prosím o kontrolu
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by Lenka (administrator) on NASPC (31-08-2017 14:01:09)
Running from C:\Users\Lenka\Desktop
Loaded Profiles: Lenka (Available Profiles: Lenka & Petra & TaĹĄka & UpdatusUser & TuÄŤka & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
() C:\Windows\System32\PSIService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(forum.viry.cz) C:\Users\Lenka\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4468736 2007-05-10] (Realtek Semiconductor)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [831576 2016-10-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296056 2012-05-18] (RealNetworks, Inc.)
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {26118ad3-b094-11e5-99cc-001fd084678a} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {4459499d-1677-11e6-a3d7-001fd084678a} - O:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (SpoleÄŤnost Microsoft)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 84.16.110.129 84.16.96.2
Tcpip\..\Interfaces\{D685CB04-1893-4C1C-8FE7-5080986A74B6}: [DhcpNameServer] 84.16.110.129 84.16.96.2
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667600844-4042081094-1971980655-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-18] (RealPlayer)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
FireFox:
========
FF DefaultProfile: 6dilfgky.default
FF ProfilePath: C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default [2017-08-31]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\6dilfgky.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\6dilfgky.default -> about:home
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\artur.dubovoy@gmail.com [2017-08-31]
FF Extension: (Cooliris) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\piclens@cooliris.com [2012-02-10] [not signed]
FF Extension: (Google Translator for Firefox) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\translator@zoli.bod.xpi [2017-08-31]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-17] [not signed]
FF Extension: (Stylish) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2017-08-31]
FF Extension: (Ultimate Finder) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\{7c231677-e4fb-44ac-80a5-c87fcb7c2be9} [2014-10-16] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-31]
FF ProfilePath: C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\kpmt7ry8.namozilu [2014-09-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kpmt7ry8.namozilu -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kpmt7ry8.namozilu -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\kpmt7ry8.namozilu -> about:home
FF NewTab: Mozilla\Firefox\Profiles\kpmt7ry8.namozilu -> about:newtab
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2016-02-13] [not signed]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml [2013-07-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-05-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-05-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-05-18] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-667600844-4042081094-1971980655-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lenka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-667600844-4042081094-1971980655-1003: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-29] ()
FF Plugin HKU\S-1-5-21-667600844-4042081094-1971980655-1003: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Extension: (Last.fm free music player) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh [2014-09-22]
CHR Extension: (AdBlock) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-24]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-07-01]
CHR Extension: (Peněženka Google) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]
CHR Profile: C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-08-26]
CHR Profile: C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-08-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-11]
CHR Extension: (Peněženka Google) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-12-11]
CHR Profile: C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 2 [2015-08-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-12]
CHR Extension: (Peněženka Google) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-12-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-06-16]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-08-11] (Adobe Systems Incorporated) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [970632 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [470600 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [470600 2016-10-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1253352 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045328 2012-02-11] (Flexera Software, Inc.)
S2 gupdate1ca5eefa774ed9c; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2119688 2016-07-02] (Electronic Arts)
R2 Printer Control; C:\Windows\system32\PrintCtrl.exe [65536 2009-10-28] (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [115600 2016-10-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140272 2016-10-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-06-10] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-12-10] (Disc Soft Ltd)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-08-24] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (SpoleÄŤnost Microsoft)
S3 gdrv; C:\Windows\gdrv.sys [16608 2008-12-08] (Windows (R) 2000 DDK provider)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [166848 2017-08-31] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-08-31] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221632 2017-08-31] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [65312 2017-08-31] (Malwarebytes)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (SpoleÄŤnost Microsoft)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [26976 2012-02-11] (Feitian Technologies Co., Ltd.)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [163644 2017-08-31] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-10-29] (Duplex Secure Ltd.)
U3 aemxl3qq; C:\Windows\system32\Drivers\aemxl3qq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
Error(1) reading file: "C:\Users\Petra\Desktop\pája stavà .. ... "
Error(1) reading file: "C:\Users\Petra\Desktop\pája stavà .. "
2017-08-31 14:01 - 2017-08-31 14:02 - 000020801 _____ C:\Users\Lenka\Desktop\FRST.txt
2017-08-31 14:01 - 2017-08-31 14:01 - 000000000 ____D C:\FRST
2017-08-31 13:59 - 2017-08-31 13:59 - 000112640 _____ (forum.viry.cz) C:\Users\Lenka\Desktop\FRSTLauncher.exe
2017-08-31 13:58 - 2017-08-31 13:59 - 000112640 _____ (forum.viry.cz) C:\Users\Lenka\Downloads\FRSTLauncher.exe
2017-08-31 13:56 - 2017-08-31 13:56 - 001792512 _____ (Farbar) C:\Users\Lenka\Desktop\FRST.exe
2017-08-31 11:43 - 2017-08-31 13:46 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-31 11:43 - 2017-08-31 12:00 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-31 11:43 - 2017-08-31 12:00 - 000065312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-31 11:43 - 2017-08-31 12:00 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-31 11:42 - 2017-08-31 11:42 - 000001855 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-31 11:42 - 2017-08-31 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-31 11:42 - 2017-08-31 11:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-31 11:42 - 2017-08-31 11:42 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-31 11:42 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-08-31 11:38 - 2017-08-31 11:39 - 066347240 _____ (Malwarebytes ) C:\Users\Lenka\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-08-31 11:34 - 2017-08-31 13:49 - 000000000 ____D C:\Users\Lenka\AppData\LocalLow\Mozilla
2017-08-20 14:29 - 2017-08-22 10:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-08-31 13:46 - 2006-11-02 15:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-31 13:46 - 2006-11-02 14:47 - 000003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-31 13:46 - 2006-11-02 14:47 - 000003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-31 13:44 - 2006-11-02 15:01 - 000032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-31 11:00 - 2015-01-18 13:42 - 000000000 ____D C:\Program Files\Rising Kingdoms
2017-08-31 10:58 - 2006-11-02 08:37 - 000163644 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys
2017-08-29 11:49 - 2014-12-24 13:02 - 000000000 ____D C:\ProgramData\Origin
2017-08-29 10:04 - 2013-05-20 17:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-23 18:04 - 2017-02-20 16:20 - 000000000 ____D C:\Users\TuÄŤka\AppData\LocalLow\Mozilla
2017-08-22 10:53 - 2012-05-06 06:33 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-08-20 15:28 - 2017-07-09 15:39 - 000000000 ____D C:\Users\TaĹĄka\AppData\LocalLow\Mozilla
2017-08-17 15:52 - 2016-09-29 12:16 - 000000000 ____D C:\Users\TuÄŤka\Desktop\Filmy
2017-08-11 12:28 - 2012-06-10 11:19 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-08-11 12:28 - 2012-06-10 11:19 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-08-11 12:28 - 2008-11-06 15:25 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-11 12:18 - 2016-07-05 12:48 - 000000000 ____D C:\Users\TuÄŤka\AppData\Roaming\vlc
2017-08-11 11:51 - 2014-06-02 19:11 - 000000000 ____D C:\Users\TuÄŤka\AppData\Roaming\Real
2017-08-04 15:54 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf
==================== Files in the root of some directories =======
2014-10-29 16:27 - 2014-10-29 16:28 - 000005960 _____ () C:\Program Files\log.txt
2009-10-17 19:04 - 2010-10-02 15:41 - 000000141 _____ () C:\Users\Lenka\AppData\Roaming\default.rss
2008-12-16 20:17 - 2008-12-16 20:17 - 000000235 _____ () C:\Users\Lenka\AppData\Roaming\devices.xml
2008-12-16 20:17 - 2008-12-16 20:17 - 000000012 _____ () C:\Users\Lenka\AppData\Roaming\settings.xml
2010-06-21 14:35 - 2011-07-31 15:09 - 000000680 _____ () C:\Users\Lenka\AppData\Local\d3d9caps.dat
2008-12-12 16:58 - 2016-06-29 19:01 - 000237056 _____ () C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-15 19:01 - 2008-12-16 20:38 - 000000584 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\Petra\cc_20150827_122906.reg
C:\Users\TaĹĄka\cc_20150827_123831.reg
C:\Users\TaĹĄka\cc_20150827_123902.reg
C:\Users\TuÄŤka\cc_20150827_124257.reg
Some files in TEMP:
====================
2016-02-19 18:58 - 2016-02-19 18:58 - 000000000 ____D () C:\Users\Lenka\AppData\Local\Temp\avgnt.exe
2017-01-23 15:48 - 2017-01-23 15:48 - 000043008 _____ () C:\Users\Lenka\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2fzeru.dll
2015-01-05 17:32 - 2016-02-13 20:24 - 000000000 ____D () C:\Users\Petra\AppData\Local\Temp\avgnt.exe
2015-11-13 14:07 - 2015-11-28 12:06 - 033860608 _____ () C:\Users\Petra\AppData\Local\Temp\SkypeSetup.exe
2015-03-08 15:37 - 2015-03-08 15:37 - 000000000 ____D () C:\Users\TaĹĄka\AppData\Local\Temp\avgnt.exe
2015-01-08 18:37 - 2015-01-08 18:37 - 000000000 ____D () C:\Users\TuÄŤka\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Lenka\Desktop" je 2 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira Systray
C:\Program Files\Avira\Launcher\Avira.Systray.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent
C:\Program Files\BlueStacks\HD-Agent.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core
"C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing
C:\Program Files\TechSmith\Jing\Jing.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG LinkAir
C:\Program Files\PeerBlock\peerblock.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock
C:\Windows\system32\PrintDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp
"C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
Re§im ECHO je vypnut.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk
C:\PROGRA~1\WIBUKEY\Server\WkSvMgr.exe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
# AdwCleaner 7.0.2.1 - Logfile created on Thu Aug 31 15:17:59 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 08-29-2017.2
# Running on Windows Vista (TM) Home Premium (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
PUP.Optional.Legacy, C:\Program Files\DriverToolkit
PUP.Optional.Legacy, C:\Users\Lenka\AppData\Local\DriverToolkit
PUP.Optional.Legacy, C:\Program Files\Free FLV Converter
PUP.Optional.Legacy, C:\ProgramData\ICQ\ICQNewTab
PUP.Optional.Legacy, C:\ProgramData\Application Data\ICQ\ICQNewTab
PUP.Optional.Legacy, C:\Users\All Users\ICQ\ICQNewTab
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
PUP.Optional.Legacy, DRIVERTOOLKIT AUTORUN
***** [ Registry ] *****
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKCU\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{65739FA2-0444-4AB2-B598-872406539EBD}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{65739FA2-0444-4AB2-B598-872406539EBD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SiteSee
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Free FLV Converter_is1
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Free FLV Converter_is1
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E716F183-5AD7-11DC-9670-00508DC0D496}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{528B5866-2BA6-42CE-8F74-39FB23B49767}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
# Updated on 2017/29/08 by Malwarebytes
# Database: 08-29-2017.2
# Running on Windows Vista (TM) Home Premium (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
PUP.Optional.Legacy, C:\Program Files\DriverToolkit
PUP.Optional.Legacy, C:\Users\Lenka\AppData\Local\DriverToolkit
PUP.Optional.Legacy, C:\Program Files\Free FLV Converter
PUP.Optional.Legacy, C:\ProgramData\ICQ\ICQNewTab
PUP.Optional.Legacy, C:\ProgramData\Application Data\ICQ\ICQNewTab
PUP.Optional.Legacy, C:\Users\All Users\ICQ\ICQNewTab
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
PUP.Optional.Legacy, DRIVERTOOLKIT AUTORUN
***** [ Registry ] *****
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKCU\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{65739FA2-0444-4AB2-B598-872406539EBD}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{65739FA2-0444-4AB2-B598-872406539EBD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SiteSee
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Free FLV Converter_is1
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Free FLV Converter_is1
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E716F183-5AD7-11DC-9670-00508DC0D496}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{528B5866-2BA6-42CE-8F74-39FB23B49767}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
OK. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {26118ad3-b094-11e5-99cc-001fd084678a} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {4459499d-1677-11e6-a3d7-001fd084678a} - O:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667600844-4042081094-1971980655-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
U3 aemxl3qq; C:\Windows\system32\Drivers\aemxl3qq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Lenka\AppData\Local\Temp
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola logu
Fix result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017
Ran by Lenka (01-09-2017 10:31:03) Run:2
Running from C:\Users\Lenka\Desktop
Loaded Profiles: Lenka (Available Profiles: Lenka & Petra & Taťka & UpdatusUser & Tučka & Guest)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {26118ad3-b094-11e5-99cc-001fd084678a} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {4459499d-1677-11e6-a3d7-001fd084678a} - O:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667600844-4042081094-1971980655-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
U3 aemxl3qq; C:\Windows\system32\Drivers\aemxl3qq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Lenka\AppData\Local\Temp
EmptyTemp:
End
*****************
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26118ad3-b094-11e5-99cc-001fd084678a} => key not found.
HKLM\Software\Classes\CLSID\{26118ad3-b094-11e5-99cc-001fd084678a} => key not found.
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4459499d-1677-11e6-a3d7-001fd084678a} => key not found.
HKLM\Software\Classes\CLSID\{4459499d-1677-11e6-a3d7-001fd084678a} => key not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
HKLM\Software\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => value not found.
HKLM\Software\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
aemxl3qq => service not found.
"C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
"C:\Users\Lenka\AppData\Local\Temp" folder move:
Could not move "C:\Users\Lenka\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8119332 B
Java, Flash, Steam htmlcache => 2988 B
Windows/system/drivers => 676856559 B
Edge => 0 B
Chrome => 3587072 B
Firefox => 80113648 B
Opera => 118784 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82868 B
LocalService => 0 B
NetworkService => 0 B
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-09-2017 11:10:34)
==> ATTENTION: System is not rebooted.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-09-2017 11:17:24)
==> ATTENTION: System is not rebooted.
"C:\Users\Lenka\AppData\Local\Temp" => Could not move
==== End of Fixlog 11:25:45 ====
Ran by Lenka (01-09-2017 10:31:03) Run:2
Running from C:\Users\Lenka\Desktop
Loaded Profiles: Lenka (Available Profiles: Lenka & Petra & Taťka & UpdatusUser & Tučka & Guest)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {26118ad3-b094-11e5-99cc-001fd084678a} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {4459499d-1677-11e6-a3d7-001fd084678a} - O:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667600844-4042081094-1971980655-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
U3 aemxl3qq; C:\Windows\system32\Drivers\aemxl3qq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Lenka\AppData\Local\Temp
EmptyTemp:
End
*****************
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26118ad3-b094-11e5-99cc-001fd084678a} => key not found.
HKLM\Software\Classes\CLSID\{26118ad3-b094-11e5-99cc-001fd084678a} => key not found.
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4459499d-1677-11e6-a3d7-001fd084678a} => key not found.
HKLM\Software\Classes\CLSID\{4459499d-1677-11e6-a3d7-001fd084678a} => key not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
HKLM\Software\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => value not found.
HKLM\Software\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
aemxl3qq => service not found.
"C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
"C:\Users\Lenka\AppData\Local\Temp" folder move:
Could not move "C:\Users\Lenka\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8119332 B
Java, Flash, Steam htmlcache => 2988 B
Windows/system/drivers => 676856559 B
Edge => 0 B
Chrome => 3587072 B
Firefox => 80113648 B
Opera => 118784 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82868 B
LocalService => 0 B
NetworkService => 0 B
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-09-2017 11:10:34)
==> ATTENTION: System is not rebooted.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-09-2017 11:17:24)
==> ATTENTION: System is not rebooted.
"C:\Users\Lenka\AppData\Local\Temp" => Could not move
==== End of Fixlog 11:25:45 ====
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola logu
Smazáno. Ještě restartujte PC:
==> ATTENTION: System is not rebooted.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?