Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Podvodný odkaz na BWIN (prosím o radu)

http://www.hoax.cz

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zamčeno
Zpráva
Autor
Jaroo
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 11 úno 2015 14:25

Podvodný odkaz na BWIN (prosím o radu)

#1 Příspěvek od Jaroo »

Zdravím,

Včera večer jsem blbec klikl na podvodný odkaz, který (když budu pro něco hlasovat) nabízel free bonus 2 000kč u sázkové kanceláře BWIN. Zde odkaz : http://bwonuscasio.esy.es/ , už podle té adresy je jasné že je to podvod, jenže jsem byl asi ospalej a přes BWIN už nějakou dobu aktivně nesázím, tak sem si řekl proč ne... Vyplnil jsem tam tedy svůj login na BWIN a zhruba půl hodinu potom se tam začali točit peníze, začalo to na 5 000 a po různých částkách za krátkou dobu snižovalo až na 0, pak tam přišlo 1 000 a zase se to snížilo na 0, pak jsem radši zablokoval účet. Zároveň mi na mejl, který jsem tam uvedl při registraci, chodilo i potvrzení o platbách, výběrech a neúspěšných pokusech o platbu.
Nemáte s tím někdo prosím zkušenost ? Stačilo že jsem nechal zablokovat účet nebo to mám ještě nějak řešit dál ?
Děkuji

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Podvodný odkaz na BWIN (prosím o radu)

#2 Příspěvek od Rudy »

Zdravím!
Bloknutí účtu je, samozřejmě, stěžejní věc. Bude ale dobré zkontrolovat i PC. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Jaroo
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 11 úno 2015 14:25

Re: Podvodný odkaz na BWIN (prosím o radu)

#3 Příspěvek od Jaroo »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by Jaro (administrator) on JARO-PC on 11-02-2015 20:30:40
Running from C:\Users\Jaro\Desktop
Loaded Profiles: Jaro (Available profiles: Jaro)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Akamai Technologies, Inc.) C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
Failed to access process -> chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jaro\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\MountPoints2: {b1b82b0f-fea3-11e3-864c-806e6f6e6963} - D:\autoplay.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKLM - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_0.dll No File
URLSearchHook: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_0.dll No File
SearchScopes: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: BS Player ControlBar B Toolbar -> {31264a33-a653-46c4-af49-1232c59a7da5} -> C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_0.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_0.dll No File
Toolbar: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 -> BS Player ControlBar B Toolbar - {31264A33-A653-46C4-AF49-1232C59A7DA5} - C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_0.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2724695079-2630873064-2132910098-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jaro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Disk Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-28]
CHR Extension: (YouTube) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-28]
CHR Extension: (Peněženka Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-28]
CHR Extension: (Gmail) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-04-10] (ClientConnect Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-15] ()
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 20:30 - 2015-02-11 20:31 - 00009871 _____ () C:\Users\Jaro\Desktop\FRST.txt
2015-02-11 20:30 - 2015-02-11 20:30 - 00000000 ____D () C:\FRST
2015-02-11 20:29 - 2015-02-11 20:29 - 00112640 _____ (forum.viry.cz) C:\Users\Jaro\Desktop\FRSTLauncher.exe
2015-02-11 20:24 - 2015-02-11 20:25 - 01125376 _____ (Farbar) C:\Users\Jaro\Desktop\FRST.exe
2015-02-11 20:14 - 2015-02-11 20:22 - 736985088 _____ () C:\Users\Jaro\Downloads\CO-JSME-KOMU-UDĚLALI-super-franc.komedie-ČESKÉ-TITULKY-VLOŽENY-VE-FILMU-novinky-novinka-NA-ČSFD-83%-!!!.avi
2015-01-25 00:20 - 2015-01-25 00:20 - 00287646 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-01-23 21:54 - 2015-01-23 21:55 - 00292330 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-01-23 21:54 - 2015-01-23 21:54 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-23 12:19 - 2015-02-06 13:39 - 00000000 ____D () C:\Users\Jaro\Desktop\knihy
2015-01-22 13:07 - 2015-01-22 13:07 - 00000000 ____D () C:\Users\Jaro\Documents\My Games
2015-01-22 13:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-22 13:06 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-22 13:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-22 13:05 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-22 13:05 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-22 13:05 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-22 13:05 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-22 13:05 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-22 13:05 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-22 13:05 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-22 13:05 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-22 13:05 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-22 13:05 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-22 13:05 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-22 13:05 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-22 13:05 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-22 13:05 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-22 13:05 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-22 13:05 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-22 13:05 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-22 13:05 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-22 13:05 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-22 13:05 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-22 13:05 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-22 13:05 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-22 13:05 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-22 13:05 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-22 13:05 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-22 13:05 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-22 13:05 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-22 13:05 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-22 13:05 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-22 13:05 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-22 13:05 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-22 13:05 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-22 13:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-22 13:04 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-22 13:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-22 13:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-22 13:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-22 13:04 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-22 13:04 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-22 13:04 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-22 13:04 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-22 13:04 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-22 13:04 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-22 13:04 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-22 13:04 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-22 13:04 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-22 13:04 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-22 13:04 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-22 13:04 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-22 13:03 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-22 13:01 - 2015-01-22 13:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-22 11:23 - 2015-01-22 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-20 22:24 - 2015-01-20 22:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-20 22:24 - 2015-01-20 22:24 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-20 22:24 - 2015-01-20 22:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 22:24 - 2015-01-20 22:24 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 22:23 - 2015-01-20 22:26 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-18 17:35 - 2015-01-22 13:07 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Microsoft Games
2015-01-18 17:35 - 2015-01-18 17:35 - 00000000 ____D () C:\ProgramData\Microsoft Games
2015-01-18 16:54 - 2015-01-18 16:54 - 00000000 ____D () C:\ProgramData\Trymedia
2015-01-17 18:49 - 2015-01-17 18:54 - 00000000 ____D () C:\XIII
2015-01-17 15:14 - 2015-01-17 18:48 - 2042529388 _____ () C:\Users\Jaro\Downloads\XIII-+-Čeština-(no-install).rar
2015-01-17 11:53 - 2015-01-17 12:51 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
2015-01-17 11:51 - 2014-11-26 12:30 - 00000000 ____D () C:\Users\Jaro\Downloads\Roads Of Rome Game Collection
2015-01-16 20:43 - 2015-01-16 20:44 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Roads Of Rome
2015-01-16 20:42 - 2015-01-16 20:42 - 00002021 _____ () C:\Users\Jaro\Desktop\Roads of Rome.lnk
2015-01-16 20:42 - 2015-01-16 20:42 - 00000000 ____D () C:\Program Files\Games
2015-01-16 16:24 - 2015-01-16 16:24 - 00001962 _____ () C:\Users\Public\Desktop\X-COM - Apocalypse CZ.lnk
2015-01-16 16:24 - 2015-01-16 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-COM - Apocalypse CZ
2015-01-16 16:22 - 2015-01-16 16:24 - 00000000 ____D () C:\Program Files\X-COM-Apocalypse CZ
2015-01-16 16:21 - 2012-11-04 22:00 - 404489095 _____ () C:\Users\Jaro\Downloads\X-COM-Apocalypse-CZ-Setup.exe
2015-01-16 14:20 - 2015-01-16 14:46 - 00000000 ____D () C:\Diablo
2015-01-16 14:20 - 2015-01-16 14:20 - 00086528 _____ () C:\Windows\bnetunin.exe
2015-01-16 14:20 - 2015-01-16 14:20 - 00061440 _____ () C:\Windows\diabunin.exe
2015-01-16 14:20 - 2015-01-16 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
2015-01-16 14:14 - 2015-01-16 14:18 - 644628480 _____ () C:\Users\Jaro\Downloads\Diablo.iso
2015-01-14 15:03 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 15:03 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:02 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:02 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:02 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:02 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 20:25 - 2009-07-14 05:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 20:25 - 2009-07-14 05:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 20:19 - 2014-06-28 10:11 - 01815253 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 19:46 - 2014-06-28 10:22 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 19:44 - 2014-11-09 15:34 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 17:46 - 2014-11-17 19:50 - 00000000 ____D () C:\Users\Jaro\AppData\Local\Battle.net
2015-02-11 16:34 - 2014-06-28 10:22 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 16:34 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 16:34 - 2009-07-14 05:39 - 00043254 _____ () C:\Windows\setupact.log
2015-02-10 18:11 - 2014-11-17 19:54 - 00000000 ____D () C:\Program Files\Hearthstone
2015-02-06 20:02 - 2014-06-28 10:23 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 13:40 - 2014-11-17 19:50 - 00000000 ____D () C:\Program Files\Battle.net
2015-02-05 19:29 - 2014-11-09 15:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 19:29 - 2014-11-09 15:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 09:10 - 2009-07-14 05:33 - 00271040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-22 13:07 - 2014-08-24 09:46 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-22 13:06 - 2014-06-28 10:22 - 00058592 _____ () C:\Users\Jaro\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-22 12:47 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-20 22:25 - 2014-11-09 15:34 - 00000000 ____D () C:\Users\Jaro\AppData\Local\Adobe
2015-01-20 22:25 - 2014-06-29 11:36 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Adobe
2015-01-20 17:39 - 2014-12-07 15:27 - 00000000 ____D () C:\Program Files\GameforgeLive
2015-01-18 10:27 - 2010-11-20 22:48 - 00474264 _____ () C:\Windows\PFRO.log
2015-01-17 17:23 - 2014-12-08 19:04 - 00000000 ____D () C:\Temp
2015-01-14 22:27 - 2014-06-29 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:21 - 2014-06-29 09:29 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\AtStart.txt
2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\DSwitch.txt
2014-06-29 15:33 - 2014-06-29 15:33 - 0000092 _____ () C:\Users\Jaro\AppData\Local\fusioncache.dat
2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\QSwitch.txt
2014-12-31 22:22 - 2014-12-31 22:22 - 0006441 _____ () C:\Users\Jaro\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Jaro\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Jaro\AppData\Local\Temp\comver.dll
C:\Users\Jaro\AppData\Local\Temp\EBU7580.EXE
C:\Users\Jaro\AppData\Local\Temp\EBU78AB.DLL
C:\Users\Jaro\AppData\Local\Temp\hcuninstaller_20140629_214822_968.exe
C:\Users\Jaro\AppData\Local\Temp\MGS4B92.exe
C:\Users\Jaro\AppData\Local\Temp\MGS6C8A.dll
C:\Users\Jaro\AppData\Local\Temp\nscFCA8.tmp.exe
C:\Users\Jaro\AppData\Local\Temp\safeguard.exe
C:\Users\Jaro\AppData\Local\Temp\SIntf16.dll
C:\Users\Jaro\AppData\Local\Temp\SIntf32.dll
C:\Users\Jaro\AppData\Local\Temp\SIntfNT.dll
C:\Users\Jaro\AppData\Local\Temp\war3_Install.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jaro\Desktop" je 7370 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Podvodný odkaz na BWIN (prosím o radu)

#4 Příspěvek od Rudy »

Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Jaroo
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 11 úno 2015 14:25

Re: Podvodný odkaz na BWIN (prosím o radu)

#5 Příspěvek od Jaroo »

# AdwCleaner v4.110 - Logfile created 11/02/2015 at 22:25:10
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Jaro - JARO-PC
# Running from : C:\Users\Jaro\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : TBSrv

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tbccint
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\Tbccint
Folder Deleted : C:\Users\Jaro\AppData\Local\Temp\BS_Player_ControlBar_B
Folder Deleted : C:\Users\Jaro\AppData\Local\Tbccint
Folder Deleted : C:\Users\Jaro\AppData\LocalLow\Tbccint
Folder Deleted : C:\Users\Jaro\AppData\LocalLow\BS_Player_ControlBar_B
File Deleted : C:\END

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3329621
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Tbccint
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar_B
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v40.0.2214.111


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [2863 bytes] - [11/02/2015 22:21:43]
AdwCleaner[S0].txt - [2850 bytes] - [11/02/2015 22:25:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2909 bytes] ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Podvodný odkaz na BWIN (prosím o radu)

#6 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Jaroo
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 11 úno 2015 14:25

Re: Podvodný odkaz na BWIN (prosím o radu)

#7 Příspěvek od Jaroo »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by Jaro (administrator) on JARO-PC on 11-02-2015 22:45:16
Running from C:\Users\Jaro\Desktop
Loaded Profiles: Jaro (Available profiles: Jaro)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Akamai Technologies, Inc.) C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jaro\Desktop\FRSTLauncher.exe
Failed to access process -> dllhost.exe
Failed to access process -> dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\MountPoints2: {b1b82b0f-fea3-11e3-864c-806e6f6e6963} - D:\autoplay.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2724695079-2630873064-2132910098-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jaro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Disk Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-28]
CHR Extension: (YouTube) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-28]
CHR Extension: (Peněženka Google) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-28]
CHR Extension: (Gmail) - C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-15] ()
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:45 - 2015-02-11 22:45 - 00008769 _____ () C:\Users\Jaro\Desktop\FRST.txt
2015-02-11 22:21 - 2015-02-11 22:25 - 00000000 ____D () C:\AdwCleaner
2015-02-11 22:20 - 2015-02-11 22:20 - 02112512 _____ () C:\Users\Jaro\Desktop\adwcleaner_4.110.exe
2015-02-11 20:30 - 2015-02-11 22:45 - 00000000 ____D () C:\FRST
2015-02-11 20:29 - 2015-02-11 20:29 - 00112640 _____ (forum.viry.cz) C:\Users\Jaro\Desktop\FRSTLauncher.exe
2015-02-11 20:24 - 2015-02-11 20:25 - 01125376 _____ (Farbar) C:\Users\Jaro\Desktop\FRST.exe
2015-01-25 00:20 - 2015-01-25 00:20 - 00287646 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-01-23 21:54 - 2015-01-23 21:55 - 00292330 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-01-23 21:54 - 2015-01-23 21:54 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-23 12:19 - 2015-02-06 13:39 - 00000000 ____D () C:\Users\Jaro\Desktop\knihy
2015-01-22 13:07 - 2015-01-22 13:07 - 00000000 ____D () C:\Users\Jaro\Documents\My Games
2015-01-22 13:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-22 13:06 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-22 13:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-22 13:06 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-22 13:06 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-22 13:05 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-22 13:05 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-22 13:05 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-22 13:05 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-22 13:05 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-22 13:05 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-22 13:05 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-22 13:05 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-22 13:05 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-22 13:05 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-22 13:05 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-22 13:05 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-22 13:05 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-22 13:05 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-22 13:05 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-22 13:05 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-22 13:05 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-22 13:05 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-22 13:05 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-22 13:05 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-22 13:05 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-22 13:05 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-22 13:05 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-22 13:05 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-22 13:05 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-22 13:05 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-22 13:05 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-22 13:05 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-22 13:05 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-22 13:05 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-22 13:05 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-22 13:05 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-22 13:05 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-22 13:05 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-22 13:05 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-22 13:05 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-22 13:05 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-22 13:05 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-22 13:05 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-22 13:05 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-22 13:05 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-22 13:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-22 13:04 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-22 13:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-22 13:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-22 13:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-22 13:04 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-22 13:04 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-22 13:04 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-22 13:04 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-22 13:04 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-22 13:04 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-22 13:04 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-22 13:04 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-22 13:04 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-22 13:04 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-22 13:04 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-22 13:04 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-22 13:03 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-22 13:01 - 2015-01-22 13:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-22 11:23 - 2015-01-22 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-01-20 22:24 - 2015-01-20 22:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-20 22:24 - 2015-01-20 22:24 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-20 22:24 - 2015-01-20 22:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 22:24 - 2015-01-20 22:24 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 22:23 - 2015-01-20 22:26 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-18 17:35 - 2015-01-22 13:07 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Microsoft Games
2015-01-18 17:35 - 2015-01-18 17:35 - 00000000 ____D () C:\ProgramData\Microsoft Games
2015-01-17 18:49 - 2015-01-17 18:54 - 00000000 ____D () C:\XIII
2015-01-17 15:14 - 2015-01-17 18:48 - 2042529388 _____ () C:\Users\Jaro\Downloads\XIII-+-Čeština-(no-install).rar
2015-01-17 11:53 - 2015-01-17 12:51 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
2015-01-17 11:51 - 2014-11-26 12:30 - 00000000 ____D () C:\Users\Jaro\Downloads\Roads Of Rome Game Collection
2015-01-16 20:43 - 2015-01-16 20:44 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Roads Of Rome
2015-01-16 20:42 - 2015-01-16 20:42 - 00002021 _____ () C:\Users\Jaro\Desktop\Roads of Rome.lnk
2015-01-16 20:42 - 2015-01-16 20:42 - 00000000 ____D () C:\Program Files\Games
2015-01-16 16:24 - 2015-01-16 16:24 - 00001962 _____ () C:\Users\Public\Desktop\X-COM - Apocalypse CZ.lnk
2015-01-16 16:24 - 2015-01-16 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-COM - Apocalypse CZ
2015-01-16 16:22 - 2015-01-16 16:24 - 00000000 ____D () C:\Program Files\X-COM-Apocalypse CZ
2015-01-16 16:21 - 2012-11-04 22:00 - 404489095 _____ () C:\Users\Jaro\Downloads\X-COM-Apocalypse-CZ-Setup.exe
2015-01-16 14:20 - 2015-01-16 14:46 - 00000000 ____D () C:\Diablo
2015-01-16 14:20 - 2015-01-16 14:20 - 00086528 _____ () C:\Windows\bnetunin.exe
2015-01-16 14:20 - 2015-01-16 14:20 - 00061440 _____ () C:\Windows\diabunin.exe
2015-01-16 14:20 - 2015-01-16 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
2015-01-16 14:14 - 2015-01-16 14:18 - 644628480 _____ () C:\Users\Jaro\Downloads\Diablo.iso
2015-01-14 15:03 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 15:03 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:02 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:02 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:02 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:02 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:46 - 2014-06-28 10:22 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 22:44 - 2014-11-09 15:34 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 22:34 - 2009-07-14 05:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 22:34 - 2009-07-14 05:34 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 22:30 - 2014-06-28 10:11 - 01828386 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 22:26 - 2014-06-28 10:22 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 22:26 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 22:26 - 2009-07-14 05:39 - 00043310 _____ () C:\Windows\setupact.log
2015-02-11 17:46 - 2014-11-17 19:50 - 00000000 ____D () C:\Users\Jaro\AppData\Local\Battle.net
2015-02-10 18:11 - 2014-11-17 19:54 - 00000000 ____D () C:\Program Files\Hearthstone
2015-02-06 20:02 - 2014-06-28 10:23 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-06 13:40 - 2014-11-17 19:50 - 00000000 ____D () C:\Program Files\Battle.net
2015-02-05 19:29 - 2014-11-09 15:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 19:29 - 2014-11-09 15:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 09:10 - 2009-07-14 05:33 - 00271040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-22 13:07 - 2014-08-24 09:46 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-22 13:06 - 2014-06-28 10:22 - 00058592 _____ () C:\Users\Jaro\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-22 12:47 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-01-20 22:25 - 2014-11-09 15:34 - 00000000 ____D () C:\Users\Jaro\AppData\Local\Adobe
2015-01-20 22:25 - 2014-06-29 11:36 - 00000000 ____D () C:\Users\Jaro\AppData\Roaming\Adobe
2015-01-20 17:39 - 2014-12-07 15:27 - 00000000 ____D () C:\Program Files\GameforgeLive
2015-01-18 10:27 - 2010-11-20 22:48 - 00474264 _____ () C:\Windows\PFRO.log
2015-01-17 17:23 - 2014-12-08 19:04 - 00000000 ____D () C:\Temp
2015-01-14 22:27 - 2014-06-29 09:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:21 - 2014-06-29 09:29 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\AtStart.txt
2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\DSwitch.txt
2014-06-29 15:33 - 2014-06-29 15:33 - 0000092 _____ () C:\Users\Jaro\AppData\Local\fusioncache.dat
2014-06-29 11:37 - 2014-06-29 11:37 - 0000000 _____ () C:\Users\Jaro\AppData\Local\QSwitch.txt
2014-12-31 22:22 - 2014-12-31 22:22 - 0006441 _____ () C:\Users\Jaro\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Jaro\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Jaro\AppData\Local\Temp\comver.dll
C:\Users\Jaro\AppData\Local\Temp\EBU7580.EXE
C:\Users\Jaro\AppData\Local\Temp\EBU78AB.DLL
C:\Users\Jaro\AppData\Local\Temp\hcuninstaller_20140629_214822_968.exe
C:\Users\Jaro\AppData\Local\Temp\MGS4B92.exe
C:\Users\Jaro\AppData\Local\Temp\MGS6C8A.dll
C:\Users\Jaro\AppData\Local\Temp\nscFCA8.tmp.exe
C:\Users\Jaro\AppData\Local\Temp\Quarantine.exe
C:\Users\Jaro\AppData\Local\Temp\safeguard.exe
C:\Users\Jaro\AppData\Local\Temp\SIntf16.dll
C:\Users\Jaro\AppData\Local\Temp\SIntf32.dll
C:\Users\Jaro\AppData\Local\Temp\SIntfNT.dll
C:\Users\Jaro\AppData\Local\Temp\sqlite3.dll
C:\Users\Jaro\AppData\Local\Temp\war3_Install.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jaro\Desktop" je 7372 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Podvodný odkaz na BWIN (prosím o radu)

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\MountPoints2: {b1b82b0f-fea3-11e3-864c-806e6f6e6963} - D:\autoplay.exe
C:\Users\Jaro\AppData\Local\Akamai
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Jaro\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Jaroo
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 11 úno 2015 14:25

Re: Podvodný odkaz na BWIN (prosím o radu)

#9 Příspěvek od Jaroo »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-02-2015 02
Ran by Jaro at 2015-02-12 22:01:27 Run:1
Running from C:\Users\Jaro\Desktop
Loaded Profiles: Jaro (Available profiles: Jaro)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\...\MountPoints2: {b1b82b0f-fea3-11e3-864c-806e6f6e6963} - D:\autoplay.exe
C:\Users\Jaro\AppData\Local\Akamai
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2724695079-2630873064-2132910098-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Jaro\AppData\Local\Temp
End
*****************

HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully.
"HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1b82b0f-fea3-11e3-864c-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{b1b82b0f-fea3-11e3-864c-806e6f6e6963} => Key not found.

"C:\Users\Jaro\AppData\Local\Akamai" directory move:

C:\Users\Jaro\AppData\Local\Akamai\admintool.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\client.ini => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\ControlPanel.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\CplTasks.xml => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\euc_state.json => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\extraroot.pem => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\guid.ini => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\installer.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\installer_no_upload_silent.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\netsession_installer.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\netsession_win.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\readme.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\root.pem => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\rswinui.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\uninstall.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\user.dat => Moved successfully.
Could not move "C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log" => Scheduled to move on reboot.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150205_211421.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150206_122842.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150206_225206.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150207_095031.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150207_211314.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150208_084013.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150208_214706.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150209_151633.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150209_213255.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150210_153425.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150210_221435.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150211_153458.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150211_212708.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150211_221858.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log.150212_152640.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon1.debug.log => Moved successfully.
Could not move "C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log" => Scheduled to move on reboot.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150205_211420.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_122905.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_132905.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_142906.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_152907.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_162908.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_172908.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_185556.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_205048.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_215049.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_225049.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150206_225205.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_095052.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_105053.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_115053.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_125054.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_135055.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_145055.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_155056.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_171129.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_181130.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_201237.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_211237.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150207_211313.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_084027.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_094028.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_104028.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_114029.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_124030.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_134031.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_144031.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_154031.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_164032.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_174033.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_184033.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_194033.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_204034.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_214034.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150208_214705.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_151655.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_161656.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_171657.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_181658.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_191658.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_205427.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150209_213255.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_153432.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_163432.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_173432.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_183433.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_193433.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_203433.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_213434.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150210_221435.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_153505.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_163506.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_173506.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_183506.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_193507.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_211922.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_212716.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150211_221856.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_152647.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_162647.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_172647.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_182648.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_192649.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log.150212_202649.sent => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\chs.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\cht.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\csy.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\dan.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\deu.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\esp.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\fin.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\fra.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\ita.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\jpn.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\kor.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\nld.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\nor.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\plk.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\ptb.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\ptg.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\rus.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\sve.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Languages\trk.dll => Moved successfully.
Could not move "C:\Users\Jaro\AppData\Local\Akamai" directory. => Scheduled to move on reboot.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2724695079-2630873064-2132910098-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

"C:\Users\Jaro\AppData\Local\Temp" directory move:

C:\Users\Jaro\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\AdobeSFX.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\adwcleaner.db => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\ASPNETSetup.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\ASPNETSetup_00000.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CFG33B2.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CFG5E06.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\chrome_installer.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CmdLineExt02.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\comver.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_NDP451-KB2858725-x86-x64-CSY_decompression_log.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_vcredistMSI08AD.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_vcredistUI08AD.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_vcredist_x86_20150122130050.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_vcredist_x86_20150122130050_0_vcRuntimeMinimum_x86.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dd_vcredist_x86_20150122130050_1_vcRuntimeAdditional_x86.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\DelUS.bat => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\DMI5B49.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\dotNetFx.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\EBU7580.EXE => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\EBU78AB.DLL => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\etilqs_5Qju8xbq4vE0d66 => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\etilqs_JjQSzkabp4WVi85 => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\etilqs_THbSVlErEWjz2L7 => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\etilqs_tzNeSUoYjbU88fQ => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Jaro\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Jaro\AppData\Local\Temp\GLF1BF0.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\hcuninstaller_20140629_214822_968.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Jaro.bmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\MGS4B92.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\MGS6C8A.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft .NET Framework 4.5.1 (CSY) Setup_20140827_215615475-MSI_netfx_FullLP_GDR_x86.msi.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft .NET Framework 4.5.1 (CSY) Setup_20140827_215615475.html => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20140629_163610610-MSI_vc_red.msi.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20140629_163610610.html => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20140629_175218706-MSI_vc_red.msi.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20140629_175218706.html => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20141207_152802172.html => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\netfxsl.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\netfxupdate.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsbDEAB.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nscFCA8.tmp.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nslCE26.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsp2CD8.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsq5908.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsv86C9.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsvD3B1.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\PCWDF6.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\PCWDF6.xml => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\RGI3E7.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\RGI3E7.tmp-tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\safeguard.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Setup Log 2014-08-29 #001.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\SIntf16.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\SIntf32.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\SIntfIcn.ani => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\SIntfNT.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\start.html => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\v3init2.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\war3_Install.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\~2224.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\~36E8.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\{30500a81-e2bf-3102-fabc-cc6dc6625b4b}\mcdbus.inf => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\{30500a81-e2bf-3102-fabc-cc6dc6625b4b}\mcdbus.sys => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\VSDFF86.tmp\install.log => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\tmp94580.WMC\serviceinfo.xml => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\tmp90721.WMC\allservices.xml => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsw4B85.tmp\InstallOptions.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsw4B85.tmp\ioSpecial.ini => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsw4B85.tmp\modern-header.bmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsw4B85.tmp\modern-wizard.bmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\InstallOptions.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\ioSpecial.ini => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\LangDLL.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\modern-header.bmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\modern-wizard.bmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\StartMenu.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\nsuA4F9.tmp\System.dll => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\26491793926104318.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\310392240126086721.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\316989118526109419.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\341192417326099638.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\391873161026097454.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\Low\403815946626086721.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\is-7TR32.tmp\diablo_hellfire.tmp => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\d685ef53-1b0d-46c1-b619-53d5f102fd20\bsplayer.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\chromeid.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\ctbe.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\ddt.csf => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\ieLogic.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\setup.ini.txt => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\CT3329621\statisticsStub.exe => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\avastBCLTMP\{31264a33-a653-46c4-af49-1232c59a7da5}.zip => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\avastBCLTMP\chrome\Default\Web Data => Moved successfully.
C:\Users\Jaro\AppData\Local\Temp\0\ddt.csf => Moved successfully.
Could not move "C:\Users\Jaro\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-12 22:04:10)<=

C:\Users\Jaro\AppData\Local\Akamai\Logs\daemon.debug.log => Is moved successfully.
C:\Users\Jaro\AppData\Local\Akamai\Logs\debug.log => Is moved successfully.
C:\Users\Jaro\AppData\Local\Akamai => Is moved successfully.
C:\Users\Jaro\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Jaro\AppData\Local\Temp => Moved successfully.

==== End of Fixlog 22:04:10 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Podvodný odkaz na BWIN (prosím o radu)

#10 Příspěvek od Rudy »

Vše smazáno, PC by již měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Jaroo
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 11 úno 2015 14:25

Re: Podvodný odkaz na BWIN (prosím o radu)

#11 Příspěvek od Jaroo »

moc děkuji :)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Podvodný odkaz na BWIN (prosím o radu)

#12 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno