VIRY.CZ
https://forum.viry.cz:443/

Podvodný odkaz na BWIN (prosím o radu)
https://forum.viry.cz:443/viewtopic.php?f=6&t=142948
Stránka 1 z 1

Autor:  Jaroo [ 11 úno 2015 20:11 ]
Předmět příspěvku:  Podvodný odkaz na BWIN (prosím o radu)

Zdravím,

Včera večer jsem blbec klikl na podvodný odkaz, který (když budu pro něco hlasovat) nabízel free bonus 2 000kč u sázkové kanceláře BWIN. Zde odkaz : http://bwonuscasio.esy.es/ , už podle té adresy je jasné že je to podvod, jenže jsem byl asi ospalej a přes BWIN už nějakou dobu aktivně nesázím, tak sem si řekl proč ne... Vyplnil jsem tam tedy svůj login na BWIN a zhruba půl hodinu potom se tam začali točit peníze, začalo to na 5 000 a po různých částkách za krátkou dobu snižovalo až na 0, pak tam přišlo 1 000 a zase se to snížilo na 0, pak jsem radši zablokoval účet. Zároveň mi na mejl, který jsem tam uvedl při registraci, chodilo i potvrzení o platbách, výběrech a neúspěšných pokusech o platbu.
Nemáte s tím někdo prosím zkušenost ? Stačilo že jsem nechal zablokovat účet nebo to mám ještě nějak řešit dál ?
Děkuji

Autor:  Rudy [ 11 úno 2015 20:14 ]
Předmět příspěvku:  Re: Podvodný odkaz na BWIN (prosím o radu)

Zdravím!
Bloknutí účtu je, samozřejmě, stěžejní věc. Bude ale dobré zkontrolovat i PC. Dejte log FRST: viewtopic.php?f=24&t=132509 .

Autor:  Jaroo [ 11 úno 2015 20:35 ]
Předmět příspěvku:  Re: Podvodný odkaz na BWIN (prosím o radu)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by Jaro (administrator) on JARO-PC on 11-02-2015 20:30:40
Running from C:\Users\Jaro\Desktop
Loaded Profiles: Jaro (Available profiles: Jaro)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Akamai Technologies, Inc.) C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
Failed to access process -> chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jaro\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\MountPoints2: {b1b82b0f-fea3-11e3-864c-806e6f6e6963} - D:\autoplay.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKLM - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_0.dll No File
URLSearchHook: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_0.dll No File
SearchScopes: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: BS Player ControlBar B Toolbar -> {31264a33-a653-46c4-af49-1232c59a7da5} -> C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_0.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_0.dll No File
Toolbar: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 -> BS Player ControlBar B Toolbar - {31264A33-A653-46C4-AF49-1232C59A7DA5} - C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_0.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2724695079-2630873064-2132910098-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jaro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Disk Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-28]
CHR Extension: (YouTube) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-28]
CHR Extension: (Peněženka Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-28]
CHR Extension: (Gmail) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-04-10] (ClientConnect Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-15] ()
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 20:30 - 2015-02-11 20:31 - 00009871 _____ () C:\Users\Jaro\Desktop\FRST.txt
2015-02-11 20:30 - 2015-02-11 20:30 - 00000000 ____D () C:\FRST
2015-02-11 20:29 - 2015-02-11 20:29 - 00112640 _____ (forum.viry.cz) C:\Users\Jaro\Desktop\FRSTLauncher.exe
2015-02-11 20:24 - 2015-02-11 20:25 - 01125376 _____ (Farbar) C:\Users\Jaro\Desktop\FRST.exe
2015-02-11 20:14 - 2015-02-11 20:22 - 736985088 _____ () C:\Users\Jaro\Downloads\CO-JSME-KOMU-UDĚLALI-super-franc.komedie-ČESKÉ-TITULKY-VLOŽENY-VE-FILMU-novinky-novinka-NA-ČSFD-83%-!!!.avi
2015-01-25 00:20 - 2015-01-25 00:20 - 00287646 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-01-23 21:54 - 2015-01-23 21:55 - 00292330 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-01-23 21:54 - 2015-01-23 21:54 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-23 12:19 - 2015-02-06 13:39 - 00000000 ____D () C:\Users\Jaro\Desktop\knihy
2015-01-22 13:07 - 2015-01-22 13:07 - 00000000 ____D () C:\Users\Jaro\Documents\My Games
2015-01-22 13:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-22 13:06 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-22 13:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-22 13:05 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-22 13:05 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-22 13:05 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-22 13:05 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-22 13:05 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-22 13:05 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-22 13:05 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-22 13:05 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-22 13:05 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-22 13:05 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-22 13:05 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-22 13:05 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-22 13:05 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-22 13:05 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-22 13:05 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-22 13:05 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-22 13:05 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-22 13:05 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-22 13:05 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-22 13:05 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-22 13:05 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-22 13:05 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-22 13:05 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-22 13:05 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-22 13:05 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-22 13:05 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-22 13:05 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-22 13:05 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-22 13:05 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-22 13:05 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-22 13:05 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-22 13:05 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-22 13:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-22 13:04 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-22 13:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-22 13:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-22 13:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-22 13:04 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-22 13:04 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-22 13:04 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-22 13:04 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-22 13:04 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-22 13:04 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-22 13:04 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-22 13:04 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-22 13:04 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-22 13:04 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-22 13:04 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-22 13:04 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-22 13:03 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-22 13:01 - 2015-01-22 13:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-22 11:23 - 2015-01-22 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-20 22:24 - 2015-01-20 22:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-20 22:24 - 2015-01-20 22:24 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-20 22:24 - 2015-01-20 22:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 22:24 - 2015-01-20 22:24 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 22:23 - 2015-01-20 22:26 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-18 17:35 - 2015-01-22 13:07 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Microsoft Games
2015-01-18 17:35 - 2015-01-18 17:35 - 00000000 ____D () C:\ProgramData\Microsoft Games
2015-01-18 16:54 - 2015-01-18 16:54 - 00000000 ____D () C:\ProgramData\Trymedia
2015-01-17 18:49 - 2015-01-17 18:54 - 00000000 ____D () C:\XIII
2015-01-17 15:14 - 2015-01-17 18:48 - 2042529388 _____ () C:\Users\Jaro\Downloads\XIII-+-Čeština-(no-install).rar
2015-01-17 11:53 - 2015-01-17 12:51 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
2015-01-17 11:51 - 2014-11-26 12:30 - 00000000 ____D () C:\Users\Jaro\Downloads\Roads Of Rome Game Collection
2015-01-16 20:43 - 2015-01-16 20:44 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Roads Of Rome
2015-01-16 20:42 - 2015-01-16 20:42 - 00002021 _____ () C:\Users\Jaro\Desktop\Roads of Rome.lnk
2015-01-16 20:42 - 2015-01-16 20:42 - 00000000 ____D () C:\Program Files\Games
2015-01-16 16:24 - 2015-01-16 16:24 - 00001962 _____ () C:\Users\Public\Desktop\X-COM - Apocalypse CZ.lnk
2015-01-16 16:24 - 2015-01-16 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-COM - Apocalypse CZ
2015-01-16 16:22 - 2015-01-16 16:24 - 00000000 ____D () C:\Program Files\X-COM-Apocalypse CZ
2015-01-16 16:21 - 2012-11-04 22:00 - 404489095 _____ () C:\Users\Jaro\Downloads\X-COM-Apocalypse-CZ-Setup.exe
2015-01-16 14:20 - 2015-01-16 14:46 - 00000000 ____D () C:\Diablo
2015-01-16 14:20 - 2015-01-16 14:20 - 00086528 _____ () C:\Windows\bnetunin.exe
2015-01-16 14:20 - 2015-01-16 14:20 - 00061440 _____ () C:\Windows\diabunin.exe
2015-01-16 14:20 - 2015-01-16 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
2015-01-16 14:14 - 2015-01-16 14:18 - 644628480 _____ () C:\Users\Jaro\Downloads\Diablo.iso
2015-01-14 15:03 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 15:03 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:02 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:02 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:02 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:02 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 20:25 - 2009-07-14 05:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 20:25 - 2009-07-14 05:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 20:19 - 2014-06-28 10:11 - 01815253 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 19:46 - 2014-06-28 10:22 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 19:44 - 2014-11-09 15:34 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 17:46 - 2014-11-17 19:50 - 00000000 ____D () C:\Users\Jaro\AppData\Local\Battle.net
2015-02-11 16:34 - 2014-06-28 10:22 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 16:34 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 16:34 - 2009-07-14 05:39 - 00043254 _____ () C:\Windows\setupact.log
2015-02-10 18:11 - 2014-11-17 19:54 - 00000000 ____D () C:\Program Files\Hearthstone
2015-02-06 20:02 - 2014-06-28 10:23 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 13:40 - 2014-11-17 19:50 - 00000000 ____D () C:\Program Files\Battle.net
2015-02-05 19:29 - 2014-11-09 15:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 19:29 - 2014-11-09 15:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 09:10 - 2009-07-14 05:33 - 00271040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-22 13:07 - 2014-08-24 09:46 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-22 13:06 - 2014-06-28 10:22 - 00058592 _____ () C:\Users\Jaro\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-22 12:47 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-20 22:25 - 2014-11-09 15:34 - 00000000 ____D () C:\Users\Jaro\AppData\Local\Adobe
2015-01-20 22:25 - 2014-06-29 11:36 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Adobe
2015-01-20 17:39 - 2014-12-07 15:27 - 00000000 ____D () C:\Program Files\GameforgeLive
2015-01-18 10:27 - 2010-11-20 22:48 - 00474264 _____ () C:\Windows\PFRO.log
2015-01-17 17:23 - 2014-12-08 19:04 - 00000000 ____D () C:\Temp
2015-01-14 22:27 - 2014-06-29 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:21 - 2014-06-29 09:29 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\AtStart.txt
2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\DSwitch.txt
2014-06-29 15:33 - 2014-06-29 15:33 - 0000092 _____ () C:\Users\Jaro\AppData\Local\fusioncache.dat
2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\QSwitch.txt
2014-12-31 22:22 - 2014-12-31 22:22 - 0006441 _____ () C:\Users\Jaro\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Jaro\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Jaro\AppData\Local\Temp\comver.dll
C:\Users\Jaro\AppData\Local\Temp\EBU7580.EXE
C:\Users\Jaro\AppData\Local\Temp\EBU78AB.DLL
C:\Users\Jaro\AppData\Local\Temp\hcuninstaller_20140629_214822_968.exe
C:\Users\Jaro\AppData\Local\Temp\MGS4B92.exe
C:\Users\Jaro\AppData\Local\Temp\MGS6C8A.dll
C:\Users\Jaro\AppData\Local\Temp\nscFCA8.tmp.exe
C:\Users\Jaro\AppData\Local\Temp\safeguard.exe
C:\Users\Jaro\AppData\Local\Temp\SIntf16.dll
C:\Users\Jaro\AppData\Local\Temp\SIntf32.dll
C:\Users\Jaro\AppData\Local\Temp\SIntfNT.dll
C:\Users\Jaro\AppData\Local\Temp\war3_Install.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jaro\Desktop" je 7370 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Autor:  Rudy [ 11 úno 2015 21:41 ]
Předmět příspěvku:  Re: Podvodný odkaz na BWIN (prosím o radu)

Spusťte tuto utilitu:

Citace:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Autor:  Jaroo [ 11 úno 2015 22:29 ]
Předmět příspěvku:  Re: Podvodný odkaz na BWIN (prosím o radu)

# AdwCleaner v4.110 - Logfile created 11/02/2015 at 22:25:10
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Jaro - JARO-PC
# Running from : C:\Users\Jaro\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : TBSrv

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tbccint
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\Tbccint
Folder Deleted : C:\Users\Jaro\AppData\Local\Temp\BS_Player_ControlBar_B
Folder Deleted : C:\Users\Jaro\AppData\Local\Tbccint
Folder Deleted : C:\Users\Jaro\AppData\LocalLow\Tbccint
Folder Deleted : C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B
File Deleted : C:\END

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3329621
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Tbccint
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar_B
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v40.0.2214.111


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [2863 bytes] - [11/02/2015 22:21:43]
AdwCleaner[S0].txt - [2850 bytes] - [11/02/2015 22:25:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2909 bytes] ##########

Autor:  Rudy [ 11 úno 2015 22:34 ]
Předmět příspěvku:  Re: Podvodný odkaz na BWIN (prosím o radu)

Dejte nový log FRST.

Autor:  Jaroo [ 11 úno 2015 22:50 ]
Předmět příspěvku:  Re: Podvodný odkaz na BWIN (prosím o radu)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by Jaro (administrator) on JARO-PC on 11-02-2015 22:45:16
Running from C:\Users\Jaro\Desktop
Loaded Profiles: Jaro (Available profiles: Jaro)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Akamai Technologies, Inc.) C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jaro\Desktop\FRSTLauncher.exe
Failed to access process -> dllhost.exe
Failed to access process -> dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\MountPoints2: {b1b82b0f-fea3-11e3-864c-806e6f6e6963} - D:\autoplay.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2724695079-2630873064-2132910098-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jaro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Disk Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-28]
CHR Extension: (YouTube) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-28]
CHR Extension: (Peněženka Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-28]
CHR Extension: (Gmail) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-15] ()
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:45 - 2015-02-11 22:45 - 00008769 _____ () C:\Users\Jaro\Desktop\FRST.txt
2015-02-11 22:21 - 2015-02-11 22:25 - 00000000 ____D () C:\AdwCleaner
2015-02-11 22:20 - 2015-02-11 22:20 - 02112512 _____ () C:\Users\Jaro\Desktop\adwcleaner_4.110.exe
2015-02-11 20:30 - 2015-02-11 22:45 - 00000000 ____D () C:\FRST
2015-02-11 20:29 - 2015-02-11 20:29 - 00112640 _____ (forum.viry.cz) C:\Users\Jaro\Desktop\FRSTLauncher.exe
2015-02-11 20:24 - 2015-02-11 20:25 - 01125376 _____ (Farbar) C:\Users\Jaro\Desktop\FRST.exe
2015-01-25 00:20 - 2015-01-25 00:20 - 00287646 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-01-23 21:54 - 2015-01-23 21:55 - 00292330 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-01-23 21:54 - 2015-01-23 21:54 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-23 12:19 - 2015-02-06 13:39 - 00000000 ____D () C:\Users\Jaro\Desktop\knihy
2015-01-22 13:07 - 2015-01-22 13:07 - 00000000 ____D () C:\Users\Jaro\Documents\My Games
2015-01-22 13:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-22 13:06 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-22 13:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-22 13:05 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-22 13:05 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-22 13:05 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-22 13:05 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-22 13:05 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-22 13:05 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-22 13:05 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-22 13:05 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-22 13:05 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-22 13:05 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-22 13:05 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-22 13:05 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-22 13:05 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-22 13:05 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-22 13:05 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-22 13:05 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-22 13:05 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-22 13:05 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-22 13:05 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-22 13:05 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-22 13:05 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-22 13:05 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-22 13:05 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-22 13:05 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-22 13:05 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-22 13:05 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-22 13:05 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-22 13:05 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-22 13:05 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-22 13:05 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-22 13:05 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-22 13:05 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-22 13:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-22 13:04 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-22 13:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-22 13:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-22 13:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-22 13:04 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-22 13:04 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-22 13:04 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-22 13:04 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-22 13:04 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-22 13:04 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-22 13:04 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-22 13:04 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-22 13:04 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-22 13:04 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-22 13:04 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-22 13:04 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-22 13:03 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-22 13:01 - 2015-01-22 13:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-22 11:23 - 2015-01-22 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-20 22:24 - 2015-01-20 22:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-20 22:24 - 2015-01-20 22:24 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-20 22:24 - 2015-01-20 22:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 22:24 - 2015-01-20 22:24 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 22:23 - 2015-01-20 22:26 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-18 17:35 - 2015-01-22 13:07 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Microsoft Games
2015-01-18 17:35 - 2015-01-18 17:35 - 00000000 ____D () C:\ProgramData\Microsoft Games
2015-01-17 18:49 - 2015-01-17 18:54 - 00000000 ____D () C:\XIII
2015-01-17 15:14 - 2015-01-17 18:48 - 2042529388 _____ () C:\Users\Jaro\Downloads\XIII-+-Čeština-(no-install).rar
2015-01-17 11:53 - 2015-01-17 12:51 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
2015-01-17 11:51 - 2014-11-26 12:30 - 00000000 ____D () C:\Users\Jaro\Downloads\Roads Of Rome Game Collection
2015-01-16 20:43 - 2015-01-16 20:44 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Roads Of Rome
2015-01-16 20:42 - 2015-01-16 20:42 - 00002021 _____ () C:\Users\Jaro\Desktop\Roads of Rome.lnk
2015-01-16 20:42 - 2015-01-16 20:42 - 00000000 ____D () C:\Program Files\Games
2015-01-16 16:24 - 2015-01-16 16:24 - 00001962 _____ () C:\Users\Public\Desktop\X-COM - Apocalypse CZ.lnk
2015-01-16 16:24 - 2015-01-16 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-COM - Apocalypse CZ
2015-01-16 16:22 - 2015-01-16 16:24 - 00000000 ____D () C:\Program Files\X-COM-Apocalypse CZ
2015-01-16 16:21 - 2012-11-04 22:00 - 404489095 _____ () C:\Users\Jaro\Downloads\X-COM-Apocalypse-CZ-Setup.exe
2015-01-16 14:20 - 2015-01-16 14:46 - 00000000 ____D () C:\Diablo
2015-01-16 14:20 - 2015-01-16 14:20 - 00086528 _____ () C:\Windows\bnetunin.exe
2015-01-16 14:20 - 2015-01-16 14:20 - 00061440 _____ () C:\Windows\diabunin.exe
2015-01-16 14:20 - 2015-01-16 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
2015-01-16 14:14 - 2015-01-16 14:18 - 644628480 _____ () C:\Users\Jaro\Downloads\Diablo.iso
2015-01-14 15:03 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 15:03 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:02 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:02 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:02 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:02 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:46 - 2014-06-28 10:22 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 22:44 - 2014-11-09 15:34 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 22:34 - 2009-07-14 05:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 22:34 - 2009-07-14 05:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 22:30 - 2014-06-28 10:11 - 01828386 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 22:26 - 2014-06-28 10:22 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 22:26 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 22:26 - 2009-07-14 05:39 - 00043310 _____ () C:\Windows\setupact.log
2015-02-11 17:46 - 2014-11-17 19:50 - 00000000 ____D () C:\Users\Jaro\AppData\Local\Battle.net
2015-02-10 18:11 - 2014-11-17 19:54 - 00000000 ____D () C:\Program Files\Hearthstone
2015-02-06 20:02 - 2014-06-28 10:23 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 13:40 - 2014-11-17 19:50 - 00000000 ____D () C:\Program Files\Battle.net
2015-02-05 19:29 - 2014-11-09 15:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 19:29 - 2014-11-09 15:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 09:10 - 2009-07-14 05:33 - 00271040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-22 13:07 - 2014-08-24 09:46 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-22 13:06 - 2014-06-28 10:22 - 00058592 _____ () C:\Users\Jaro\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-22 12:47 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-20 22:25 - 2014-11-09 15:34 - 00000000 ____D () C:\Users\Jaro\AppData\Local\Adobe
2015-01-20 22:25 - 2014-06-29 11:36 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Adobe
2015-01-20 17:39 - 2014-12-07 15:27 - 00000000 ____D () C:\Program Files\GameforgeLive
2015-01-18 10:27 - 2010-11-20 22:48 - 00474264 _____ () C:\Windows\PFRO.log
2015-01-17 17:23 - 2014-12-08 19:04 - 00000000 ____D () C:\Temp
2015-01-14 22:27 - 2014-06-29 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:21 - 2014-06-29 09:29 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\AtStart.txt
2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\DSwitch.txt
2014-06-29 15:33 - 2014-06-29 15:33 - 0000092 _____ () C:\Users\Jaro\AppData\Local\fusioncache.dat
2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\QSwitch.txt
2014-12-31 22:22 - 2014-12-31 22:22 - 0006441 _____ () C:\Users\Jaro\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Jaro\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Jaro\AppData\Local\Temp\comver.dll
C:\Users\Jaro\AppData\Local\Temp\EBU7580.EXE
C:\Users\Jaro\AppData\Local\Temp\EBU78AB.DLL
C:\Users\Jaro\AppData\Local\Temp\hcuninstaller_20140629_214822_968.exe
C:\Users\Jaro\AppData\Local\Temp\MGS4B92.exe
C:\Users\Jaro\AppData\Local\Temp\MGS6C8A.dll
C:\Users\Jaro\AppData\Local\Temp\nscFCA8.tmp.exe
C:\Users\Jaro\AppData\Local\Temp\Quarantine.exe
C:\Users\Jaro\AppData\Local\Temp\safeguard.exe
C:\Users\Jaro\AppData\Local\Temp\SIntf16.dll
C:\Users\Jaro\AppData\Local\Temp\SIntf32.dll
C:\Users\Jaro\AppData\Local\Temp\SIntfNT.dll
C:\Users\Jaro\AppData\Local\Temp\sqlite3.dll
C:\Users\Jaro\AppData\Local\Temp\war3_Install.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jaro\Desktop" je 7372 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Autor:  Rudy [ 12 úno 2015 20:51 ]
Předmět příspěvku:  Re: Podvodný odkaz na BWIN (prosím o radu)

Otevřte poznámkový blok a zkopírujte do něj:

Citace:
Start
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\MountPoints2: {b1b82b0f-fea3-11e3-864c-806e6f6e6963} - D:\autoplay.exe
C:\Users\Jaro\AppData\Local\Akamai
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Jaro\AppData\Local\Temp
End


Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Autor:  Jaroo [ 12 úno 2015 22:05 ]
Předmět příspěvku:  Re: Podvodný odkaz na BWIN (prosím o radu)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-02-2015 02
Ran by Jaro at 2015-02-12 22:01:27 Run:1
Running from C:\Users\Jaro\Desktop
Loaded Profiles: Jaro (Available profiles: Jaro)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\MountPoints2: {b1b82b0f-fea3-11e3-864c-806e6f6e6963} - D:\autoplay.exe
C:\Users\Jaro\AppData\Local\Akamai
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Jaro\AppData\Local\Temp
End
*****************

HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully.
"HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1b82b0f-fea3-11e3-864c-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{b1b82b0f-fea3-11e3-864c-806e6f6e6963} => Key not found.

"C:\Users\Jaro\AppData\Local\Akamai" directory move:

C:\Users\Jaro\AppData\Local\Akamai\admintool.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\client.ini => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\ControlPanel.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\CplTasks.xml => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\euc_state.json => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\extraroot.pem => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\guid.ini => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\installer.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\installer_no_upload_silent.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\netsession_installer.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\readme.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\root.pem => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\rswinui.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\uninstall.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\user.dat => Moved successfully.
Could not move "C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log" => Scheduled to move on reboot.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150205_211421.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150206_122842.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150206_225206.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150207_095031.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150207_211314.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150208_084013.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150208_214706.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150209_151633.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150209_213255.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150210_153425.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150210_221435.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150211_153458.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150211_212708.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150211_221858.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150212_152640.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon1.debug.log => Moved successfully.
Could not move "C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log" => Scheduled to move on reboot.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150205_211420.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_122905.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_132905.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_142906.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_152907.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_162908.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_172908.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_185556.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_205048.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_215049.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_225049.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_225205.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_095052.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_105053.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_115053.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_125054.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_135055.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_145055.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_155056.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_171129.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_181130.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_201237.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_211237.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_211313.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_084027.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_094028.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_104028.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_114029.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_124030.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_134031.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_144031.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_154031.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_164032.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_174033.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_184033.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_194033.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_204034.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_214034.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_214705.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_151655.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_161656.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_171657.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_181658.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_191658.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_205427.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_213255.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_153432.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_163432.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_173432.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_183433.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_193433.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_203433.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_213434.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_221435.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_153505.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_163506.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_173506.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_183506.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_193507.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_211922.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_212716.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_221856.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_152647.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_162647.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_172647.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_182648.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_192649.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_202649.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\chs.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\cht.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\csy.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\dan.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\deu.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\esp.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\fin.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\fra.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\ita.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\jpn.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\kor.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\nld.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\nor.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\plk.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\ptb.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\ptg.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\rus.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\sve.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\trk.dll => Moved successfully.
Could not move "C:\Users\Jaro\AppData\Local\Akamai" directory. => Scheduled to move on reboot.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

"C:\Users\Jaro\AppData\Local\Temp" directory move:

C:\Users\Jaro\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\AdobeSFX.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\adwcleaner.db => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\ASPNETSetup.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\ASPNETSetup_00000.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CFG33B2.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CFG5E06.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\chrome_installer.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CmdLineExt02.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\comver.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_NDP451-KB2858725-x86-x64-CSY_decompression_log.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_vcredistMSI08AD.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_vcredistUI08AD.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_vcredist_x86_20150122130050.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_vcredist_x86_20150122130050_0_vcRuntimeMinimum_x86.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_vcredist_x86_20150122130050_1_vcRuntimeAdditional_x86.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\DelUS.bat => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\DMI5B49.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dotNetFx.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\EBU7580.EXE => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\EBU78AB.DLL => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\etilqs_5Qju8xbq4vE0d66 => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\etilqs_JjQSzkabp4WVi85 => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\etilqs_THbSVlErEWjz2L7 => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\etilqs_tzNeSUoYjbU88fQ => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Jaro\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Jaro\AppData\Local\Temp\GLF1BF0.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\hcuninstaller_20140629_214822_968.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Jaro.bmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\MGS4B92.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\MGS6C8A.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft .NET Framework 4.5.1 (CSY) Setup_20140827_215615475-MSI_netfx_FullLP_GDR_x86.msi.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft .NET Framework 4.5.1 (CSY) Setup_20140827_215615475.html => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20140629_163610610-MSI_vc_red.msi.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20140629_163610610.html => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20140629_175218706-MSI_vc_red.msi.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20140629_175218706.html => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20141207_152802172.html => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\netfxsl.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\netfxupdate.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsbDEAB.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nscFCA8.tmp.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nslCE26.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsp2CD8.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsq5908.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsv86C9.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsvD3B1.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\PCWDF6.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\PCWDF6.xml => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\RGI3E7.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\RGI3E7.tmp-tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\safeguard.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Setup Log 2014-08-29 #001.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\SIntf16.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\SIntf32.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\SIntfIcn.ani => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\SIntfNT.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\start.html => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\v3init2.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\war3_Install.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\~2224.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\~36E8.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\{30500a81-e2bf-3102-fabc-cc6dc6625b4b}\mcdbus.inf => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\{30500a81-e2bf-3102-fabc-cc6dc6625b4b}\mcdbus.sys => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\VSDFF86.tmp\install.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\tmp94580.WMC\serviceinfo.xml => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\tmp90721.WMC\allservices.xml => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsw4B85.tmp\InstallOptions.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsw4B85.tmp\ioSpecial.ini => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsw4B85.tmp\modern-header.bmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsw4B85.tmp\modern-wizard.bmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\InstallOptions.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\ioSpecial.ini => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\LangDLL.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\modern-header.bmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\modern-wizard.bmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\StartMenu.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\System.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\26491793926104318.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\310392240126086721.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\316989118526109419.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\341192417326099638.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\391873161026097454.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\403815946626086721.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\is-7TR32.tmp\diablo_hellfire.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\d685ef53-1b0d-46c1-b619-53d5f102fd20\bsplayer.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\chromeid.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\ctbe.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\ddt.csf => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\ieLogic.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\setup.ini.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\statisticsStub.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\avastBCLTMP\{31264a33-a653-46c4-af49-1232c59a7da5}.zip => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\avastBCLTMP\chrome\Default\Web Data => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\0\ddt.csf => Moved successfully.
Could not move "C:\Users\Jaro\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-12 22:04:10)<=

C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log => Is moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log => Is moved successfully.
C:\Users\Jaro\AppData\Local\Akamai => Is moved successfully.
C:\Users\Jaro\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Jaro\AppData\Local\Temp => Moved successfully.

==== End of Fixlog 22:04:10 ====

Autor:  Rudy [ 12 úno 2015 22:12 ]
Předmět příspěvku:  Re: Podvodný odkaz na BWIN (prosím o radu)

Vše smazáno, PC by již měl být čistý.

Autor:  Jaroo [ 12 úno 2015 22:14 ]
Předmět příspěvku:  Re: Podvodný odkaz na BWIN (prosím o radu)

moc děkuji :)

Autor:  Rudy [ 13 úno 2015 19:30 ]
Předmět příspěvku:  Re: Podvodný odkaz na BWIN (prosím o radu)

Rádo se stalo! :)

Stránka 1 z 1 Všechny časy jsou v UTC + 1 hodina
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/