgramData\TEMP:6FDE1666
AlternateDataStreams: C:\ProgramData\TEMP:705EDCAA
AlternateDataStreams: C:\ProgramData\TEMP:716C3D9F
AlternateDataStreams: C:\ProgramData\TEMP:7804B508
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
AlternateDataStreams: C:\ProgramData\TEMP:7CEDF9F3
AlternateDataStreams: C:\ProgramData\TEMP:81067530
AlternateDataStreams: C:\ProgramData\TEMP:81653DC8
AlternateDataStreams: C:\ProgramData\TEMP:82756AB7
AlternateDataStreams: C:\ProgramData\TEMP:86043CD3
AlternateDataStreams: C:\ProgramData\TEMP:88AE8AB0
AlternateDataStreams: C:\ProgramData\TEMP:8C6D1905
AlternateDataStreams: C:\ProgramData\TEMP:8C81B36D
AlternateDataStreams: C:\ProgramData\TEMP:908A1B53
AlternateDataStreams: C:\ProgramData\TEMP:90C5140C
AlternateDataStreams: C:\ProgramData\TEMP:93226FE3
AlternateDataStreams: C:\ProgramData\TEMP:96646EC1
AlternateDataStreams: C:\ProgramData\TEMP:969C0C96
AlternateDataStreams: C:\ProgramData\TEMP:9B711F92
AlternateDataStreams: C:\ProgramData\TEMP:9C5EEE30
AlternateDataStreams: C:\ProgramData\TEMP:A1023D41
AlternateDataStreams: C:\ProgramData\TEMP:A43B789A
AlternateDataStreams: C:\ProgramData\TEMP:A59DD4AD
AlternateDataStreams: C:\ProgramData\TEMP:A6A65B80
AlternateDataStreams: C:\ProgramData\TEMP:AA18FA3A
AlternateDataStreams: C:\ProgramData\TEMP:AE2EA3C2
AlternateDataStreams: C:\ProgramData\TEMP:B059B88E
AlternateDataStreams: C:\ProgramData\TEMP:B3942462
AlternateDataStreams: C:\ProgramData\TEMP:B3A6CA11
AlternateDataStreams: C:\ProgramData\TEMP:B72454C6
AlternateDataStreams: C:\ProgramData\TEMP:BA24E689
AlternateDataStreams: C:\ProgramData\TEMP:BBF60A29
AlternateDataStreams: C:\ProgramData\TEMP:BD8010FE
AlternateDataStreams: C:\ProgramData\TEMP:BE33915E
AlternateDataStreams: C:\ProgramData\TEMP:C3B5FCD5
AlternateDataStreams: C:\ProgramData\TEMP:C695B256
AlternateDataStreams: C:\ProgramData\TEMP:C69BA1D0
AlternateDataStreams: C:\ProgramData\TEMP:CC7738DB
AlternateDataStreams: C:\ProgramData\TEMP:CF33321C
AlternateDataStreams: C:\ProgramData\TEMP:D02FBAEC
AlternateDataStreams: C:\ProgramData\TEMP:D0D17155
AlternateDataStreams: C:\ProgramData\TEMP:D0EC116C
AlternateDataStreams: C:\ProgramData\TEMP:D2032EBB
AlternateDataStreams: C:\ProgramData\TEMP:D2249B7E
AlternateDataStreams: C:\ProgramData\TEMP:D5151683
AlternateDataStreams: C:\ProgramData\TEMP:D8DB81DC
AlternateDataStreams: C:\ProgramData\TEMP:D994162E
AlternateDataStreams: C:\ProgramData\TEMP:D9987109
AlternateDataStreams: C:\ProgramData\TEMP:DD629819
AlternateDataStreams: C:\ProgramData\TEMP:DF0BC727
AlternateDataStreams: C:\ProgramData\TEMP:DF30C7A6
AlternateDataStreams: C:\ProgramData\TEMP:E07EA07E
AlternateDataStreams: C:\ProgramData\TEMP:E0EBA003
AlternateDataStreams: C:\ProgramData\TEMP:E153075C
AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:E5CD413B
AlternateDataStreams: C:\ProgramData\TEMP:E6537A16
AlternateDataStreams: C:\ProgramData\TEMP:E8FC771D
AlternateDataStreams: C:\ProgramData\TEMP:EC0279DC
AlternateDataStreams: C:\ProgramData\TEMP:EC7C9796
AlternateDataStreams: C:\ProgramData\TEMP:EEF1584F
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790
AlternateDataStreams: C:\ProgramData\TEMP:F2327E82
AlternateDataStreams: C:\ProgramData\TEMP:F67AAFC5
AlternateDataStreams: C:\ProgramData\TEMP:F81E7082
AlternateDataStreams: C:\ProgramData\TEMP:F8E188F6
AlternateDataStreams: C:\ProgramData\TEMP:F9EE38AE
AlternateDataStreams: C:\ProgramData\TEMP:FBE5FDB9
AlternateDataStreams: C:\ProgramData\TEMP:FC60E0F8
AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\msdhbdSrv => value deleted successfully.
C:\Windows\system32\msdhbd.vbe => Moved successfully.
"C:\Windows\system32\msdhbd.inf" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
"HKU\S-1-5-21-567208137-4009903817-3967066598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{386491b7-ea40-11e3-b205-002268ee70e8}" => Key deleted successfully.
HKCR\CLSID\{386491b7-ea40-11e3-b205-002268ee70e8} => Key not found.
"HKU\S-1-5-21-567208137-4009903817-3967066598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{386491c2-ea40-11e3-b205-001e101f2500}" => Key deleted successfully.
HKCR\CLSID\{386491c2-ea40-11e3-b205-001e101f2500} => Key not found.
"HKU\S-1-5-21-567208137-4009903817-3967066598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53d73ab2-1088-11e4-8791-001e101f8ed0}" => Key deleted successfully.
HKCR\CLSID\{53d73ab2-1088-11e4-8791-001e101f8ed0} => Key not found.
"HKU\S-1-5-21-567208137-4009903817-3967066598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8da7702-0aa8-11e4-bd10-001e101fe5e1}" => Key deleted successfully.
HKCR\CLSID\{e8da7702-0aa8-11e4-bd10-001e101fe5e1} => Key not found.
"HKU\S-1-5-21-567208137-4009903817-3967066598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87dcbf8-e839-11e3-9feb-002268ee70e8}" => Key deleted successfully.
HKCR\CLSID\{f87dcbf8-e839-11e3-9feb-002268ee70e8} => Key not found.
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Patricia\Desktop\Addition.zip => Moved successfully.
C:\Users\Patricia\Desktop\Addition.txt => Moved successfully.
C:\Users\Patricia\Desktop\FRST.txt => Moved successfully.
C:\Users\Patricia\Downloads\VerzeOS.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Patricia\Desktop\adwcleaner_4.112.exe => Moved successfully.
C:\Users\Patricia\AppData\Roaming\msnwmuo.dat => Moved successfully.
C:\Users\Patricia\AppData\Roaming\mstaxdr.dat => Moved successfully.
C:\Users\Patricia\AppData\Local\d3d9caps.dat => Moved successfully.
C:\ProgramData\TEMP => ":014BC3B4" ADS removed successfully.
C:\ProgramData\TEMP => ":02B823FE" ADS removed successfully.
C:\ProgramData\TEMP => ":059167AF" ADS removed successfully.
C:\ProgramData\TEMP => ":0915A718" ADS removed successfully.
C:\ProgramData\TEMP => ":0BABC4C8" ADS removed successfully.
C:\ProgramData\TEMP => ":0C2F9CC7" ADS removed successfully.
C:\ProgramData\TEMP => ":0E67073E" ADS removed successfully.
C:\ProgramData\TEMP => ":10D45FC3" ADS removed successfully.
C:\ProgramData\TEMP => ":10D98D98" ADS removed successfully.
C:\ProgramData\TEMP => ":11FC043F" ADS removed successfully.
C:\ProgramData\TEMP => ":122B409D" ADS removed successfully.
C:\ProgramData\TEMP => ":1419F1F4" ADS removed successfully.
C:\ProgramData\TEMP => ":151760F0" ADS removed successfully.
C:\ProgramData\TEMP => ":178093AE" ADS removed successfully.
C:\ProgramData\TEMP => ":1B3549F2" ADS removed successfully.
C:\ProgramData\TEMP => ":269C0B5C" ADS removed successfully.
C:\ProgramData\TEMP => ":28819F45" ADS removed successfully.
C:\ProgramData\TEMP => ":2ADF9928" ADS removed successfully.
C:\ProgramData\TEMP => ":2C399CCA" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":30E0D641" ADS removed successfully.
C:\ProgramData\TEMP => ":31F2397C" ADS removed successfully.
C:\ProgramData\TEMP => ":349E5B74" ADS removed successfully.
C:\ProgramData\TEMP => ":373DF935" ADS removed successfully.
C:\ProgramData\TEMP => ":3B07E6F4" ADS removed successfully.
C:\ProgramData\TEMP => ":3BAD65EA" ADS removed successfully.
C:\ProgramData\TEMP => ":3BF63E4A" ADS removed successfully.
C:\ProgramData\TEMP => ":3C0F646D" ADS removed successfully.
C:\ProgramData\TEMP => ":439E3411" ADS removed successfully.
C:\ProgramData\TEMP => ":43E95997" ADS removed successfully.
C:\ProgramData\TEMP => ":4709F39D" ADS removed successfully.
C:\ProgramData\TEMP => ":4826868B" ADS removed successfully.
C:\ProgramData\TEMP => ":483AC68A" ADS removed successfully.
C:\ProgramData\TEMP => ":49B217F7" ADS removed successfully.
C:\ProgramData\TEMP => ":49EB0FDC" ADS removed successfully.
C:\ProgramData\TEMP => ":4B70A9FA" ADS removed successfully.
C:\ProgramData\TEMP => ":4C49306C" ADS removed successfully.
C:\ProgramData\TEMP => ":512336B9" ADS removed successfully.
C:\ProgramData\TEMP => ":52E1DB1D" ADS removed successfully.
C:\ProgramData\TEMP => ":554C6431" ADS removed successfully.
C:\ProgramData\TEMP => ":57173DB4" ADS removed successfully.
C:\ProgramData\TEMP => ":571CCF8E" ADS removed successfully.
C:\ProgramData\TEMP => ":5A8F8A0C" ADS removed successfully.
C:\ProgramData\TEMP => ":5C0940F1" ADS removed successfully.
C:\ProgramData\TEMP => ":5C92988B" ADS removed successfully.
C:\ProgramData\TEMP => ":5ED747B8" ADS removed successfully.
C:\ProgramData\TEMP => ":61C6B926" ADS removed successfully.
C:\ProgramData\TEMP => ":62525FE7" ADS removed successfully.
C:\ProgramData\TEMP => ":63C68F03" ADS removed successfully.
C:\ProgramData\TEMP => ":6677D85A" ADS removed successfully.
C:\ProgramData\TEMP => ":67BA17B9" ADS removed successfully.
C:\ProgramData\TEMP => ":69B658DD" ADS removed successfully.
C:\ProgramData\TEMP => ":69FE2EE4" ADS removed successfully.
C:\ProgramData\TEMP => ":6AD65294" ADS removed successfully.
C:\ProgramData\TEMP => ":6B28173C" ADS removed successfully.
C:\ProgramData\TEMP => ":6FD36C4B" ADS removed successfully.
C:\ProgramData\TEMP => ":6FDE1666" ADS removed successfully.
C:\ProgramData\TEMP => ":705EDCAA" ADS removed successfully.
C:\ProgramData\TEMP => ":716C3D9F" ADS removed successfully.
C:\ProgramData\TEMP => ":7804B508" ADS removed successfully.
C:\ProgramData\TEMP => ":7A2101AB" ADS removed successfully.
C:\ProgramData\TEMP => ":7CEDF9F3" ADS removed successfully.
C:\ProgramData\TEMP => ":81067530" ADS removed successfully.
C:\ProgramData\TEMP => ":81653DC8" ADS removed successfully.
C:\ProgramData\TEMP => ":82756AB7" ADS removed successfully.
C:\ProgramData\TEMP => ":86043CD3" ADS removed successfully.
C:\ProgramData\TEMP => ":88AE8AB0" ADS removed successfully.
C:\ProgramData\TEMP => ":8C6D1905" ADS removed successfully.
C:\ProgramData\TEMP => ":8C81B36D" ADS removed successfully.
C:\ProgramData\TEMP => ":908A1B53" ADS removed successfully.
C:\ProgramData\TEMP => ":90C5140C" ADS removed successfully.
C:\ProgramData\TEMP => ":93226FE3" ADS removed successfully.
C:\ProgramData\TEMP => ":96646EC1" ADS removed successfully.
C:\ProgramData\TEMP => ":969C0C96" ADS removed successfully.
C:\ProgramData\TEMP => ":9B711F92" ADS removed successfully.
C:\ProgramData\TEMP => ":9C5EEE30" ADS removed successfully.
C:\ProgramData\TEMP => ":A1023D41" ADS removed successfully.
C:\ProgramData\TEMP => ":A43B789A" ADS removed successfully.
C:\ProgramData\TEMP => ":A59DD4AD" ADS removed successfully.
C:\ProgramData\TEMP => ":A6A65B80" ADS removed successfully.
C:\ProgramData\TEMP => ":AA18FA3A" ADS removed successfully.
C:\ProgramData\TEMP => ":AE2EA3C2" ADS removed successfully.
C:\ProgramData\TEMP => ":B059B88E" ADS removed successfully.
C:\ProgramData\TEMP => ":B3942462" ADS removed successfully.
C:\ProgramData\TEMP => ":B3A6CA11" ADS removed successfully.
C:\ProgramData\TEMP => ":B72454C6" ADS removed successfully.
C:\ProgramData\TEMP => ":BA24E689" ADS removed successfully.
C:\ProgramData\TEMP => ":BBF60A29" ADS removed successfully.
C:\ProgramData\TEMP => ":BD8010FE" ADS removed successfully.
C:\ProgramData\TEMP => ":BE33915E" ADS removed successfully.
C:\ProgramData\TEMP => ":C3B5FCD5" ADS removed successfully.
C:\ProgramData\TEMP => ":C695B256" ADS removed successfully.
C:\ProgramData\TEMP => ":C69BA1D0" ADS removed successfully.
C:\ProgramData\TEMP => ":CC7738DB" ADS removed successfully.
C:\ProgramData\TEMP => ":CF33321C" ADS removed successfully.
C:\ProgramData\TEMP => ":D02FBAEC" ADS removed successfully.
C:\ProgramData\TEMP => ":D0D17155" ADS removed successfully.
C:\ProgramData\TEMP => ":D0EC116C" ADS removed successfully.
C:\ProgramData\TEMP => ":D2032EBB" ADS removed successfully.
C:\ProgramData\TEMP => ":D2249B7E" ADS removed successfully.
C:\ProgramData\TEMP => ":D5151683" ADS removed successfully.
C:\ProgramData\TEMP => ":D8DB81DC" ADS removed successfully.
C:\ProgramData\TEMP => ":D994162E" ADS removed successfully.
C:\ProgramData\TEMP => ":D9987109" ADS removed successfully.
C:\ProgramData\TEMP => ":DD629819" ADS removed successfully.
C:\ProgramData\TEMP => ":DF0BC727" ADS removed successfully.
C:\ProgramData\TEMP => ":DF30C7A6" ADS removed successfully.
C:\ProgramData\TEMP => ":E07EA07E" ADS removed successfully.
C:\ProgramData\TEMP => ":E0EBA003" ADS removed successfully.
C:\ProgramData\TEMP => ":E153075C" ADS removed successfully.
C:\ProgramData\TEMP => ":E1610EDC" ADS removed successfully.
C:\ProgramData\TEMP => ":E1D06077" ADS removed successfully.
C:\ProgramData\TEMP => ":E5CD413B" ADS removed successfully.
C:\ProgramData\TEMP => ":E6537A16" ADS removed successfully.
C:\ProgramData\TEMP => ":E8FC771D" ADS removed successfully.
C:\ProgramData\TEMP => ":EC0279DC" ADS removed successfully.
C:\ProgramData\TEMP => ":EC7C9796" ADS removed successfully.
C:\ProgramData\TEMP => ":EEF1584F" ADS removed successfully.
C:\ProgramData\TEMP => ":F19A4790" ADS removed successfully.
C:\ProgramData\TEMP => ":F2327E82" ADS removed successfully.
C:\ProgramData\TEMP => ":F67AAFC5" ADS removed successfully.
C:\ProgramData\TEMP => ":F81E7082" ADS removed successfully.
C:\ProgramData\TEMP => ":F8E188F6" ADS removed successfully.
C:\ProgramData\TEMP => ":F9EE38AE" ADS removed successfully.
C:\ProgramData\TEMP => ":FBE5FDB9" ADS removed successfully.
C:\ProgramData\TEMP => ":FC60E0F8" ADS removed successfully.
C:\ProgramData\TEMP => ":FEE00EB9" ADS removed successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 1.3 GB temporary data.
The system needed a reboot.
==== End of Fixlog 23:25:46 ====
Ran by Patricia at 2015-03-16 23:23:25 Run:1
Running from C:\Users\Patricia\Desktop
Loaded Profiles: Patricia (Available profiles: Patricia)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [msdhbdSrv] => C:\Windows\system32\msdhbd.vbe [649 2014-06-23] ()
C:\Windows\system32\msdhbd.vbe
C:\Windows\system32\msdhbd.inf
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491b7-ea40-11e3-b205-002268ee70e8} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {386491c2-ea40-11e3-b205-001e101f2500} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {53d73ab2-1088-11e4-8791-001e101f8ed0} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {e8da7702-0aa8-11e4-bd10-001e101fe5e1} - F:\AutoRun.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\...\MountPoints2: {f87dcbf8-e839-11e3-9feb-002268ee70e8} - F:\XSManagerinstallation.exe
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reerd.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Homepage: hxxp://www.reerd.com
2015-03-16 22:40 - 2015-03-16 22:40 - 00006483 _____ () C:\Users\Patricia\Desktop\Addition.zip
2015-03-16 22:32 - 2015-03-16 22:35 - 00026445 _____ () C:\Users\Patricia\Desktop\Addition.txt
2015-03-16 22:31 - 2015-03-16 23:07 - 00010226 _____ () C:\Users\Patricia\Desktop\FRST.txt
2015-03-16 21:53 - 2015-03-16 21:53 - 00112107 _____ (forum.viry.cz) C:\Users\Patricia\Downloads\VerzeOS.exe
2015-03-16 21:30 - 2015-03-16 22:51 - 00000000 ____D () C:\AdwCleaner
2015-03-16 21:29 - 2015-03-16 21:29 - 02171392 _____ () C:\Users\Patricia\Desktop\adwcleaner_4.112.exe
2014-11-24 19:38 - 2014-11-24 19:38 - 0009111 _____ () C:\Users\Patricia\AppData\Roaming\msnwmuo.dat
2014-11-24 19:37 - 2015-03-16 18:41 - 0000030 _____ () C:\Users\Patricia\AppData\Roaming\mstaxdr.dat
2014-05-30 11:41 - 2014-10-17 23:27 - 0006756 _____ () C:\Users\Patricia\AppData\Local\d3d9caps.dat
AlternateDataStreams: C:\ProgramData\TEMP:014BC3B4
AlternateDataStreams: C:\ProgramData\TEMP:02B823FE
AlternateDataStreams: C:\ProgramData\TEMP:059167AF
AlternateDataStreams: C:\ProgramData\TEMP:0915A718
AlternateDataStreams: C:\ProgramData\TEMP:0BABC4C8
AlternateDataStreams: C:\ProgramData\TEMP:0C2F9CC7
AlternateDataStreams: C:\ProgramData\TEMP:0E67073E
AlternateDataStreams: C:\ProgramData\TEMP:10D45FC3
AlternateDataStreams: C:\ProgramData\TEMP:10D98D98
AlternateDataStreams: C:\ProgramData\TEMP:11FC043F
AlternateDataStreams: C:\ProgramData\TEMP:122B409D
AlternateDataStreams: C:\ProgramData\TEMP:1419F1F4
AlternateDataStreams: C:\ProgramData\TEMP:151760F0
AlternateDataStreams: C:\ProgramData\TEMP:178093AE
AlternateDataStreams: C:\ProgramData\TEMP:1B3549F2
AlternateDataStreams: C:\ProgramData\TEMP:269C0B5C
AlternateDataStreams: C:\ProgramData\TEMP:28819F45
AlternateDataStreams: C:\ProgramData\TEMP:2ADF9928
AlternateDataStreams: C:\ProgramData\TEMP:2C399CCA
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:30E0D641
AlternateDataStreams: C:\ProgramData\TEMP:31F2397C
AlternateDataStreams: C:\ProgramData\TEMP:349E5B74
AlternateDataStreams: C:\ProgramData\TEMP:373DF935
AlternateDataStreams: C:\ProgramData\TEMP:3B07E6F4
AlternateDataStreams: C:\ProgramData\TEMP:3BAD65EA
AlternateDataStreams: C:\ProgramData\TEMP:3BF63E4A
AlternateDataStreams: C:\ProgramData\TEMP:3C0F646D
AlternateDataStreams: C:\ProgramData\TEMP:439E3411
AlternateDataStreams: C:\ProgramData\TEMP:43E95997
AlternateDataStreams: C:\ProgramData\TEMP:4709F39D
AlternateDataStreams: C:\ProgramData\TEMP:4826868B
AlternateDataStreams: C:\ProgramData\TEMP:483AC68A
AlternateDataStreams: C:\ProgramData\TEMP:49B217F7
AlternateDataStreams: C:\ProgramData\TEMP:49EB0FDC
AlternateDataStreams: C:\ProgramData\TEMP:4B70A9FA
AlternateDataStreams: C:\ProgramData\TEMP:4C49306C
AlternateDataStreams: C:\ProgramData\TEMP:512336B9
AlternateDataStreams: C:\ProgramData\TEMP:52E1DB1D
AlternateDataStreams: C:\ProgramData\TEMP:554C6431
AlternateDataStreams: C:\ProgramData\TEMP:57173DB4
AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E
AlternateDataStreams: C:\ProgramData\TEMP:5A8F8A0C
AlternateDataStreams: C:\ProgramData\TEMP:5C0940F1
AlternateDataStreams: C:\ProgramData\TEMP:5C92988B
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:61C6B926
AlternateDataStreams: C:\ProgramData\TEMP:62525FE7
AlternateDataStreams: C:\ProgramData\TEMP:63C68F03
AlternateDataStreams: C:\ProgramData\TEMP:6677D85A
AlternateDataStreams: C:\ProgramData\TEMP:67BA17B9
AlternateDataStreams: C:\ProgramData\TEMP:69B658DD
AlternateDataStreams: C:\ProgramData\TEMP:69FE2EE4
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294
AlternateDataStreams: C:\ProgramData\TEMP:6B28173C
AlternateDataStreams: C:\ProgramData\TEMP:6FD36C4B
AlternateDataStreams: C:\ProgramData\TEMP:6FDE1666
AlternateDataStreams: C:\ProgramData\TEMP:705EDCAA
AlternateDataStreams: C:\ProgramData\TEMP:716C3D9F
AlternateDataStreams: C:\ProgramData\TEMP:7804B508
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB
AlternateDataStreams: C:\ProgramData\TEMP:7CEDF9F3
AlternateDataStreams: C:\ProgramData\TEMP:81067530
AlternateDataStreams: C:\ProgramData\TEMP:81653DC8
AlternateDataStreams: C:\ProgramData\TEMP:82756AB7
AlternateDataStreams: C:\ProgramData\TEMP:86043CD3
AlternateDataStreams: C:\ProgramData\TEMP:88AE8AB0
AlternateDataStreams: C:\ProgramData\TEMP:8C6D1905
AlternateDataStreams: C:\ProgramData\TEMP:8C81B36D
AlternateDataStreams: C:\ProgramData\TEMP:908A1B53
AlternateDataStreams: C:\ProgramData\TEMP:90C5140C
AlternateDataStreams: C:\ProgramData\TEMP:93226FE3
AlternateDataStreams: C:\ProgramData\TEMP:96646EC1
AlternateDataStreams: C:\ProgramData\TEMP:969C0C96
AlternateDataStreams: C:\ProgramData\TEMP:9B711F92
AlternateDataStreams: C:\ProgramData\TEMP:9C5EEE30
AlternateDataStreams: C:\ProgramData\TEMP:A1023D41
AlternateDataStreams: C:\ProgramData\TEMP:A43B789A
AlternateDataStreams: C:\ProgramData\TEMP:A59DD4AD
AlternateDataStreams: C:\ProgramData\TEMP:A6A65B80
AlternateDataStreams: C:\ProgramData\TEMP:AA18FA3A
AlternateDataStreams: C:\ProgramData\TEMP:AE2EA3C2
AlternateDataStreams: C:\ProgramData\TEMP:B059B88E
AlternateDataStreams: C:\ProgramData\TEMP:B3942462
AlternateDataStreams: C:\ProgramData\TEMP:B3A6CA11
AlternateDataStreams: C:\ProgramData\TEMP:B72454C6
AlternateDataStreams: C:\ProgramData\TEMP:BA24E689
AlternateDataStreams: C:\ProgramData\TEMP:BBF60A29
AlternateDataStreams: C:\ProgramData\TEMP:BD8010FE
AlternateDataStreams: C:\ProgramData\TEMP:BE33915E
AlternateDataStreams: C:\ProgramData\TEMP:C3B5FCD5
AlternateDataStreams: C:\ProgramData\TEMP:C695B256
AlternateDataStreams: C:\ProgramData\TEMP:C69BA1D0
AlternateDataStreams: C:\ProgramData\TEMP:CC7738DB
AlternateDataStreams: C:\ProgramData\TEMP:CF33321C
AlternateDataStreams: C:\ProgramData\TEMP:D02FBAEC
AlternateDataStreams: C:\ProgramData\TEMP:D0D17155
AlternateDataStreams: C:\ProgramData\TEMP:D0EC116C
AlternateDataStreams: C:\ProgramData\TEMP:D2032EBB
AlternateDataStreams: C:\ProgramData\TEMP:D2249B7E
AlternateDataStreams: C:\ProgramData\TEMP:D5151683
AlternateDataStreams: C:\ProgramData\TEMP:D8DB81DC
AlternateDataStreams: C:\ProgramData\TEMP:D994162E
AlternateDataStreams: C:\ProgramData\TEMP:D9987109
AlternateDataStreams: C:\ProgramData\TEMP:DD629819
AlternateDataStreams: C:\ProgramData\TEMP:DF0BC727
AlternateDataStreams: C:\ProgramData\TEMP:DF30C7A6
AlternateDataStreams: C:\ProgramData\TEMP:E07EA07E
AlternateDataStreams: C:\ProgramData\TEMP:E0EBA003
AlternateDataStreams: C:\ProgramData\TEMP:E153075C
AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:E5CD413B
AlternateDataStreams: C:\ProgramData\TEMP:E6537A16
AlternateDataStreams: C:\ProgramData\TEMP:E8FC771D
AlternateDataStreams: C:\ProgramData\TEMP:EC0279DC
AlternateDataStreams: C:\ProgramData\TEMP:EC7C9796
AlternateDataStreams: C:\ProgramData\TEMP:EEF1584F
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790
AlternateDataStreams: C:\ProgramData\TEMP:F2327E82
AlternateDataStreams: C:\ProgramData\TEMP:F67AAFC5
AlternateDataStreams: C:\ProgramData\TEMP:F81E7082
AlternateDataStreams: C:\ProgramData\TEMP:F8E188F6
AlternateDataStreams: C:\ProgramData\TEMP:F9EE38AE
AlternateDataStreams: C:\ProgramData\TEMP:FBE5FDB9
AlternateDataStreams: C:\ProgramData\TEMP:FC60E0F8
AlternateDataStreams: C:\ProgramData\TEMP:FEE00EB9
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\msdhbdSrv => value deleted successfully.
C:\Windows\system32\msdhbd.vbe => Moved successfully.
"C:\Windows\system32\msdhbd.inf" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
"HKU\S-1-5-21-567208137-4009903817-3967066598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{386491b7-ea40-11e3-b205-002268ee70e8}" => Key deleted successfully.
HKCR\CLSID\{386491b7-ea40-11e3-b205-002268ee70e8} => Key not found.
"HKU\S-1-5-21-567208137-4009903817-3967066598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{386491c2-ea40-11e3-b205-001e101f2500}" => Key deleted successfully.
HKCR\CLSID\{386491c2-ea40-11e3-b205-001e101f2500} => Key not found.
"HKU\S-1-5-21-567208137-4009903817-3967066598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53d73ab2-1088-11e4-8791-001e101f8ed0}" => Key deleted successfully.
HKCR\CLSID\{53d73ab2-1088-11e4-8791-001e101f8ed0} => Key not found.
"HKU\S-1-5-21-567208137-4009903817-3967066598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8da7702-0aa8-11e4-bd10-001e101fe5e1}" => Key deleted successfully.
HKCR\CLSID\{e8da7702-0aa8-11e4-bd10-001e101fe5e1} => Key not found.
"HKU\S-1-5-21-567208137-4009903817-3967066598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87dcbf8-e839-11e3-9feb-002268ee70e8}" => Key deleted successfully.
HKCR\CLSID\{f87dcbf8-e839-11e3-9feb-002268ee70e8} => Key not found.
HKU\S-1-5-21-567208137-4009903817-3967066598-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Patricia\Desktop\Addition.zip => Moved successfully.
C:\Users\Patricia\Desktop\Addition.txt => Moved successfully.
C:\Users\Patricia\Desktop\FRST.txt => Moved successfully.
C:\Users\Patricia\Downloads\VerzeOS.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Patricia\Desktop\adwcleaner_4.112.exe => Moved successfully.
C:\Users\Patricia\AppData\Roaming\msnwmuo.dat => Moved successfully.
C:\Users\Patricia\AppData\Roaming\mstaxdr.dat => Moved successfully.
C:\Users\Patricia\AppData\Local\d3d9caps.dat => Moved successfully.
C:\ProgramData\TEMP => ":014BC3B4" ADS removed successfully.
C:\ProgramData\TEMP => ":02B823FE" ADS removed successfully.
C:\ProgramData\TEMP => ":059167AF" ADS removed successfully.
C:\ProgramData\TEMP => ":0915A718" ADS removed successfully.
C:\ProgramData\TEMP => ":0BABC4C8" ADS removed successfully.
C:\ProgramData\TEMP => ":0C2F9CC7" ADS removed successfully.
C:\ProgramData\TEMP => ":0E67073E" ADS removed successfully.
C:\ProgramData\TEMP => ":10D45FC3" ADS removed successfully.
C:\ProgramData\TEMP => ":10D98D98" ADS removed successfully.
C:\ProgramData\TEMP => ":11FC043F" ADS removed successfully.
C:\ProgramData\TEMP => ":122B409D" ADS removed successfully.
C:\ProgramData\TEMP => ":1419F1F4" ADS removed successfully.
C:\ProgramData\TEMP => ":151760F0" ADS removed successfully.
C:\ProgramData\TEMP => ":178093AE" ADS removed successfully.
C:\ProgramData\TEMP => ":1B3549F2" ADS removed successfully.
C:\ProgramData\TEMP => ":269C0B5C" ADS removed successfully.
C:\ProgramData\TEMP => ":28819F45" ADS removed successfully.
C:\ProgramData\TEMP => ":2ADF9928" ADS removed successfully.
C:\ProgramData\TEMP => ":2C399CCA" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":30E0D641" ADS removed successfully.
C:\ProgramData\TEMP => ":31F2397C" ADS removed successfully.
C:\ProgramData\TEMP => ":349E5B74" ADS removed successfully.
C:\ProgramData\TEMP => ":373DF935" ADS removed successfully.
C:\ProgramData\TEMP => ":3B07E6F4" ADS removed successfully.
C:\ProgramData\TEMP => ":3BAD65EA" ADS removed successfully.
C:\ProgramData\TEMP => ":3BF63E4A" ADS removed successfully.
C:\ProgramData\TEMP => ":3C0F646D" ADS removed successfully.
C:\ProgramData\TEMP => ":439E3411" ADS removed successfully.
C:\ProgramData\TEMP => ":43E95997" ADS removed successfully.
C:\ProgramData\TEMP => ":4709F39D" ADS removed successfully.
C:\ProgramData\TEMP => ":4826868B" ADS removed successfully.
C:\ProgramData\TEMP => ":483AC68A" ADS removed successfully.
C:\ProgramData\TEMP => ":49B217F7" ADS removed successfully.
C:\ProgramData\TEMP => ":49EB0FDC" ADS removed successfully.
C:\ProgramData\TEMP => ":4B70A9FA" ADS removed successfully.
C:\ProgramData\TEMP => ":4C49306C" ADS removed successfully.
C:\ProgramData\TEMP => ":512336B9" ADS removed successfully.
C:\ProgramData\TEMP => ":52E1DB1D" ADS removed successfully.
C:\ProgramData\TEMP => ":554C6431" ADS removed successfully.
C:\ProgramData\TEMP => ":57173DB4" ADS removed successfully.
C:\ProgramData\TEMP => ":571CCF8E" ADS removed successfully.
C:\ProgramData\TEMP => ":5A8F8A0C" ADS removed successfully.
C:\ProgramData\TEMP => ":5C0940F1" ADS removed successfully.
C:\ProgramData\TEMP => ":5C92988B" ADS removed successfully.
C:\ProgramData\TEMP => ":5ED747B8" ADS removed successfully.
C:\ProgramData\TEMP => ":61C6B926" ADS removed successfully.
C:\ProgramData\TEMP => ":62525FE7" ADS removed successfully.
C:\ProgramData\TEMP => ":63C68F03" ADS removed successfully.
C:\ProgramData\TEMP => ":6677D85A" ADS removed successfully.
C:\ProgramData\TEMP => ":67BA17B9" ADS removed successfully.
C:\ProgramData\TEMP => ":69B658DD" ADS removed successfully.
C:\ProgramData\TEMP => ":69FE2EE4" ADS removed successfully.
C:\ProgramData\TEMP => ":6AD65294" ADS removed successfully.
C:\ProgramData\TEMP => ":6B28173C" ADS removed successfully.
C:\ProgramData\TEMP => ":6FD36C4B" ADS removed successfully.
C:\ProgramData\TEMP => ":6FDE1666" ADS removed successfully.
C:\ProgramData\TEMP => ":705EDCAA" ADS removed successfully.
C:\ProgramData\TEMP => ":716C3D9F" ADS removed successfully.
C:\ProgramData\TEMP => ":7804B508" ADS removed successfully.
C:\ProgramData\TEMP => ":7A2101AB" ADS removed successfully.
C:\ProgramData\TEMP => ":7CEDF9F3" ADS removed successfully.
C:\ProgramData\TEMP => ":81067530" ADS removed successfully.
C:\ProgramData\TEMP => ":81653DC8" ADS removed successfully.
C:\ProgramData\TEMP => ":82756AB7" ADS removed successfully.
C:\ProgramData\TEMP => ":86043CD3" ADS removed successfully.
C:\ProgramData\TEMP => ":88AE8AB0" ADS removed successfully.
C:\ProgramData\TEMP => ":8C6D1905" ADS removed successfully.
C:\ProgramData\TEMP => ":8C81B36D" ADS removed successfully.
C:\ProgramData\TEMP => ":908A1B53" ADS removed successfully.
C:\ProgramData\TEMP => ":90C5140C" ADS removed successfully.
C:\ProgramData\TEMP => ":93226FE3" ADS removed successfully.
C:\ProgramData\TEMP => ":96646EC1" ADS removed successfully.
C:\ProgramData\TEMP => ":969C0C96" ADS removed successfully.
C:\ProgramData\TEMP => ":9B711F92" ADS removed successfully.
C:\ProgramData\TEMP => ":9C5EEE30" ADS removed successfully.
C:\ProgramData\TEMP => ":A1023D41" ADS removed successfully.
C:\ProgramData\TEMP => ":A43B789A" ADS removed successfully.
C:\ProgramData\TEMP => ":A59DD4AD" ADS removed successfully.
C:\ProgramData\TEMP => ":A6A65B80" ADS removed successfully.
C:\ProgramData\TEMP => ":AA18FA3A" ADS removed successfully.
C:\ProgramData\TEMP => ":AE2EA3C2" ADS removed successfully.
C:\ProgramData\TEMP => ":B059B88E" ADS removed successfully.
C:\ProgramData\TEMP => ":B3942462" ADS removed successfully.
C:\ProgramData\TEMP => ":B3A6CA11" ADS removed successfully.
C:\ProgramData\TEMP => ":B72454C6" ADS removed successfully.
C:\ProgramData\TEMP => ":BA24E689" ADS removed successfully.
C:\ProgramData\TEMP => ":BBF60A29" ADS removed successfully.
C:\ProgramData\TEMP => ":BD8010FE" ADS removed successfully.
C:\ProgramData\TEMP => ":BE33915E" ADS removed successfully.
C:\ProgramData\TEMP => ":C3B5FCD5" ADS removed successfully.
C:\ProgramData\TEMP => ":C695B256" ADS removed successfully.
C:\ProgramData\TEMP => ":C69BA1D0" ADS removed successfully.
C:\ProgramData\TEMP => ":CC7738DB" ADS removed successfully.
C:\ProgramData\TEMP => ":CF33321C" ADS removed successfully.
C:\ProgramData\TEMP => ":D02FBAEC" ADS removed successfully.
C:\ProgramData\TEMP => ":D0D17155" ADS removed successfully.
C:\ProgramData\TEMP => ":D0EC116C" ADS removed successfully.
C:\ProgramData\TEMP => ":D2032EBB" ADS removed successfully.
C:\ProgramData\TEMP => ":D2249B7E" ADS removed successfully.
C:\ProgramData\TEMP => ":D5151683" ADS removed successfully.
C:\ProgramData\TEMP => ":D8DB81DC" ADS removed successfully.
C:\ProgramData\TEMP => ":D994162E" ADS removed successfully.
C:\ProgramData\TEMP => ":D9987109" ADS removed successfully.
C:\ProgramData\TEMP => ":DD629819" ADS removed successfully.
C:\ProgramData\TEMP => ":DF0BC727" ADS removed successfully.
C:\ProgramData\TEMP => ":DF30C7A6" ADS removed successfully.
C:\ProgramData\TEMP => ":E07EA07E" ADS removed successfully.
C:\ProgramData\TEMP => ":E0EBA003" ADS removed successfully.
C:\ProgramData\TEMP => ":E153075C" ADS removed successfully.
C:\ProgramData\TEMP => ":E1610EDC" ADS removed successfully.
C:\ProgramData\TEMP => ":E1D06077" ADS removed successfully.
C:\ProgramData\TEMP => ":E5CD413B" ADS removed successfully.
C:\ProgramData\TEMP => ":E6537A16" ADS removed successfully.
C:\ProgramData\TEMP => ":E8FC771D" ADS removed successfully.
C:\ProgramData\TEMP => ":EC0279DC" ADS removed successfully.
C:\ProgramData\TEMP => ":EC7C9796" ADS removed successfully.
C:\ProgramData\TEMP => ":EEF1584F" ADS removed successfully.
C:\ProgramData\TEMP => ":F19A4790" ADS removed successfully.
C:\ProgramData\TEMP => ":F2327E82" ADS removed successfully.
C:\ProgramData\TEMP => ":F67AAFC5" ADS removed successfully.
C:\ProgramData\TEMP => ":F81E7082" ADS removed successfully.
C:\ProgramData\TEMP => ":F8E188F6" ADS removed successfully.
C:\ProgramData\TEMP => ":F9EE38AE" ADS removed successfully.
C:\ProgramData\TEMP => ":FBE5FDB9" ADS removed successfully.
C:\ProgramData\TEMP => ":FC60E0F8" ADS removed successfully.
C:\ProgramData\TEMP => ":FEE00EB9" ADS removed successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 1.3 GB temporary data.
The system needed a reboot.
==== End of Fixlog 23:25:46 ====
Re: reerd com
Pokracujte dle navodu kolegy:
vyosek píše:
- Po spusteni odsouhlaste licencni podminky (klik na Accept)
- Kliknete na volbu Change parametrs
- V okne Additional Option zakliknete vsechny moznosti
- Kliknete na OK
- Utilite prikazte, at skenuje - klik na Start Scan
- Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
- Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
- Pokud mate vsude Skip, kliknete na Continue
- Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: reerd com
prosim vas nemam tam ziadne dalsie moznosti, co mam robit? jedine vpravo hore vidim report?
- Přílohy
-
- Dok1.zip
- (203.6 KiB) Staženo 145 x
Přispějete na provoz fóra?