Zdravím,prosím o kontrolu logu ,notebooku mé kamarádky.Vyskakují reklamy ...hodně reklam.Díky moc zde log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by host (administrator) on HOST-PC on 19-10-2014 17:17:45
Running from C:\Users\host\Desktop
Loaded Profile: host (Available profiles: host)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(APN LLC.) C:\Users\host\AppData\Local\VNT\vntldr.exe
(APN LLC.) C:\Users\host\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
(APN LLC.) C:\Users\host\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\EnhanceEmpire\updateEnhanceEmpire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\EnhanceEmpire\bin\utilEnhanceEmpire.exe
() C:\Program Files (x86)\EnhanceEmpire\bin\EnhanceEmpire.PurBrowse64.exe
() C:\Program Files (x86)\EnhanceEmpire\bin\EnhanceEmpire.BOASHelper.exe
() C:\Program Files (x86)\EnhanceEmpire\bin\EnhanceEmpire.BrowserAdapter.exe
() C:\Program Files (x86)\EnhanceEmpire\bin\EnhanceEmpire.BrowserAdapter64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\EnhanceEmpire\bin\EnhanceEmpire.BOASPRT.exe
() C:\Program Files (x86)\EnhanceEmpire\bin\EnhanceEmpire.BOAS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-08] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [196504 2014-08-22] (APN LLC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1533523691-63738600-1632550924-1000\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [6950400 2013-09-23] (FreeDownloadManager.ORG)
HKU\S-1-5-21-1533523691-63738600-1632550924-1000\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask-tb.com/?p2=%5EB9N%5EYYYYYY%5 ... 11-02&psv=
SearchScopes: HKCU - {87AECB3F-AF04-4F4D-B8E8-0819C11EFC32} URL = http://ask-tb.com/web?tpid=PTV-RG&o=Y10 ... psv=&pt=tb
BHO: Ask Toolbar -> {5054562D-5247-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport_x64.dll (APN LLC.)
BHO-x32: Ask Toolbar -> {5054562D-5247-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: EnhanceEmpire -> {e39519a5-9d10-478c-98d8-9c486f3190a4} -> C:\Program Files (x86)\EnhanceEmpire\EnhanceEmpirebho.dll (EnhanceEmpire)
Toolbar: HKLM - Ask Toolbar - {5054562D-5247-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Ask Toolbar - {5054562D-5247-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
Chrome:
=======
CHR HomePage: Default -> hxxp://ask-tb.com/?p2=%5EB9N%5EYYYYYY%5EYY%5ECZ&gct=hp&o=Y10002cr&apn_ptnrs=%5EB9N&apn_dtid=%5EYYYYYY%5EYY%5ECZ&tpid=PTV-RG&apn_dbr=cr_30.0.1599.101&trgb=ALL&apn_uid=03AA4C18-C144-4B8A-9E53-A513FD5B8A29&itbv=12.6.0.1732&doi=2013-11-02&psv=
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\host\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-10]
CHR Extension: (Disk Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-10]
CHR Extension: (YouTube) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-10]
CHR Extension: (Vyhledávání Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-10]
CHR Extension: (Peněženka Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2013-12-30]
CHR Extension: (Gmail) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-10]
CHR HKLM\...\Chrome\Extension: [aaaahnibljmklpljnbpgfobmfpfhplch] - C:\ProgramData\AskPartnerNetwork\Toolbar\PTV-RG\CRX\ToolbarCR.crx [2014-10-12]
CHR HKLM-x32\...\Chrome\Extension: [aaaahnibljmklpljnbpgfobmfpfhplch] - C:\ProgramData\AskPartnerNetwork\Toolbar\PTV-RG\CRX\ToolbarCR.crx [2014-10-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-09] (APN LLC.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R4 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36424 2014-06-18] (Just Develop It) <==== ATTENTION
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\Installer\InstallerService.exe [126464 2013-10-24] () [File not signed]
R2 Update EnhanceEmpire; C:\Program Files (x86)\EnhanceEmpire\updateEnhanceEmpire.exe [524072 2014-10-19] ()
R4 Util EnhanceEmpire; C:\Program Files (x86)\EnhanceEmpire\bin\utilEnhanceEmpire.exe [524072 2014-10-19] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R1 {75e31400-eac4-49b7-986c-d198f0b97db7}Gw64; C:\Windows\System32\drivers\{75e31400-eac4-49b7-986c-d198f0b97db7}Gw64.sys [61128 2014-07-08] (StdLib)
R1 {7951da45-7bdd-437b-929a-ec3e88ff6c84}Gw64; C:\Windows\System32\drivers\{7951da45-7bdd-437b-929a-ec3e88ff6c84}Gw64.sys [61128 2014-09-01] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 17:17 - 2014-10-19 17:19 - 00013110 _____ () C:\Users\host\Desktop\FRST.txt
2014-10-19 17:17 - 2014-10-19 17:17 - 00000000 ____D () C:\FRST
2014-10-19 17:16 - 2014-10-19 17:16 - 02112000 _____ (Farbar) C:\Users\host\Desktop\FRST64.exe
2014-10-19 17:10 - 2014-10-19 17:13 - 00112640 _____ (forum.viry.cz) C:\Users\host\Desktop\FRSTLauncher.exe
2014-10-19 17:06 - 2014-10-19 17:06 - 00000000 ____D () C:\Windows\pss
2014-10-19 17:04 - 2014-10-19 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-19 17:04 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-19 17:04 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-19 17:04 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-19 17:04 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-19 17:03 - 2014-10-19 17:04 - 00004428 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-19 17:01 - 2014-10-19 17:01 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-10-19 17:00 - 2014-10-19 17:00 - 00000000 ____D () C:\Users\host\Downloads\TurboBoost_Monitor_Win7_32_Z104004
2014-10-19 16:59 - 2014-10-19 16:59 - 22543948 _____ () C:\Users\host\Downloads\WLAN_Atheros_Win7_32_Z920419.zip
2014-10-19 16:59 - 2014-10-19 16:59 - 18390957 _____ () C:\Users\host\Downloads\TurboBoost_Monitor_Win7_32_Z104004.zip
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\WLAN_Atheros_Win7_32_Z920419
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\USB3_AsMedia_Win7_32_Z11250
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\Chipset_Intel_INFUpdate_Win7_64_Z9201021
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\Card_Reader_Alcor_Win7_32_Z12011708443
2014-10-19 16:58 - 2014-10-19 17:00 - 60813453 _____ () C:\Users\host\Downloads\VGA_Intel_Win7_32_Z815102361.zip
2014-10-19 16:58 - 2014-10-19 16:59 - 08431392 _____ () C:\Users\host\Downloads\Card_Reader_Alcor_Win7_32_Z12011708443.zip
2014-10-19 16:58 - 2014-10-19 16:59 - 03587563 _____ () C:\Users\host\Downloads\USB3_AsMedia_Win7_32_Z11250.zip
2014-10-19 16:58 - 2014-10-19 16:58 - 02655284 _____ () C:\Users\host\Downloads\Chipset_Intel_INFUpdate_Win7_64_Z9201021.zip
2014-10-12 15:06 - 2014-10-12 15:06 - 00000000 ____D () C:\Users\host\AppData\Roaming\Mozilla
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 17:08 - 2013-10-09 17:30 - 01278492 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 17:04 - 2013-10-24 22:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-19 17:04 - 2013-10-24 22:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-19 17:04 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 17:04 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 17:02 - 2013-10-09 18:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-19 17:01 - 2013-10-24 20:54 - 00020388 _____ () C:\Windows\DPINST.LOG
2014-10-19 17:01 - 2013-10-24 20:23 - 00014307 _____ () C:\Windows\setupact.log
2014-10-19 17:01 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-10-19 16:57 - 2013-10-10 10:37 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 16:56 - 2014-08-01 00:14 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-10-19 16:56 - 2013-10-10 10:37 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 16:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 15:06 - 2013-11-10 13:23 - 00000000 ____D () C:\Program Files (x86)\VNT
Some content of TEMP:
====================
C:\Users\host\AppData\Local\Temp\BackupSetup.exe
C:\Users\host\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\host\AppData\Local\Temp\KMP_3.7.0.113.exe
C:\Users\host\AppData\Local\Temp\KMP_3.8.0.120.exe
C:\Users\host\AppData\Local\Temp\KMP_3.8.0.121.exe
C:\Users\host\AppData\Local\Temp\KMP_3.9.0.126.exe
C:\Users\host\AppData\Local\Temp\KMP_3.9.0.127.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 05:03
==================== End Of Log ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
vyskakují reklamy v prohlížeči
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
vyskakují reklamy v prohlížeči
- Přílohy
-
- Addition.rar
- (6.21 KiB) Staženo 58 x
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vyskakují reklamy v prohlížeči
Zdravím!
Spusťte nejprve tuto utilitu:
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vyskakují reklamy v prohlížeči
# AdwCleaner v4.000 - Report created 19/10/2014 at 18:18:07
# DB v2014-10-19.11
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : host - HOST-PC
# Running from : C:\Users\host\Desktop\adwcleaner_4.000.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : APNMCP
Service Deleted : BackupStack
[#] Service Deleted : Update EnhanceEmpire
[#] Service Deleted : Util EnhanceEmpire
Service Deleted : {75e31400-eac4-49b7-986c-d198f0b97db7}Gw64
Service Deleted : {7951da45-7bdd-437b-929a-ec3e88ff6c84}Gw64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\host\AppData\Local\Temp\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Users\host\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\host\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Program Files (x86)\VNT
Folder Deleted : C:\Users\host\AppData\Local\VNT
[!] Folder Deleted : C:\Program Files (x86)\EnhanceEmpire
Folder Deleted : C:\Users\host\AppData\Local\Temp\EnhanceEmpire
File Deleted : C:\Users\host\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\host\Desktop\Sync Folder.lnk
File Deleted : C:\Windows\System32\\drivers\{75e31400-eac4-49b7-986c-d198f0b97db7}Gw64.sys
File Deleted : C:\Windows\System32\\drivers\{7951da45-7bdd-437b-929a-ec3e88ff6c84}Gw64.sys
File Deleted : C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VNT]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\EnhanceEmpire_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\EnhanceEmpire_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateEnhanceEmpire_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateEnhanceEmpire_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilEnhanceEmpire_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilEnhanceEmpire_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update EnhanceEmpire
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util EnhanceEmpire
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{e39519a5-9d10-478c-98d8-9c486f3190a4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{375D4D68-E576-449F-B588-A1E17C29F32D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{046f59b8-3ab5-445c-b397-b7cff9a1b2a3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e39519a5-9d10-478c-98d8-9c486f3190a4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{375D4D68-E576-449F-B588-A1E17C29F32D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\EnhanceEmpire
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\EnhanceEmpire
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EnhanceEmpire
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v
-\\ Google Chrome v37.0.2062.120
*************************
AdwCleaner[R0].txt - [5974 octets] - [19/10/2014 18:16:23]
AdwCleaner[S0].txt - [5644 octets] - [19/10/2014 18:18:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5704 octets] ##########
# DB v2014-10-19.11
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : host - HOST-PC
# Running from : C:\Users\host\Desktop\adwcleaner_4.000.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : APNMCP
Service Deleted : BackupStack
[#] Service Deleted : Update EnhanceEmpire
[#] Service Deleted : Util EnhanceEmpire
Service Deleted : {75e31400-eac4-49b7-986c-d198f0b97db7}Gw64
Service Deleted : {7951da45-7bdd-437b-929a-ec3e88ff6c84}Gw64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\host\AppData\Local\Temp\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Users\host\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\host\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Program Files (x86)\VNT
Folder Deleted : C:\Users\host\AppData\Local\VNT
[!] Folder Deleted : C:\Program Files (x86)\EnhanceEmpire
Folder Deleted : C:\Users\host\AppData\Local\Temp\EnhanceEmpire
File Deleted : C:\Users\host\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\host\Desktop\Sync Folder.lnk
File Deleted : C:\Windows\System32\\drivers\{75e31400-eac4-49b7-986c-d198f0b97db7}Gw64.sys
File Deleted : C:\Windows\System32\\drivers\{7951da45-7bdd-437b-929a-ec3e88ff6c84}Gw64.sys
File Deleted : C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VNT]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\EnhanceEmpire_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\EnhanceEmpire_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateEnhanceEmpire_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateEnhanceEmpire_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilEnhanceEmpire_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilEnhanceEmpire_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update EnhanceEmpire
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util EnhanceEmpire
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{e39519a5-9d10-478c-98d8-9c486f3190a4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{375D4D68-E576-449F-B588-A1E17C29F32D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{046f59b8-3ab5-445c-b397-b7cff9a1b2a3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e39519a5-9d10-478c-98d8-9c486f3190a4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{375D4D68-E576-449F-B588-A1E17C29F32D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\EnhanceEmpire
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\EnhanceEmpire
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EnhanceEmpire
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v
-\\ Google Chrome v37.0.2062.120
*************************
AdwCleaner[R0].txt - [5974 octets] - [19/10/2014 18:16:23]
AdwCleaner[S0].txt - [5644 octets] - [19/10/2014 18:18:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5704 octets] ##########
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vyskakují reklamy v prohlížeči
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vyskakují reklamy v prohlížeči
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by host (administrator) on HOST-PC on 19-10-2014 18:21:49
Running from C:\Users\host\Desktop
Loaded Profile: host (Available profiles: host)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-08] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1533523691-63738600-1632550924-1000\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [6950400 2013-09-23] (FreeDownloadManager.ORG)
HKU\S-1-5-21-1533523691-63738600-1632550924-1000\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask-tb.com/?p2=%5EB9N%5EYYYYYY%5 ... 11-02&psv=
SearchScopes: HKCU - {87AECB3F-AF04-4F4D-B8E8-0819C11EFC32} URL = http://ask-tb.com/web?tpid=PTV-RG&o=Y10 ... psv=&pt=tb
BHO: Ask Toolbar -> {5054562D-5247-006A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport_x64.dll" No File
BHO-x32: Ask Toolbar -> {5054562D-5247-006A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll" No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {5054562D-5247-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Ask Toolbar - {5054562D-5247-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll" No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
Chrome:
=======
CHR HomePage: Default -> hxxp://ask-tb.com/?p2=%5EB9N%5EYYYYYY%5EYY%5ECZ&gct=hp&o=Y10002cr&apn_ptnrs=%5EB9N&apn_dtid=%5EYYYYYY%5EYY%5ECZ&tpid=PTV-RG&apn_dbr=cr_30.0.1599.101&trgb=ALL&apn_uid=03AA4C18-C144-4B8A-9E53-A513FD5B8A29&itbv=12.6.0.1732&doi=2013-11-02&psv=
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\host\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-10]
CHR Extension: (Disk Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-10]
CHR Extension: (YouTube) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-10]
CHR Extension: (Vyhledávání Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-10]
CHR Extension: (Peněženka Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2013-12-30]
CHR Extension: (Gmail) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-10]
CHR HKLM\...\Chrome\Extension: [aaaahnibljmklpljnbpgfobmfpfhplch] - C:\ProgramData\AskPartnerNetwork\Toolbar\PTV-RG\CRX\ToolbarCR.crx []
CHR HKLM-x32\...\Chrome\Extension: [aaaahnibljmklpljnbpgfobmfpfhplch] - C:\ProgramData\AskPartnerNetwork\Toolbar\PTV-RG\CRX\ToolbarCR.crx []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\Installer\InstallerService.exe [126464 2013-10-24] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 18:21 - 2014-10-19 18:21 - 00000000 ____D () C:\Users\host\Desktop\FRST-OlderVersion
2014-10-19 18:16 - 2014-10-19 18:18 - 00000000 ____D () C:\AdwCleaner
2014-10-19 18:14 - 2014-10-19 18:15 - 01976320 _____ () C:\Users\host\Desktop\adwcleaner_4.000.exe
2014-10-19 17:21 - 2014-10-19 17:21 - 00006357 _____ () C:\Users\host\Desktop\Addition.rar
2014-10-19 17:20 - 2014-10-19 17:20 - 00023424 _____ () C:\Users\host\Desktop\Addition.txt
2014-10-19 17:17 - 2014-10-19 18:23 - 00011143 _____ () C:\Users\host\Desktop\FRST.txt
2014-10-19 17:17 - 2014-10-19 18:21 - 00000000 ____D () C:\FRST
2014-10-19 17:16 - 2014-10-19 18:21 - 02112512 _____ (Farbar) C:\Users\host\Desktop\FRST64.exe
2014-10-19 17:06 - 2014-10-19 17:06 - 00000000 ____D () C:\Windows\pss
2014-10-19 17:04 - 2014-10-19 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-19 17:04 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-19 17:04 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-19 17:04 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-19 17:04 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-19 17:03 - 2014-10-19 17:04 - 00004428 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-19 17:01 - 2014-10-19 17:01 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-10-19 17:00 - 2014-10-19 17:00 - 00000000 ____D () C:\Users\host\Downloads\TurboBoost_Monitor_Win7_32_Z104004
2014-10-19 16:59 - 2014-10-19 16:59 - 22543948 _____ () C:\Users\host\Downloads\WLAN_Atheros_Win7_32_Z920419.zip
2014-10-19 16:59 - 2014-10-19 16:59 - 18390957 _____ () C:\Users\host\Downloads\TurboBoost_Monitor_Win7_32_Z104004.zip
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\WLAN_Atheros_Win7_32_Z920419
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\USB3_AsMedia_Win7_32_Z11250
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\Chipset_Intel_INFUpdate_Win7_64_Z9201021
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\Card_Reader_Alcor_Win7_32_Z12011708443
2014-10-19 16:58 - 2014-10-19 17:00 - 60813453 _____ () C:\Users\host\Downloads\VGA_Intel_Win7_32_Z815102361.zip
2014-10-19 16:58 - 2014-10-19 16:59 - 08431392 _____ () C:\Users\host\Downloads\Card_Reader_Alcor_Win7_32_Z12011708443.zip
2014-10-19 16:58 - 2014-10-19 16:59 - 03587563 _____ () C:\Users\host\Downloads\USB3_AsMedia_Win7_32_Z11250.zip
2014-10-19 16:58 - 2014-10-19 16:58 - 02655284 _____ () C:\Users\host\Downloads\Chipset_Intel_INFUpdate_Win7_64_Z9201021.zip
2014-10-12 15:06 - 2014-10-12 15:06 - 00000000 ____D () C:\Users\host\AppData\Roaming\Mozilla
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 18:22 - 2013-10-09 17:30 - 01354954 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 18:19 - 2013-10-24 20:23 - 00014363 _____ () C:\Windows\setupact.log
2014-10-19 18:19 - 2013-10-10 13:06 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 18:19 - 2013-10-10 10:37 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 18:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 18:18 - 2013-10-24 20:42 - 00010398 _____ () C:\Windows\PFRO.log
2014-10-19 18:15 - 2013-10-24 19:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 17:57 - 2013-10-10 10:37 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 17:54 - 2013-10-24 19:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-19 17:41 - 2013-10-10 13:06 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-19 17:40 - 2013-10-10 13:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-19 17:40 - 2013-10-10 13:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-19 17:04 - 2013-10-24 22:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-19 17:04 - 2013-10-24 22:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-19 17:04 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 17:04 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 17:02 - 2013-10-09 18:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-19 17:01 - 2013-10-24 20:54 - 00020388 _____ () C:\Windows\DPINST.LOG
2014-10-19 17:01 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
Some content of TEMP:
====================
C:\Users\host\AppData\Local\Temp\BackupSetup.exe
C:\Users\host\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\host\AppData\Local\Temp\KMP_3.7.0.113.exe
C:\Users\host\AppData\Local\Temp\KMP_3.8.0.120.exe
C:\Users\host\AppData\Local\Temp\KMP_3.8.0.121.exe
C:\Users\host\AppData\Local\Temp\KMP_3.9.0.126.exe
C:\Users\host\AppData\Local\Temp\KMP_3.9.0.127.exe
C:\Users\host\AppData\Local\Temp\Quarantine.exe
C:\Users\host\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 05:03
==================== End Of Log ============================
Ran by host (administrator) on HOST-PC on 19-10-2014 18:21:49
Running from C:\Users\host\Desktop
Loaded Profile: host (Available profiles: host)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-08] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1533523691-63738600-1632550924-1000\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [6950400 2013-09-23] (FreeDownloadManager.ORG)
HKU\S-1-5-21-1533523691-63738600-1632550924-1000\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask-tb.com/?p2=%5EB9N%5EYYYYYY%5 ... 11-02&psv=
SearchScopes: HKCU - {87AECB3F-AF04-4F4D-B8E8-0819C11EFC32} URL = http://ask-tb.com/web?tpid=PTV-RG&o=Y10 ... psv=&pt=tb
BHO: Ask Toolbar -> {5054562D-5247-006A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport_x64.dll" No File
BHO-x32: Ask Toolbar -> {5054562D-5247-006A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll" No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {5054562D-5247-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Ask Toolbar - {5054562D-5247-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll" No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
Chrome:
=======
CHR HomePage: Default -> hxxp://ask-tb.com/?p2=%5EB9N%5EYYYYYY%5EYY%5ECZ&gct=hp&o=Y10002cr&apn_ptnrs=%5EB9N&apn_dtid=%5EYYYYYY%5EYY%5ECZ&tpid=PTV-RG&apn_dbr=cr_30.0.1599.101&trgb=ALL&apn_uid=03AA4C18-C144-4B8A-9E53-A513FD5B8A29&itbv=12.6.0.1732&doi=2013-11-02&psv=
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\host\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-10]
CHR Extension: (Disk Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-10]
CHR Extension: (YouTube) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-10]
CHR Extension: (Vyhledávání Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-10]
CHR Extension: (Peněženka Google) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2013-12-30]
CHR Extension: (Gmail) - C:\Users\host\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-10]
CHR HKLM\...\Chrome\Extension: [aaaahnibljmklpljnbpgfobmfpfhplch] - C:\ProgramData\AskPartnerNetwork\Toolbar\PTV-RG\CRX\ToolbarCR.crx []
CHR HKLM-x32\...\Chrome\Extension: [aaaahnibljmklpljnbpgfobmfpfhplch] - C:\ProgramData\AskPartnerNetwork\Toolbar\PTV-RG\CRX\ToolbarCR.crx []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\Installer\InstallerService.exe [126464 2013-10-24] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 18:21 - 2014-10-19 18:21 - 00000000 ____D () C:\Users\host\Desktop\FRST-OlderVersion
2014-10-19 18:16 - 2014-10-19 18:18 - 00000000 ____D () C:\AdwCleaner
2014-10-19 18:14 - 2014-10-19 18:15 - 01976320 _____ () C:\Users\host\Desktop\adwcleaner_4.000.exe
2014-10-19 17:21 - 2014-10-19 17:21 - 00006357 _____ () C:\Users\host\Desktop\Addition.rar
2014-10-19 17:20 - 2014-10-19 17:20 - 00023424 _____ () C:\Users\host\Desktop\Addition.txt
2014-10-19 17:17 - 2014-10-19 18:23 - 00011143 _____ () C:\Users\host\Desktop\FRST.txt
2014-10-19 17:17 - 2014-10-19 18:21 - 00000000 ____D () C:\FRST
2014-10-19 17:16 - 2014-10-19 18:21 - 02112512 _____ (Farbar) C:\Users\host\Desktop\FRST64.exe
2014-10-19 17:06 - 2014-10-19 17:06 - 00000000 ____D () C:\Windows\pss
2014-10-19 17:04 - 2014-10-19 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-19 17:04 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-19 17:04 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-19 17:04 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-19 17:04 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-19 17:03 - 2014-10-19 17:04 - 00004428 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-10-19 17:01 - 2014-10-19 17:01 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-10-19 17:00 - 2014-10-19 17:00 - 00000000 ____D () C:\Users\host\Downloads\TurboBoost_Monitor_Win7_32_Z104004
2014-10-19 16:59 - 2014-10-19 16:59 - 22543948 _____ () C:\Users\host\Downloads\WLAN_Atheros_Win7_32_Z920419.zip
2014-10-19 16:59 - 2014-10-19 16:59 - 18390957 _____ () C:\Users\host\Downloads\TurboBoost_Monitor_Win7_32_Z104004.zip
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\WLAN_Atheros_Win7_32_Z920419
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\USB3_AsMedia_Win7_32_Z11250
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\Chipset_Intel_INFUpdate_Win7_64_Z9201021
2014-10-19 16:59 - 2014-10-19 16:59 - 00000000 ____D () C:\Users\host\Downloads\Card_Reader_Alcor_Win7_32_Z12011708443
2014-10-19 16:58 - 2014-10-19 17:00 - 60813453 _____ () C:\Users\host\Downloads\VGA_Intel_Win7_32_Z815102361.zip
2014-10-19 16:58 - 2014-10-19 16:59 - 08431392 _____ () C:\Users\host\Downloads\Card_Reader_Alcor_Win7_32_Z12011708443.zip
2014-10-19 16:58 - 2014-10-19 16:59 - 03587563 _____ () C:\Users\host\Downloads\USB3_AsMedia_Win7_32_Z11250.zip
2014-10-19 16:58 - 2014-10-19 16:58 - 02655284 _____ () C:\Users\host\Downloads\Chipset_Intel_INFUpdate_Win7_64_Z9201021.zip
2014-10-12 15:06 - 2014-10-12 15:06 - 00000000 ____D () C:\Users\host\AppData\Roaming\Mozilla
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 18:22 - 2013-10-09 17:30 - 01354954 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 18:19 - 2013-10-24 20:23 - 00014363 _____ () C:\Windows\setupact.log
2014-10-19 18:19 - 2013-10-10 13:06 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 18:19 - 2013-10-10 10:37 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 18:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 18:18 - 2013-10-24 20:42 - 00010398 _____ () C:\Windows\PFRO.log
2014-10-19 18:15 - 2013-10-24 19:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 17:57 - 2013-10-10 10:37 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 17:54 - 2013-10-24 19:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-19 17:41 - 2013-10-10 13:06 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-19 17:40 - 2013-10-10 13:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-19 17:40 - 2013-10-10 13:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-19 17:04 - 2013-10-24 22:10 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-19 17:04 - 2013-10-24 22:09 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-19 17:04 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 17:04 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 17:02 - 2013-10-09 18:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-19 17:01 - 2013-10-24 20:54 - 00020388 _____ () C:\Windows\DPINST.LOG
2014-10-19 17:01 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
Some content of TEMP:
====================
C:\Users\host\AppData\Local\Temp\BackupSetup.exe
C:\Users\host\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\host\AppData\Local\Temp\KMP_3.7.0.113.exe
C:\Users\host\AppData\Local\Temp\KMP_3.8.0.120.exe
C:\Users\host\AppData\Local\Temp\KMP_3.8.0.121.exe
C:\Users\host\AppData\Local\Temp\KMP_3.9.0.126.exe
C:\Users\host\AppData\Local\Temp\KMP_3.9.0.127.exe
C:\Users\host\AppData\Local\Temp\Quarantine.exe
C:\Users\host\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-06 05:03
==================== End Of Log ============================
- Přílohy
-
- Addition.rar
- (5.88 KiB) Staženo 59 x
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vyskakují reklamy v prohlížeči
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask-tb.com/?p2=%5EB9N%5EYYYYYY%5 ... 11-02&psv=
SearchScopes: HKCU - {87AECB3F-AF04-4F4D-B8E8-0819C11EFC32} URL = http://ask-tb.com/web?tpid=PTV-RG&o=Y10 ... psv=&pt=tb
BHO: Ask Toolbar -> {5054562D-5247-006A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport_x64.dll" No File
BHO-x32: Ask Toolbar -> {5054562D-5247-006A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll" No File
Toolbar: HKLM - Ask Toolbar - {5054562D-5247-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Ask Toolbar - {5054562D-5247-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PTV-RG\Passport.dll" No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://ask-tb.com/?p2=%5EB9N%5EYYYYYY%5 ... 11-02&psv=
CHR HKLM\...\Chrome\Extension: [aaaahnibljmklpljnbpgfobmfpfhplch] - C:\ProgramData\AskPartnerNetwork\Toolbar\PTV-RG\CRX\ToolbarCR.crx []
CHR HKLM-x32\...\Chrome\Extension: [aaaahnibljmklpljnbpgfobmfpfhplch] - C:\ProgramData\AskPartnerNetwork\Toolbar\PTV-RG\CRX\ToolbarCR.crx []
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\host\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?