istarsurf v mozzile

Zpráva

Saturas · #1 Příspěvek od **Saturas** » 24 úno 2015 15:25

Dobrý den,
mám ještě jeden problem s jednou nepříjemností na jiném PC.
Při každém zapnutí Mozzily se místo domovské stránky objeví tato adresa http://www.istartsurf.com/
A i přes adblok vyskakuje spousta různých reklam na různorodé hry a prohlížeč padá sam od sebe.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Mamka (administrator) on NOTEBOOK on 24-02-2015 15:16:10
Running from C:\Users\Mamka\Desktop
Loaded Profiles: Mamka (Available profiles: Mamka)
Platform: Windows 8.1 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(Browserella) C:\Program Files (x86)\BrowsrAversion2.5\f886be89-8e70-4e89-bf02-8dac063576db-10.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Browserella) C:\Program Files (x86)\BrowsrAversion2.5\f886be89-8e70-4e89-bf02-8dac063576db-1-6.exe
(PlayMCVenture) C:\Program Files (x86)\Mediaplayersversion2.4\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-10.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(PlayMCVenture) C:\Program Files (x86)\Mediaplayersversion2.4\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-1-6.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
() C:\Users\Mamka\AppData\Local\gmsd_re_120\upgmsd_re_120.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\gmsd_re_120\gmsd_re_120.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Mamka\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [mncqfqwpiSrv] => C:\Windows\SysWOW64\mncqfqwpi.vbe [7670 2014-03-05] ()
HKLM-x32\...\Run: [DApp] => C:\Program Files\PCDApp\start.vbs
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [gmsd_re_120] => C:\Program Files (x86)\gmsd_re_120\gmsd_re_120.exe [3978920 2015-02-23] ()
HKLM-x32\...\RunOnce: [upgmsd_re_120.exe] => C:\Users\Mamka\AppData\Local\gmsd_re_120\upgmsd_re_120.exe [3318952 2015-02-23] ()
HKU\S-1-5-21-3478427585-1692798960-3486473302-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... S_5VH2Z8N9
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... S_5VH2Z8N9
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... S_5VH2Z8N9
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... S_5VH2Z8N9
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKU\S-1-5-21-3478427585-1692798960-3486473302-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
HKU\S-1-5-21-3478427585-1692798960-3486473302-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... S_5VH2Z8N9
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
SearchScopes: HKU\S-1-5-21-3478427585-1692798960-3486473302-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_sour ... earchTerms}
SearchScopes: HKU\S-1-5-21-3478427585-1692798960-3486473302-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_sour ... earchTerms}
SearchScopes: HKU\S-1-5-21-3478427585-1692798960-3486473302-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_sour ... earchTerms}
SearchScopes: HKU\S-1-5-21-3478427585-1692798960-3486473302-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?utm_sour ... earchTerms}
SearchScopes: HKU\S-1-5-21-3478427585-1692798960-3486473302-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_sour ... earchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1 ... S_5VH2Z8N9

FireFox:
========
FF ProfilePath: C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Mediaplayersversion2.4 - C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-24]
FF Extension: Adblock Plus - C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\s4la025x.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\s4la025x.default\extensions\faststartff@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1 ... S_5VH2Z8N9

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jobpmpbglkjlihkjofbljhomfhkkhppk] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha6472\ch\TrustMediaViewerV1alpha6472.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-06-08] (Macrovision Europe Ltd.) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-23] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-23] (globalUpdate) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-24] (Enigma Software Group USA, LLC.)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-23] (SysTool PasSame LIMITED)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-24] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 15:16 - 2015-02-24 15:16 - 00014793 _____ () C:\Users\Mamka\Desktop\FRST.txt
2015-02-24 15:16 - 2015-02-24 15:16 - 00000000 ____D () C:\FRST
2015-02-24 15:15 - 2015-02-24 15:15 - 02087424 _____ (Farbar) C:\Users\Mamka\Desktop\FRST64.exe
2015-02-24 15:15 - 2015-02-24 15:15 - 00112640 _____ (forum.viry.cz) C:\Users\Mamka\Desktop\FRSTLauncher.exe
2015-02-24 14:50 - 2015-02-24 14:50 - 00000000 _____ () C:\autoexec.bat
2015-02-24 14:49 - 2015-02-24 14:49 - 00003326 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-02-24 14:49 - 2015-02-24 14:49 - 00001103 _____ () C:\Users\Mamka\Desktop\SpyHunter.lnk
2015-02-24 14:49 - 2015-02-24 14:49 - 00000000 ____D () C:\Users\Mamka\AppData\Roaming\Enigma Software Group
2015-02-24 14:49 - 2015-02-24 14:49 - 00000000 ____D () C:\sh4ldr
2015-02-24 14:48 - 2015-02-24 14:48 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-24 14:48 - 2015-02-24 14:48 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-24 14:47 - 2015-02-24 14:47 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Mamka\Desktop\SpyHunter-installer.exe
2015-02-24 14:38 - 2015-02-24 14:38 - 00000000 ____D () C:\Users\Mamka\Desktop\Původní data aplikace Firefox
2015-02-24 12:48 - 2015-02-24 14:41 - 00000348 _____ () C:\Windows\setupact.log
2015-02-24 12:48 - 2015-02-24 14:34 - 00001634 _____ () C:\Windows\PFRO.log
2015-02-24 12:48 - 2015-02-24 12:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-23 20:51 - 2015-02-24 14:51 - 00004504 _____ () C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-4.job
2015-02-23 20:51 - 2015-02-24 14:51 - 00003484 _____ () C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-1-7.job
2015-02-23 20:51 - 2015-02-24 14:51 - 00003148 _____ () C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-1-6.job
2015-02-23 20:51 - 2015-02-24 14:51 - 00002456 _____ () C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-5_user.job
2015-02-23 20:51 - 2015-02-24 14:51 - 00002456 _____ () C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-5.job
2015-02-23 20:51 - 2015-02-24 14:41 - 00001356 _____ () C:\Windows\Tasks\NOHNQG.job
2015-02-23 20:51 - 2015-02-24 14:41 - 00001354 _____ () C:\Windows\Tasks\VUXCG.job
2015-02-23 20:51 - 2015-02-23 20:51 - 01973200 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\VUXCG.exe
2015-02-23 20:51 - 2015-02-23 20:51 - 01488336 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\NOHNQG.exe
2015-02-23 20:51 - 2015-02-23 20:51 - 00007508 _____ () C:\Windows\System32\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-4
2015-02-23 20:51 - 2015-02-23 20:51 - 00006488 _____ () C:\Windows\System32\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-1-7
2015-02-23 20:51 - 2015-02-23 20:51 - 00006152 _____ () C:\Windows\System32\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-1-6
2015-02-23 20:51 - 2015-02-23 20:51 - 00005460 _____ () C:\Windows\System32\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-5
2015-02-23 20:51 - 2015-02-23 20:51 - 00004364 _____ () C:\Windows\System32\Tasks\NOHNQG
2015-02-23 20:51 - 2015-02-23 20:51 - 00004360 _____ () C:\Windows\System32\Tasks\VUXCG
2015-02-23 20:50 - 2015-02-24 14:56 - 00000956 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-23 20:50 - 2015-02-24 14:55 - 00004514 _____ () C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-4.job
2015-02-23 20:50 - 2015-02-24 14:52 - 00001348 _____ () C:\Windows\Tasks\FQ.job
2015-02-23 20:50 - 2015-02-24 14:51 - 00002122 _____ () C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-10_user.job
2015-02-23 20:50 - 2015-02-24 14:50 - 00003494 _____ () C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-1-7.job
2015-02-23 20:50 - 2015-02-24 14:50 - 00003158 _____ () C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-1-6.job
2015-02-23 20:50 - 2015-02-24 14:50 - 00002810 _____ () C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-5_user.job
2015-02-23 20:50 - 2015-02-24 14:50 - 00002810 _____ () C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-5.job
2015-02-23 20:50 - 2015-02-24 14:50 - 00002132 _____ () C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-10_user.job
2015-02-23 20:50 - 2015-02-24 14:41 - 00001702 _____ () C:\Windows\Tasks\EDKNSFK.job
2015-02-23 20:50 - 2015-02-24 14:41 - 00000952 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-23 20:50 - 2015-02-23 20:51 - 00003928 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-02-23 20:50 - 2015-02-23 20:51 - 00003692 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-02-23 20:50 - 2015-02-23 20:51 - 00000000 ____D () C:\Program Files (x86)\BrowsrAversion2.5
2015-02-23 20:50 - 2015-02-23 20:50 - 01973200 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe
2015-02-23 20:50 - 2015-02-23 20:50 - 01488336 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\FQ.exe
2015-02-23 20:50 - 2015-02-23 20:50 - 00007518 _____ () C:\Windows\System32\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-4
2015-02-23 20:50 - 2015-02-23 20:50 - 00006498 _____ () C:\Windows\System32\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-1-7
2015-02-23 20:50 - 2015-02-23 20:50 - 00006162 _____ () C:\Windows\System32\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-1-6
2015-02-23 20:50 - 2015-02-23 20:50 - 00005814 _____ () C:\Windows\System32\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-5
2015-02-23 20:50 - 2015-02-23 20:50 - 00004708 _____ () C:\Windows\System32\Tasks\EDKNSFK
2015-02-23 20:50 - 2015-02-23 20:50 - 00004352 _____ () C:\Windows\System32\Tasks\FQ
2015-02-23 20:50 - 2015-02-23 20:50 - 00000000 ____D () C:\Program Files (x86)\Mediaplayersversion2.4
2015-02-23 20:48 - 2015-02-23 20:48 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-02-23 20:48 - 2015-02-23 20:48 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-02-23 20:45 - 2015-02-23 20:45 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-02-23 20:44 - 2015-02-23 20:44 - 00004014 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-02-23 20:44 - 2015-02-23 20:44 - 00000000 ____D () C:\Users\Mamka\AppData\Roaming\istartsurf
2015-02-23 20:41 - 2015-02-24 14:41 - 00000000 ____D () C:\Users\Mamka\AppData\Local\gmsd_re_120
2015-02-23 20:41 - 2015-02-23 20:41 - 00000000 ____D () C:\Program Files (x86)\gmsd_re_120
2015-02-23 20:40 - 2015-02-23 20:40 - 00203216 _____ () C:\Users\Mamka\Desktop\27c0a3.exe
2015-02-12 21:09 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 19:16 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:16 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:16 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 19:16 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 19:16 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:16 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:16 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:16 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 19:16 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:16 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:16 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 19:16 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:16 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:16 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:16 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:16 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:15 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 19:15 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 19:15 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 19:15 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 19:15 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 19:15 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 19:15 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 19:15 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 19:15 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 19:15 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 19:15 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 19:15 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 19:15 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 19:15 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:15 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 19:15 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 19:15 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:15 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:15 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 19:15 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 19:15 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 19:15 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 19:15 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 19:15 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 19:15 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 19:15 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 19:14 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 19:14 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 19:14 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 19:14 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 19:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 19:14 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 19:14 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 19:14 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 19:14 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 19:14 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 19:14 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 19:14 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 19:14 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 19:14 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 19:14 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 19:14 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 19:14 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 19:14 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 19:14 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 19:14 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 19:14 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 19:14 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:14 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-26 22:52 - 2015-01-26 22:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Mamka\AppData\Roaming\NOHNQG
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Mamka\AppData\Roaming\FQ
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Mamka\AppData\Roaming\VUXCG
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Mamka\AppData\Roaming\EDKNSFK

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 15:06 - 2014-05-05 10:58 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-24 14:53 - 2014-05-03 12:54 - 01109830 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 14:49 - 2014-05-03 12:54 - 00000000 ____D () C:\Users\Mamka
2015-02-24 14:46 - 2014-05-03 13:00 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3478427585-1692798960-3486473302-1001
2015-02-24 14:46 - 2014-05-03 12:56 - 00005478 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 14:46 - 2013-08-22 23:08 - 08142222 _____ () C:\Windows\system32\perfh005.dat
2015-02-24 14:46 - 2013-08-22 23:08 - 02539324 _____ () C:\Windows\system32\perfc005.dat
2015-02-24 14:44 - 2014-05-20 20:37 - 00000003 _____ () C:\Users\Mamka\stut
2015-02-24 14:42 - 2014-05-03 13:02 - 00165659 _____ () C:\MyXML.xml
2015-02-24 14:41 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 20:50 - 2014-06-03 05:38 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-02-23 20:44 - 2014-05-03 16:16 - 00001343 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-23 20:44 - 2014-05-03 16:16 - 00001331 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-23 20:44 - 2014-05-03 12:54 - 00001606 _____ () C:\Users\Mamka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-23 20:37 - 2014-05-03 13:47 - 00000000 ____D () C:\Windows\Panther
2015-02-20 14:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-13 22:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-12 21:52 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 20:59 - 2013-08-22 15:44 - 00409912 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:18 - 2014-05-03 16:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 20:14 - 2014-05-03 16:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:10 - 2014-05-03 16:06 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 20:32 - 2014-06-16 15:09 - 00003950 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 20:32 - 2014-06-16 15:09 - 00003714 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 20:32 - 2014-06-16 15:09 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 20:32 - 2014-06-16 15:09 - 00000974 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 21:06 - 2014-05-05 10:58 - 00003802 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-27 19:16 - 2014-05-03 16:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Mamka\AppData\Roaming\EDKNSFK
2015-02-23 20:50 - 2015-02-23 20:50 - 1973200 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Mamka\AppData\Roaming\FQ
2015-02-23 20:50 - 2015-02-23 20:50 - 1488336 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\FQ.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Mamka\AppData\Roaming\NOHNQG
2015-02-23 20:51 - 2015-02-23 20:51 - 1488336 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\NOHNQG.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Mamka\AppData\Roaming\VUXCG
2015-02-23 20:51 - 2015-02-23 20:51 - 1973200 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\VUXCG.exe
2014-09-20 17:46 - 2014-09-20 17:46 - 0000000 _____ () C:\Users\Mamka\AppData\Local\{152B27F8-1CFD-4993-9854-7E12758BE91E}
2014-10-17 11:17 - 2014-10-17 11:17 - 0000000 _____ () C:\Users\Mamka\AppData\Local\{C13D6DB1-D696-45B2-98C4-CECC1ADEEF23}

Some content of TEMP:
====================
C:\Users\Mamka\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mamka\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-17 23:09

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:297.75 GB) (Free:261.81 GB) NTFS

Available physical RAM: 2182.86 MB
Total physical RAM: 3834.9 MB
Percentage of memory in use: 43%

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-1-6.job => C:\Program Files (x86)\Mediaplayersversion2.4\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-1-7.job => C:\Program Files (x86)\Mediaplayersversion2.4\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-10_user.job => C:\Program Files (x86)\Mediaplayersversion2.4\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-4.job => C:\Program Files (x86)\Mediaplayersversion2.4\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-5.job => C:\Program Files (x86)\Mediaplayersversion2.4\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-5_user.job => C:\Program Files (x86)\Mediaplayersversion2.4\9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EDKNSFK.job => C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe <==== ATTENTION
Task: C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-1-6.job => C:\Program Files (x86)\BrowsrAversion2.5\f886be89-8e70-4e89-bf02-8dac063576db-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-1-7.job => C:\Program Files (x86)\BrowsrAversion2.5\f886be89-8e70-4e89-bf02-8dac063576db-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-10_user.job => C:\Program Files (x86)\BrowsrAversion2.5\f886be89-8e70-4e89-bf02-8dac063576db-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-4.job => C:\Program Files (x86)\BrowsrAversion2.5\f886be89-8e70-4e89-bf02-8dac063576db-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-5.job => C:\Program Files (x86)\BrowsrAversion2.5\f886be89-8e70-4e89-bf02-8dac063576db-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\f886be89-8e70-4e89-bf02-8dac063576db-5_user.job => C:\Program Files (x86)\BrowsrAversion2.5\f886be89-8e70-4e89-bf02-8dac063576db-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\FQ.job => C:\Users\Mamka\AppData\Roaming\FQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NOHNQG.job => C:\Users\Mamka\AppData\Roaming\NOHNQG.exe <==== ATTENTION
Task: C:\Windows\Tasks\VUXCG.job => C:\Users\Mamka\AppData\Roaming\VUXCG.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Mamka\Desktop" je 7570 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **altrok** » 24 úno 2015 16:09

Zdravim

Odinstalujte SpyHunter - odmita ucast na srovnavacich testech antimalwarovych nastroju a nektere zdroje ho radi mezi tzv. rogueware. Zkratka jeho cinnost i ucinnost je velice diskutabilni.

Ty BitCoiny tezite schvalne?

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Cleaning
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Saturas · #3 Příspěvek od **Saturas** » 24 úno 2015 20:17

# AdwCleaner v4.111 - Logfile created 24/02/2015 at 20:14:14
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Mamka - NOTEBOOK
# Running from : C:\Users\Mamka\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : WindowsMangerProtect
Service Deleted : IHProtect Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Zrychleni Pocitace
Folder Deleted : C:\Program Files (x86)\XTab
Folder Deleted : C:\Program Files (x86)\BrowsrAversion2.5
Folder Deleted : C:\Program Files (x86)\gmsd_re_120
Folder Deleted : C:\Program Files\PCDApp
Folder Deleted : C:\Users\Mamka\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Mamka\AppData\Local\gmsd_re_120
Folder Deleted : C:\Users\Mamka\AppData\Roaming\istartsurf
Folder Deleted : C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839\Extensions\NAUPP49116685@MVOEOKE10798312.com
File Deleted : C:\Windows\SysWOW64\hfpapi.dll
File Deleted : C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839\user.js

***** [ Scheduled tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : LaunchSignup
Task Deleted : 9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-1-6
Task Deleted : 9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-1-7
Task Deleted : 9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-10_user
Task Deleted : 9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-4
Task Deleted : 9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-5
Task Deleted : 9b4e74a3-3b4b-4ac5-be5a-8725c85f2bff-5_user
Task Deleted : f886be89-8e70-4e89-bf02-8dac063576db-1-6
Task Deleted : f886be89-8e70-4e89-bf02-8dac063576db-1-7
Task Deleted : f886be89-8e70-4e89-bf02-8dac063576db-10_user
Task Deleted : f886be89-8e70-4e89-bf02-8dac063576db-4
Task Deleted : f886be89-8e70-4e89-bf02-8dac063576db-5
Task Deleted : f886be89-8e70-4e89-bf02-8dac063576db-5_user

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Mamka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Mamka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Mamka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Mamka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_re_120]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99E29823-2F67-41C3-8AA5-6425097A771F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\WajIntEnhance
Key Deleted : HKCU\Software\BrowsrAversion2.5
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\BrowsrAversion2.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowsrAversion2.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_re_120_is1
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v35.0.1 (x86 cs)

[0urkjle5.default-1424785132839\prefs.js] - Line Deleted : user_pref("extensions.aNAUPP49116685MVOEOKE10798312com69917.69917.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...]
[0urkjle5.default-1424785132839\prefs.js] - Line Deleted : user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%[...]
[0urkjle5.default-1424785132839\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14bbbd59cf1b5ecb9de4238da26fe502");

*************************

AdwCleaner[R0].txt - [14781 bytes] - [24/02/2015 20:09:02]
AdwCleaner[S0].txt - [13486 bytes] - [24/02/2015 20:14:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13546 bytes] ##########

#4 Příspěvek od **altrok** » 24 úno 2015 20:40

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pri druhem a kazdem dalsim spusteni FRST je nutne explicitne zatrhnout volbu Addition, aby se Addition.txt vytvoril.

Saturas · #5 Příspěvek od **Saturas** » 24 úno 2015 21:31

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by Mamka (administrator) on NOTEBOOK on 24-02-2015 21:27:02
Running from C:\Users\Mamka\Desktop
Loaded Profiles: Mamka (Available profiles: Mamka)
Platform: Windows 8.1 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(forum.viry.cz) C:\Users\Mamka\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [mncqfqwpiSrv] => C:\Windows\SysWOW64\mncqfqwpi.vbe [7670 2014-03-05] ()
HKLM-x32\...\Run: [DApp] => C:\Program Files\PCDApp\start.vbs
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-3478427585-1692798960-3486473302-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3478427585-1692798960-3486473302-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Mediaplayersversion2.4 - C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-24]
FF Extension: Adblock Plus - C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-24]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jobpmpbglkjlihkjofbljhomfhkkhppk] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha6472\ch\TrustMediaViewerV1alpha6472.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-06-08] (Macrovision Europe Ltd.) [File not signed]
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 21:27 - 2015-02-24 21:27 - 00009245 _____ () C:\Users\Mamka\Desktop\FRST.txt
2015-02-24 20:08 - 2015-02-24 20:14 - 00000000 ____D () C:\AdwCleaner
2015-02-24 19:59 - 2015-02-24 19:59 - 02126848 _____ () C:\Users\Mamka\Desktop\adwcleaner_4.111.exe
2015-02-24 15:16 - 2015-02-24 21:27 - 00000000 ____D () C:\FRST
2015-02-24 15:15 - 2015-02-24 15:15 - 02087424 _____ (Farbar) C:\Users\Mamka\Desktop\FRST64.exe
2015-02-24 15:15 - 2015-02-24 15:15 - 00112640 _____ (forum.viry.cz) C:\Users\Mamka\Desktop\FRSTLauncher.exe
2015-02-24 14:50 - 2015-02-24 14:50 - 00000000 _____ () C:\autoexec.bat
2015-02-24 14:38 - 2015-02-24 14:38 - 00000000 ____D () C:\Users\Mamka\Desktop\Původní data aplikace Firefox
2015-02-24 12:48 - 2015-02-24 20:15 - 00000580 _____ () C:\Windows\setupact.log
2015-02-24 12:48 - 2015-02-24 14:34 - 00001634 _____ () C:\Windows\PFRO.log
2015-02-24 12:48 - 2015-02-24 12:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-23 20:51 - 2015-02-24 20:15 - 00001356 _____ () C:\Windows\Tasks\NOHNQG.job
2015-02-23 20:51 - 2015-02-24 20:15 - 00001354 _____ () C:\Windows\Tasks\VUXCG.job
2015-02-23 20:51 - 2015-02-23 20:51 - 01973200 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\VUXCG.exe
2015-02-23 20:51 - 2015-02-23 20:51 - 01488336 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\NOHNQG.exe
2015-02-23 20:51 - 2015-02-23 20:51 - 00004364 _____ () C:\Windows\System32\Tasks\NOHNQG
2015-02-23 20:51 - 2015-02-23 20:51 - 00004360 _____ () C:\Windows\System32\Tasks\VUXCG
2015-02-23 20:50 - 2015-02-24 20:15 - 00001702 _____ () C:\Windows\Tasks\EDKNSFK.job
2015-02-23 20:50 - 2015-02-24 20:15 - 00001348 _____ () C:\Windows\Tasks\FQ.job
2015-02-23 20:50 - 2015-02-23 20:50 - 01973200 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe
2015-02-23 20:50 - 2015-02-23 20:50 - 01488336 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\FQ.exe
2015-02-23 20:50 - 2015-02-23 20:50 - 00004708 _____ () C:\Windows\System32\Tasks\EDKNSFK
2015-02-23 20:50 - 2015-02-23 20:50 - 00004352 _____ () C:\Windows\System32\Tasks\FQ
2015-02-23 20:50 - 2015-02-23 20:50 - 00000000 ____D () C:\Program Files (x86)\Mediaplayersversion2.4
2015-02-23 20:40 - 2015-02-23 20:40 - 00203216 _____ () C:\Users\Mamka\Desktop\27c0a3.exe
2015-02-12 21:09 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 19:16 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:16 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:16 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 19:16 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 19:16 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:16 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:16 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:16 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 19:16 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:16 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:16 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 19:16 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:16 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:16 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:16 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:16 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:15 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 19:15 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 19:15 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 19:15 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 19:15 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 19:15 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 19:15 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 19:15 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 19:15 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 19:15 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 19:15 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 19:15 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 19:15 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 19:15 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:15 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 19:15 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 19:15 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:15 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:15 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 19:15 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 19:15 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 19:15 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 19:15 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 19:15 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 19:15 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 19:15 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 19:14 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 19:14 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 19:14 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 19:14 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 19:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 19:14 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 19:14 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 19:14 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 19:14 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 19:14 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 19:14 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 19:14 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 19:14 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 19:14 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 19:14 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 19:14 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 19:14 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 19:14 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 19:14 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 19:14 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 19:14 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 19:14 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:14 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-26 22:52 - 2015-01-26 22:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Mamka\AppData\Roaming\NOHNQG
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Mamka\AppData\Roaming\FQ
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Mamka\AppData\Roaming\VUXCG
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Mamka\AppData\Roaming\EDKNSFK

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 21:26 - 2014-05-20 20:37 - 00000003 _____ () C:\Users\Mamka\stut
2015-02-24 21:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-24 20:16 - 2014-05-03 12:54 - 01272369 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 20:15 - 2014-05-03 13:02 - 00165659 _____ () C:\MyXML.xml
2015-02-24 20:15 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 20:14 - 2014-05-03 16:16 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-24 20:14 - 2014-05-03 16:16 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-24 20:14 - 2014-05-03 12:54 - 00000981 _____ () C:\Users\Mamka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-24 20:06 - 2014-05-05 10:58 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 20:05 - 2014-05-03 12:56 - 00005478 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 20:05 - 2013-08-22 23:08 - 08156054 _____ () C:\Windows\system32\perfh005.dat
2015-02-24 20:05 - 2013-08-22 23:08 - 02543904 _____ () C:\Windows\system32\perfc005.dat
2015-02-24 16:28 - 2014-05-03 13:00 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3478427585-1692798960-3486473302-1001
2015-02-24 14:49 - 2014-05-03 12:54 - 00000000 ____D () C:\Users\Mamka
2015-02-23 20:37 - 2014-05-03 13:47 - 00000000 ____D () C:\Windows\Panther
2015-02-20 14:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-13 22:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-12 21:52 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 20:59 - 2013-08-22 15:44 - 00409912 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:18 - 2014-05-03 16:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 20:14 - 2014-05-03 16:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:10 - 2014-05-03 16:06 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 20:32 - 2014-06-16 15:09 - 00003950 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 20:32 - 2014-06-16 15:09 - 00003714 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 20:32 - 2014-06-16 15:09 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 20:32 - 2014-06-16 15:09 - 00000974 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 21:06 - 2014-05-05 10:58 - 00003802 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-27 19:16 - 2014-05-03 16:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Mamka\AppData\Roaming\EDKNSFK
2015-02-23 20:50 - 2015-02-23 20:50 - 1973200 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Mamka\AppData\Roaming\FQ
2015-02-23 20:50 - 2015-02-23 20:50 - 1488336 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\FQ.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Mamka\AppData\Roaming\NOHNQG
2015-02-23 20:51 - 2015-02-23 20:51 - 1488336 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\NOHNQG.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Mamka\AppData\Roaming\VUXCG
2015-02-23 20:51 - 2015-02-23 20:51 - 1973200 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\VUXCG.exe
2014-09-20 17:46 - 2014-09-20 17:46 - 0000000 _____ () C:\Users\Mamka\AppData\Local\{152B27F8-1CFD-4993-9854-7E12758BE91E}
2014-10-17 11:17 - 2014-10-17 11:17 - 0000000 _____ () C:\Users\Mamka\AppData\Local\{C13D6DB1-D696-45B2-98C4-CECC1ADEEF23}

Some content of TEMP:
====================
C:\Users\Mamka\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mamka\AppData\Local\Temp\Quarantine.exe
C:\Users\Mamka\AppData\Local\Temp\sqlite3.dll
C:\Users\Mamka\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-17 23:09

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:297.75 GB) (Free:261.48 GB) NTFS

Available physical RAM: 2918.89 MB
Total physical RAM: 3834.9 MB
Percentage of memory in use: 23%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B7FBDD52)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EDKNSFK.job => C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe <==== ATTENTION
Task: C:\Windows\Tasks\FQ.job => C:\Users\Mamka\AppData\Roaming\FQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NOHNQG.job => C:\Users\Mamka\AppData\Roaming\NOHNQG.exe <==== ATTENTION
Task: C:\Windows\Tasks\VUXCG.job => C:\Users\Mamka\AppData\Roaming\VUXCG.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Mamka\Desktop" je 7570 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Saturas · #6 Příspěvek od **Saturas** » 24 úno 2015 21:32

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2015
Ran by Mamka at 2015-02-24 21:28:08
Running from C:\Users\Mamka\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.10) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CX4300_5500_DX4400 Manuál (HKLM-x32\...\CX4300_5500_DX4400 Manuál) (Version: - )
EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (x32 Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.2.0.0 - )
EPSON Easy Photo Print (HKLM-x32\...\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}) (Version: 1.4.2.0 - )
EPSON File Manager (HKLM-x32\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Malwarebytes Anti-Malware verze 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mediaplayersversion2.4 (HKLM-x32\...\Mediaplayersversion2.4) (Version: 1.36.01.22 - PlayMCVenture)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 cs)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nero CoverDesigner (HKLM-x32\...\{79BB6415-00A7-413A-B278-A7EAE69F1753}) (Version: 12.0.02700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{8A69F02D-A72B-AEE6-1CD3-6B05B9F9DD83}) (Version: 11.0.742.0 - Mediatek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Software tiskárny EPSON (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51 - Ghisler Software GmbH)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WinRAR 4.00 32Bit a 64Bit Full-Version version for Windows (HKLM-x32\...\{6713BFDD-8BE4-F39E-4179-2936C7733114}_is1) (Version: for Windows - )
WinRAR 4.00 32Bit a 64Bit Full-Version.rar version for Windows (HKLM-x32\...\{F6E19738-97F7-5797-E1D1- 1AFE996BEE6}_is1) (Version: for Windows - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

05-02-2015 21:48:05 Naplánovaný kontrolní bod
11-02-2015 20:08:52 Windows Update
19-02-2015 14:52:31 Naplánovaný kontrolní bod
23-02-2015 20:42:14 Uniblue SpeedUpMyPC installation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {050B9AA2-9EFE-4CA2-8A68-481BCD43CC4C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {285573A3-EE14-441A-BDFC-957379D4978D} - \AutoKMS No Task File <==== ATTENTION
Task: {380569B2-86A6-411A-B7F3-B994EF9F6990} - System32\Tasks\FQ => C:\Users\Mamka\AppData\Roaming\FQ.exe [2015-02-23] (PlayMCVenture) <==== ATTENTION
Task: {3E289DB8-2CC5-4B7F-9677-8B2B5CB70E99} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4678C31F-ABD3-4E3E-B511-084876757130} - System32\Tasks\NOHNQG => C:\Users\Mamka\AppData\Roaming\NOHNQG.exe [2015-02-23] (Browserella) <==== ATTENTION
Task: {539349B1-17FC-446B-A9E6-518447EAFA19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-16] (Google Inc.)
Task: {6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E} - System32\Tasks\VUXCG => C:\Users\Mamka\AppData\Roaming\VUXCG.exe [2015-02-23] (Browserella) <==== ATTENTION
Task: {851D13B0-B512-477B-A545-FF1EEBDB52B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {908CB079-8B45-4080-9A97-C79B00192DA5} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-12-09] (IObit)
Task: {98189309-6B1C-49A9-8664-DB7CE51FB52F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A4ED4221-FE44-4995-86E4-A9D26D20F796} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-16] (Google Inc.)
Task: {CBA91EDE-EA91-4CEC-B9BD-FB2963695FFD} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {D24323A7-3A8B-40A9-BF58-5385C30B7308} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {F1788A21-0660-413D-9628-496736B0805C} - System32\Tasks\EDKNSFK => C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe [2015-02-23] (PlayMCVenture) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EDKNSFK.job => C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe <==== ATTENTION
Task: C:\Windows\Tasks\FQ.job => C:\Users\Mamka\AppData\Roaming\FQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NOHNQG.job => C:\Users\Mamka\AppData\Roaming\NOHNQG.exe <==== ATTENTION
Task: C:\Windows\Tasks\VUXCG.job => C:\Users\Mamka\AppData\Roaming\VUXCG.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2007-09-10 23:45 - 2007-09-10 23:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2014-08-21 18:49 - 2014-08-21 18:49 - 00042496 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2014-04-14 20:41 - 2014-04-14 20:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-05-03 13:02 - 2013-12-09 15:10 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-05-03 13:02 - 2013-12-09 15:10 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-05-03 13:02 - 2013-12-09 15:10 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-05-03 13:02 - 2013-12-09 15:10 - 00089920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll
2014-05-03 13:02 - 2013-12-09 15:10 - 00039744 _____ () C:\Program Files (x86)\IObit\Start Menu 8\pri.dll
2014-05-03 13:02 - 2013-12-09 15:11 - 00041280 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3478427585-1692798960-3486473302-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mamka\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 10.0.0.1 - 10.0.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3478427585-1692798960-3486473302-500 - Administrator - Disabled)
Guest (S-1-5-21-3478427585-1692798960-3486473302-501 - Limited - Disabled)
Mamka (S-1-5-21-3478427585-1692798960-3486473302-1001 - Administrator - Enabled) => C:\Users\Mamka

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2015 09:27:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/24/2015 08:16:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/24/2015 08:16:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/24/2015 08:05:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/24/2015 08:05:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/24/2015 08:05:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/24/2015 08:02:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/24/2015 08:02:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/24/2015 07:56:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/24/2015 05:20:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

System errors:
=============
Error: (02/24/2015 08:14:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (02/24/2015 08:14:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba WSearch se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%50

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (02/24/2015 08:14:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Nero Update byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/24/2015 08:14:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/24/2015 08:14:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/24/2015 08:14:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Active File Monitor V6 byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/24/2015 08:14:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (02/24/2015 02:33:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Computer Backup (MyPC Backup) byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/24/2015 02:07:39 PM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/24/2015 02:07:09 PM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Microsoft Office Sessions:
=========================
Error: (02/24/2015 09:27:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/24/2015 08:16:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/24/2015 08:16:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/24/2015 08:05:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (02/24/2015 08:05:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (02/24/2015 08:05:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (02/24/2015 08:02:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/24/2015 08:02:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (02/24/2015 07:56:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/24/2015 05:20:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

CodeIntegrity Errors:
===================================
Date: 2015-02-24 14:38:18.959
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:38:18.717
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:38:18.495
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:38:16.867
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:38:16.509
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:32:53.900
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:32:53.681
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:32:53.431
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:32:52.134
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:32:51.822
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD Athlon(tm) II P320 Dual-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 3834.9 MB
Available physical RAM: 2918.89 MB
Total Pagefile: 6010.9 MB
Available Pagefile: 1928.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.75 GB) (Free:261.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B7FBDD52)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#7 Příspěvek od **altrok** » 24 úno 2015 21:42

Poprosim Vas, abyste soubor C:\Users\Mamka\Desktop\27c0a3.exe zabalil do raru/zipu, nahral ho na leteckaposta.cz a odkaz na jeho stazeni mi poslal na e-mail, ktery mam uvedeny v podpisu. Za zadnych okolnosti tento soubor nespoustejte

Velikost plochy by nemela presahovat 200 MB. Zpomaluje se pak start i samotny chod celeho PC.

Odinstalujte starou a zranitelnou verzi javy Java 7 Update 55 (64-bit). Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
HKLM-x32\...\Run: [mncqfqwpiSrv] => C:\Windows\SysWOW64\mncqfqwpi.vbe [7670 2014-03-05] ()
C:\Windows\SysWOW64\mncqfqwpi.vbe
C:\Windows\SysWOW64\mncqfqwpi.inf
HKLM-x32\...\Run: [DApp] => C:\Program Files\PCDApp\start.vbs
C:\Program Files\PCDApp\start.vbs
C:\Program Files\PCDApp\start.inf
HKU\S-1-5-21-3478427585-1692798960-3486473302-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: Mediaplayersversion2.4 - C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-24]
CHR HKLM-x32\...\Chrome\Extension: [jobpmpbglkjlihkjofbljhomfhkkhppk] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha6472\ch\TrustMediaViewerV1alpha6472.crx [Not Found]
C:\Program Files (x86)\TrustMediaViewerV1

2015-02-24 20:08 - 2015-02-24 20:14 - 00000000 ____D () C:\AdwCleaner
2015-02-24 19:59 - 2015-02-24 19:59 - 02126848 _____ () C:\Users\Mamka\Desktop\adwcleaner_4.111.exe
2015-02-24 15:15 - 2015-02-24 15:15 - 00112640 _____ (forum.viry.cz) C:\Users\Mamka\Desktop\FRSTLauncher.exe
2015-02-23 20:51 - 2015-02-24 20:15 - 00001356 _____ () C:\Windows\Tasks\NOHNQG.job
2015-02-23 20:51 - 2015-02-24 20:15 - 00001354 _____ () C:\Windows\Tasks\VUXCG.job
2015-02-23 20:51 - 2015-02-23 20:51 - 01973200 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\VUXCG.exe
2015-02-23 20:51 - 2015-02-23 20:51 - 01488336 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\NOHNQG.exe
2015-02-23 20:51 - 2015-02-23 20:51 - 00004364 _____ () C:\Windows\System32\Tasks\NOHNQG
2015-02-23 20:51 - 2015-02-23 20:51 - 00004360 _____ () C:\Windows\System32\Tasks\VUXCG
2015-02-23 20:50 - 2015-02-24 20:15 - 00001702 _____ () C:\Windows\Tasks\EDKNSFK.job
2015-02-23 20:50 - 2015-02-24 20:15 - 00001348 _____ () C:\Windows\Tasks\FQ.job
2015-02-23 20:50 - 2015-02-23 20:50 - 01973200 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe
2015-02-23 20:50 - 2015-02-23 20:50 - 01488336 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\FQ.exe
2015-02-23 20:50 - 2015-02-23 20:50 - 00004708 _____ () C:\Windows\System32\Tasks\EDKNSFK
2015-02-23 20:50 - 2015-02-23 20:50 - 00004352 _____ () C:\Windows\System32\Tasks\FQ
2015-02-23 20:50 - 2015-02-23 20:50 - 00000000 ____D () C:\Program Files (x86)\Mediaplayersversion2.4
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Mamka\AppData\Roaming\NOHNQG
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Mamka\AppData\Roaming\FQ
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Mamka\AppData\Roaming\VUXCG
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Mamka\AppData\Roaming\EDKNSFK
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Mamka\AppData\Roaming\EDKNSFK
2015-02-23 20:50 - 2015-02-23 20:50 - 1973200 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Mamka\AppData\Roaming\FQ
2015-02-23 20:50 - 2015-02-23 20:50 - 1488336 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\FQ.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Mamka\AppData\Roaming\NOHNQG
2015-02-23 20:51 - 2015-02-23 20:51 - 1488336 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\NOHNQG.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Mamka\AppData\Roaming\VUXCG
2015-02-23 20:51 - 2015-02-23 20:51 - 1973200 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\VUXCG.exe

Task: {285573A3-EE14-441A-BDFC-957379D4978D} - \AutoKMS No Task File <==== ATTENTION
Task: {380569B2-86A6-411A-B7F3-B994EF9F6990} - System32\Tasks\FQ => C:\Users\Mamka\AppData\Roaming\FQ.exe [2015-02-23] (PlayMCVenture) <==== ATTENTION
Task: {4678C31F-ABD3-4E3E-B511-084876757130} - System32\Tasks\NOHNQG => C:\Users\Mamka\AppData\Roaming\NOHNQG.exe [2015-02-23] (Browserella) <==== ATTENTION
Task: {6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E} - System32\Tasks\VUXCG => C:\Users\Mamka\AppData\Roaming\VUXCG.exe [2015-02-23] (Browserella) <==== ATTENTION
Task: {F1788A21-0660-413D-9628-496736B0805C} - System32\Tasks\EDKNSFK => C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe [2015-02-23] (PlayMCVenture) <==== ATTENTION
Task: C:\Windows\Tasks\EDKNSFK.job => C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe <==== ATTENTION
Task: C:\Windows\Tasks\FQ.job => C:\Users\Mamka\AppData\Roaming\FQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NOHNQG.job => C:\Users\Mamka\AppData\Roaming\NOHNQG.exe <==== ATTENTION
Task: C:\Windows\Tasks\VUXCG.job => C:\Users\Mamka\AppData\Roaming\VUXCG.exe <==== ATTENTION

CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End

Saturas · #8 Příspěvek od **Saturas** » 25 úno 2015 18:28

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Mamka at 2015-02-25 18:21:28 Run:1
Running from C:\Users\Mamka\Desktop
Loaded Profiles: Mamka (Available profiles: Mamka)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [mncqfqwpiSrv] => C:\Windows\SysWOW64\mncqfqwpi.vbe [7670 2014-03-05] ()
C:\Windows\SysWOW64\mncqfqwpi.vbe
C:\Windows\SysWOW64\mncqfqwpi.inf
HKLM-x32\...\Run: [DApp] => C:\Program Files\PCDApp\start.vbs
C:\Program Files\PCDApp\start.vbs
C:\Program Files\PCDApp\start.inf
HKU\S-1-5-21-3478427585-1692798960-3486473302-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Mediaplayersversion2.4 - C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-24]
CHR HKLM-x32\...\Chrome\Extension: [jobpmpbglkjlihkjofbljhomfhkkhppk] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha6472\ch\TrustMediaViewerV1alpha6472.crx [Not Found]
C:\Program Files (x86)\TrustMediaViewerV1

2015-02-24 20:08 - 2015-02-24 20:14 - 00000000 ____D () C:\AdwCleaner
2015-02-24 19:59 - 2015-02-24 19:59 - 02126848 _____ () C:\Users\Mamka\Desktop\adwcleaner_4.111.exe
2015-02-24 15:15 - 2015-02-24 15:15 - 00112640 _____ (forum.viry.cz) C:\Users\Mamka\Desktop\FRSTLauncher.exe
2015-02-23 20:51 - 2015-02-24 20:15 - 00001356 _____ () C:\Windows\Tasks\NOHNQG.job
2015-02-23 20:51 - 2015-02-24 20:15 - 00001354 _____ () C:\Windows\Tasks\VUXCG.job
2015-02-23 20:51 - 2015-02-23 20:51 - 01973200 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\VUXCG.exe
2015-02-23 20:51 - 2015-02-23 20:51 - 01488336 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\NOHNQG.exe
2015-02-23 20:51 - 2015-02-23 20:51 - 00004364 _____ () C:\Windows\System32\Tasks\NOHNQG
2015-02-23 20:51 - 2015-02-23 20:51 - 00004360 _____ () C:\Windows\System32\Tasks\VUXCG
2015-02-23 20:50 - 2015-02-24 20:15 - 00001702 _____ () C:\Windows\Tasks\EDKNSFK.job
2015-02-23 20:50 - 2015-02-24 20:15 - 00001348 _____ () C:\Windows\Tasks\FQ.job
2015-02-23 20:50 - 2015-02-23 20:50 - 01973200 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe
2015-02-23 20:50 - 2015-02-23 20:50 - 01488336 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\FQ.exe
2015-02-23 20:50 - 2015-02-23 20:50 - 00004708 _____ () C:\Windows\System32\Tasks\EDKNSFK
2015-02-23 20:50 - 2015-02-23 20:50 - 00004352 _____ () C:\Windows\System32\Tasks\FQ
2015-02-23 20:50 - 2015-02-23 20:50 - 00000000 ____D () C:\Program Files (x86)\Mediaplayersversion2.4
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Mamka\AppData\Roaming\NOHNQG
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Mamka\AppData\Roaming\FQ
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Mamka\AppData\Roaming\VUXCG
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Mamka\AppData\Roaming\EDKNSFK
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Mamka\AppData\Roaming\EDKNSFK
2015-02-23 20:50 - 2015-02-23 20:50 - 1973200 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Mamka\AppData\Roaming\FQ
2015-02-23 20:50 - 2015-02-23 20:50 - 1488336 _____ (PlayMCVenture) C:\Users\Mamka\AppData\Roaming\FQ.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Mamka\AppData\Roaming\NOHNQG
2015-02-23 20:51 - 2015-02-23 20:51 - 1488336 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\NOHNQG.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Mamka\AppData\Roaming\VUXCG
2015-02-23 20:51 - 2015-02-23 20:51 - 1973200 _____ (Browserella) C:\Users\Mamka\AppData\Roaming\VUXCG.exe

Task: {285573A3-EE14-441A-BDFC-957379D4978D} - \AutoKMS No Task File <==== ATTENTION
Task: {380569B2-86A6-411A-B7F3-B994EF9F6990} - System32\Tasks\FQ => C:\Users\Mamka\AppData\Roaming\FQ.exe [2015-02-23] (PlayMCVenture) <==== ATTENTION
Task: {4678C31F-ABD3-4E3E-B511-084876757130} - System32\Tasks\NOHNQG => C:\Users\Mamka\AppData\Roaming\NOHNQG.exe [2015-02-23] (Browserella) <==== ATTENTION
Task: {6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E} - System32\Tasks\VUXCG => C:\Users\Mamka\AppData\Roaming\VUXCG.exe [2015-02-23] (Browserella) <==== ATTENTION
Task: {F1788A21-0660-413D-9628-496736B0805C} - System32\Tasks\EDKNSFK => C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe [2015-02-23] (PlayMCVenture) <==== ATTENTION
Task: C:\Windows\Tasks\EDKNSFK.job => C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe <==== ATTENTION
Task: C:\Windows\Tasks\FQ.job => C:\Users\Mamka\AppData\Roaming\FQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NOHNQG.job => C:\Users\Mamka\AppData\Roaming\NOHNQG.exe <==== ATTENTION
Task: C:\Windows\Tasks\VUXCG.job => C:\Users\Mamka\AppData\Roaming\VUXCG.exe <==== ATTENTION

CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End

*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mncqfqwpiSrv => value deleted successfully.
C:\Windows\SysWOW64\mncqfqwpi.vbe => Moved successfully.
"C:\Windows\SysWOW64\mncqfqwpi.inf" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DApp => value deleted successfully.
"C:\Program Files\PCDApp\start.vbs" => File/Directory not found.
"C:\Program Files\PCDApp\start.inf" => File/Directory not found.
HKU\S-1-5-21-3478427585-1692798960-3486473302-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jobpmpbglkjlihkjofbljhomfhkkhppk" => Key deleted successfully.
"C:\Program Files (x86)\TrustMediaViewerV1" => File/Directory not found.
C:\AdwCleaner => Moved successfully.
"C:\Users\Mamka\Desktop\adwcleaner_4.111.exe" => File/Directory not found.
"C:\Users\Mamka\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\Windows\Tasks\NOHNQG.job => Moved successfully.
C:\Windows\Tasks\VUXCG.job => Moved successfully.
C:\Users\Mamka\AppData\Roaming\VUXCG.exe => Moved successfully.
C:\Users\Mamka\AppData\Roaming\NOHNQG.exe => Moved successfully.
C:\Windows\System32\Tasks\NOHNQG => Moved successfully.
C:\Windows\System32\Tasks\VUXCG => Moved successfully.
C:\Windows\Tasks\EDKNSFK.job => Moved successfully.
C:\Windows\Tasks\FQ.job => Moved successfully.
C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe => Moved successfully.
C:\Users\Mamka\AppData\Roaming\FQ.exe => Moved successfully.
C:\Windows\System32\Tasks\EDKNSFK => Moved successfully.
C:\Windows\System32\Tasks\FQ => Moved successfully.
C:\Program Files (x86)\Mediaplayersversion2.4 => Moved successfully.
C:\Users\Mamka\AppData\Roaming\NOHNQG => Moved successfully.
C:\Users\Mamka\AppData\Roaming\FQ => Moved successfully.
C:\Users\Mamka\AppData\Roaming\VUXCG => Moved successfully.
C:\Users\Mamka\AppData\Roaming\EDKNSFK => Moved successfully.
"C:\Users\Mamka\AppData\Roaming\EDKNSFK" => File/Directory not found.
"C:\Users\Mamka\AppData\Roaming\EDKNSFK.exe" => File/Directory not found.
"C:\Users\Mamka\AppData\Roaming\FQ" => File/Directory not found.
"C:\Users\Mamka\AppData\Roaming\FQ.exe" => File/Directory not found.
"C:\Users\Mamka\AppData\Roaming\NOHNQG" => File/Directory not found.
"C:\Users\Mamka\AppData\Roaming\NOHNQG.exe" => File/Directory not found.
"C:\Users\Mamka\AppData\Roaming\VUXCG" => File/Directory not found.
"C:\Users\Mamka\AppData\Roaming\VUXCG.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{285573A3-EE14-441A-BDFC-957379D4978D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{285573A3-EE14-441A-BDFC-957379D4978D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{380569B2-86A6-411A-B7F3-B994EF9F6990}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{380569B2-86A6-411A-B7F3-B994EF9F6990} => Key could not be deleted. Access denied.
C:\Windows\System32\Tasks\FQ not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FQ => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4678C31F-ABD3-4E3E-B511-084876757130} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4678C31F-ABD3-4E3E-B511-084876757130} => Key could not be deleted. Access denied.
C:\Windows\System32\Tasks\NOHNQG not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NOHNQG => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E} => Key could not be deleted. Access denied.
C:\Windows\System32\Tasks\VUXCG not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VUXCG => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F1788A21-0660-413D-9628-496736B0805C} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1788A21-0660-413D-9628-496736B0805C} => Key could not be deleted. Access denied.
C:\Windows\System32\Tasks\EDKNSFK not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EDKNSFK => Key could not be deleted. Access denied.
C:\Windows\Tasks\EDKNSFK.job not found.
C:\Windows\Tasks\FQ.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\NOHNQG.job not found.
C:\Windows\Tasks\VUXCG.job not found.

========= dir "C:\PROGRA~1" =========

Volume in drive C has no label.
Volume Serial Number is AC1D-5074

Directory of C:\PROGRA~1

24. 02. 2015 20:14 <DIR> .
24. 02. 2015 20:14 <DIR> ..
19. 09. 2014 19:43 <DIR> CCleaner
22. 08. 2013 16:36 <DIR> Common Files
25. 09. 2014 20:14 <DIR> EPSON
10. 12. 2014 22:09 <DIR> Internet Explorer
03. 05. 2014 16:02 <DIR> Java
03. 05. 2014 16:20 <DIR> Microsoft Office
25. 07. 2014 17:29 <DIR> Microsoft Silverlight
20. 05. 2014 20:31 <DIR> MSBuild
20. 05. 2014 20:31 <DIR> Reference Assemblies
03. 05. 2014 15:56 <DIR> Synaptics
12. 11. 2014 20:07 <DIR> Windows Defender
15. 09. 2014 11:38 <DIR> Windows Journal
22. 08. 2013 23:08 <DIR> Windows Mail
09. 03. 2014 14:38 <DIR> Windows Media Player
09. 03. 2014 14:38 <DIR> Windows Multimedia Platform
03. 05. 2014 12:51 <DIR> Windows NT
22. 08. 2013 23:08 <DIR> Windows Photo Viewer
09. 03. 2014 14:38 <DIR> Windows Portable Devices
22. 08. 2013 16:36 <DIR> WindowsPowerShell
20. 05. 2014 20:40 <DIR> WinRAR
0 File(s) 0 bytes
22 Dir(s) 280�341�135�360 bytes free

========= End of CMD: =========

========= dir "C:\PROGRA~2" =========

Volume in drive C has no label.
Volume Serial Number is AC1D-5074

Directory of C:\PROGRA~2

25. 02. 2015 18:21 <DIR> .
25. 02. 2015 18:21 <DIR> ..
08. 06. 2014 12:44 <DIR> Adobe
22. 12. 2014 10:00 <DIR> Common Files
25. 09. 2014 20:32 <DIR> epson
16. 06. 2014 15:09 <DIR> Google
10. 12. 2014 22:09 <DIR> Internet Explorer
03. 05. 2014 13:02 <DIR> IObit
16. 10. 2014 14:35 <DIR> Malwarebytes Anti-Malware
03. 05. 2014 16:20 <DIR> Microsoft Analysis Services
03. 05. 2014 16:22 <DIR> Microsoft Office
25. 07. 2014 17:29 <DIR> Microsoft Silverlight
03. 05. 2014 16:22 <DIR> Microsoft.NET
26. 01. 2015 22:52 <DIR> Mozilla Firefox
27. 01. 2015 19:16 <DIR> Mozilla Maintenance Service
20. 05. 2014 20:31 <DIR> MSBuild
22. 12. 2014 10:01 <DIR> Nero
05. 12. 2014 13:52 <DIR> Ralink Corporation
20. 05. 2014 20:31 <DIR> Reference Assemblies
03. 05. 2014 13:05 <DIR> VideoLAN
12. 11. 2014 20:07 <DIR> Windows Defender
22. 08. 2013 23:08 <DIR> Windows Mail
09. 03. 2014 14:38 <DIR> Windows Media Player
09. 03. 2014 14:38 <DIR> Windows Multimedia Platform
22. 08. 2013 16:36 <DIR> Windows NT
22. 08. 2013 23:08 <DIR> Windows Photo Viewer
09. 03. 2014 14:38 <DIR> Windows Portable Devices
22. 08. 2013 16:36 <DIR> WindowsPowerShell
20. 05. 2014 20:26 <DIR> WinRAR 4.00 32Bit a 64Bit Full-Version
20. 05. 2014 20:26 <DIR> WinRAR 4.00 32Bit a 64Bit Full-Version.rar
0 File(s) 0 bytes
30 Dir(s) 280�341�135�360 bytes free

========= End of CMD: =========

========= dir "C:\PROGRA~3" =========

Volume in drive C has no label.
Volume Serial Number is AC1D-5074

Directory of C:\PROGRA~3

08. 06. 2014 15:08 <DIR> Adobe
25. 09. 2014 20:17 <DIR> EPSON
08. 06. 2014 12:55 <DIR> FLEXnet
03. 05. 2014 13:02 <DIR> IObit
16. 10. 2014 14:35 <DIR> Malwarebytes
16. 06. 2014 15:27 <DIR> McAfee
11. 02. 2015 20:18 <DIR> Microsoft Help
03. 05. 2014 13:16 <DIR> Microsoft Toolkit
03. 05. 2014 16:16 <DIR> Mozilla
22. 12. 2014 10:02 <DIR> Nero
22. 08. 2013 23:10 <DIR> regid.1991-06.com.microsoft
25. 09. 2014 20:33 <DIR> UDL
0 File(s) 0 bytes
12 Dir(s) 280�341�135�360 bytes free

========= End of CMD: =========

========= dir "%localappdata%" =========

Volume in drive C has no label.
Volume Serial Number is AC1D-5074

Directory of C:\Users\Mamka\AppData\Local

25. 02. 2015 18:21 <DIR> .
25. 02. 2015 18:21 <DIR> ..
16. 10. 2014 14:49 <DIR> 11463
16. 10. 2014 14:49 <DIR> 19501
16. 10. 2014 14:49 <DIR> 824
29. 12. 2014 19:28 <DIR> Adobe
01. 02. 2015 13:34 <DIR> Diagnostics
20. 05. 2014 20:17 <DIR> GHISLER
16. 06. 2014 15:10 <DIR> Google
05. 05. 2014 10:59 <DIR> Macromedia
14. 10. 2014 12:26 <DIR> Microsoft
03. 05. 2014 16:20 <DIR> Microsoft Help
03. 05. 2014 16:16 <DIR> Mozilla
25. 02. 2015 18:21 29�696 MSGBOX.EXE
03. 05. 2014 16:07 <DIR> Packages
20. 05. 2014 20:25 <DIR> Programs
25. 02. 2015 18:21 <DIR> Temp
03. 05. 2014 12:54 <DIR> VirtualStore
20. 09. 2014 17:46 0 {152B27F8-1CFD-4993-9854-7E12758BE91E}
17. 10. 2014 11:17 0 {C13D6DB1-D696-45B2-98C4-CECC1ADEEF23}
3 File(s) 29�696 bytes
17 Dir(s) 280�341�131�264 bytes free

========= End of CMD: =========

========= dir "%appdata%" =========

Volume in drive C has no label.
Volume Serial Number is AC1D-5074

Directory of C:\Users\Mamka\AppData\Roaming

25. 02. 2015 18:21 <DIR> .
25. 02. 2015 18:21 <DIR> ..
03. 06. 2014 12:31 <DIR> .minecraft
02. 11. 2014 09:28 <DIR> Adobe
03. 05. 2014 16:09 <DIR> GHISLER
25. 09. 2014 20:29 <DIR> InstallShield
19. 01. 2015 16:26 <DIR> IObit
03. 05. 2014 13:07 <DIR> Macromedia
03. 05. 2014 16:16 <DIR> Mozilla
03. 06. 2014 05:38 <DIR> QuickScan
04. 10. 2014 14:27 <DIR> vlc
20. 05. 2014 20:41 <DIR> WinRAR
0 File(s) 0 bytes
12 Dir(s) 280�341�131�264 bytes free

========= End of CMD: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 535.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog 18:21:52 ====

#9 Příspěvek od **altrok** » 26 úno 2015 10:06

Za vzorek dekuji.

Pocitaci by se melo znatelne ulevit, ale pro kontrolu poprosim o novy FRST log.

Saturas · #10 Příspěvek od **Saturas** » 27 úno 2015 11:41

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Mamka (administrator) on NOTEBOOK on 27-02-2015 11:30:54
Running from C:\Users\Mamka\Desktop\FRST-OlderVersion
Loaded Profiles: Mamka (Available profiles: Mamka)
Platform: Windows 8.1 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-10] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3478427585-1692798960-3486473302-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Mamka\AppData\Roaming\Mozilla\Firefox\Profiles\0urkjle5.default-1424785132839\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-06-08] (Macrovision Europe Ltd.) [File not signed]
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 18:35 - 2015-02-25 18:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-25 18:34 - 2015-02-25 18:36 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-25 18:34 - 2015-02-25 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-25 18:33 - 2015-02-25 18:33 - 00639912 _____ (Oracle Corporation) C:\Users\Mamka\Desktop\jxpiinstall.exe
2015-02-25 18:21 - 2015-02-27 11:30 - 00000000 ____D () C:\Users\Mamka\Desktop\FRST-OlderVersion
2015-02-25 18:21 - 2015-02-25 18:21 - 00029696 _____ () C:\Users\Mamka\AppData\Local\MSGBOX.EXE
2015-02-25 18:21 - 2015-02-25 18:21 - 00015327 _____ () C:\Users\Mamka\Desktop\LM.bat
2015-02-25 18:16 - 2015-02-25 18:16 - 00082259 _____ () C:\Users\Mamka\Desktop\27c0a3.rar
2015-02-25 13:01 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 13:01 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-25 13:01 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 13:01 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-25 13:01 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-25 13:01 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-24 15:16 - 2015-02-27 11:30 - 00000000 ____D () C:\FRST
2015-02-24 15:15 - 2015-02-25 18:21 - 02087936 _____ (Farbar) C:\Users\Mamka\Desktop\FRST64.exe
2015-02-24 14:50 - 2015-02-24 14:50 - 00000000 _____ () C:\autoexec.bat
2015-02-24 14:38 - 2015-02-24 14:38 - 00000000 ____D () C:\Users\Mamka\Desktop\Původní data aplikace Firefox
2015-02-24 12:48 - 2015-02-27 11:27 - 00001392 _____ () C:\Windows\setupact.log
2015-02-24 12:48 - 2015-02-24 14:34 - 00001634 _____ () C:\Windows\PFRO.log
2015-02-24 12:48 - 2015-02-24 12:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-23 20:40 - 2015-02-23 20:40 - 00203216 _____ () C:\Users\Mamka\Desktop\27c0a3.exe
2015-02-12 21:09 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 19:16 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:16 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:16 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 19:16 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 19:16 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:16 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:16 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:16 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 19:16 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:16 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:16 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 19:16 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:16 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:16 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:16 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:16 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:15 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 19:15 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 19:15 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 19:15 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 19:15 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 19:15 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 19:15 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 19:15 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 19:15 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 19:15 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 19:15 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 19:15 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 19:15 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 19:15 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:15 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 19:15 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 19:15 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:15 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:15 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 19:15 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 19:15 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 19:15 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 19:15 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 19:15 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 19:15 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 19:15 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 19:14 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 19:14 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 19:14 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 19:14 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 19:14 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 19:14 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 19:14 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 19:14 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 19:14 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 19:14 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 19:14 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 19:14 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 19:14 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 19:14 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 19:14 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 19:14 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 19:14 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 19:14 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 19:14 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 19:14 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 19:14 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 19:14 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:14 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 11:28 - 2014-05-03 12:54 - 01829531 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 11:27 - 2014-05-03 13:02 - 00165659 _____ () C:\MyXML.xml
2015-02-27 11:27 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 09:06 - 2014-05-05 10:58 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-27 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-27 08:37 - 2014-05-03 12:56 - 00005478 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-27 08:37 - 2013-08-22 23:08 - 08252878 _____ () C:\Windows\system32\perfh005.dat
2015-02-27 08:37 - 2013-08-22 23:08 - 02575964 _____ () C:\Windows\system32\perfc005.dat
2015-02-27 01:50 - 2014-05-03 12:54 - 00000000 ____D () C:\Users\Mamka
2015-02-25 21:09 - 2014-05-03 13:00 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3478427585-1692798960-3486473302-1001
2015-02-25 18:23 - 2014-06-29 00:21 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-25 18:21 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-25 18:14 - 2014-05-20 20:37 - 00000003 _____ () C:\Users\Mamka\stut
2015-02-25 13:32 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-24 20:14 - 2014-05-03 16:16 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-24 20:14 - 2014-05-03 16:16 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-24 20:14 - 2014-05-03 12:54 - 00000981 _____ () C:\Users\Mamka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-23 20:37 - 2014-05-03 13:47 - 00000000 ____D () C:\Windows\Panther
2015-02-20 14:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 10:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-13 22:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-12 20:59 - 2013-08-22 15:44 - 00409912 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:18 - 2014-05-03 16:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 20:14 - 2014-05-03 16:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:10 - 2014-05-03 16:06 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 20:32 - 2014-06-16 15:09 - 00003950 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 20:32 - 2014-06-16 15:09 - 00003714 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 21:06 - 2014-05-05 10:58 - 00003802 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-02-25 18:21 - 2015-02-25 18:21 - 0029696 _____ () C:\Users\Mamka\AppData\Local\MSGBOX.EXE
2014-09-20 17:46 - 2014-09-20 17:46 - 0000000 _____ () C:\Users\Mamka\AppData\Local\{152B27F8-1CFD-4993-9854-7E12758BE91E}
2014-10-17 11:17 - 2014-10-17 11:17 - 0000000 _____ () C:\Users\Mamka\AppData\Local\{C13D6DB1-D696-45B2-98C4-CECC1ADEEF23}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-17 23:09

==================== End Of Log ============================

Saturas · #11 Příspěvek od **Saturas** » 27 úno 2015 11:42

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Mamka at 2015-02-27 11:32:01
Running from C:\Users\Mamka\Desktop\FRST-OlderVersion
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.10) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CX4300_5500_DX4400 Manuál (HKLM-x32\...\CX4300_5500_DX4400 Manuál) (Version: - )
EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (x32 Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.2.0.0 - )
EPSON Easy Photo Print (HKLM-x32\...\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}) (Version: 1.4.2.0 - )
EPSON File Manager (HKLM-x32\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware verze 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mediaplayersversion2.4 (HKLM-x32\...\Mediaplayersversion2.4) (Version: 1.36.01.22 - PlayMCVenture)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 cs)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nero CoverDesigner (HKLM-x32\...\{79BB6415-00A7-413A-B278-A7EAE69F1753}) (Version: 12.0.02700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{8A69F02D-A72B-AEE6-1CD3-6B05B9F9DD83}) (Version: 11.0.742.0 - Mediatek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Software tiskárny EPSON (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.4.0.0 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51 - Ghisler Software GmbH)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WinRAR 4.00 32Bit a 64Bit Full-Version version for Windows (HKLM-x32\...\{6713BFDD-8BE4-F39E-4179-2936C7733114}_is1) (Version: for Windows - )
WinRAR 4.00 32Bit a 64Bit Full-Version.rar version for Windows (HKLM-x32\...\{F6E19738-97F7-5797-E1D1- 1AFE996BEE6}_is1) (Version: for Windows - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

05-02-2015 21:48:05 Naplánovaný kontrolní bod
11-02-2015 20:08:52 Windows Update
19-02-2015 14:52:31 Naplánovaný kontrolní bod
23-02-2015 20:42:14 Uniblue SpeedUpMyPC installation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Locked "{380569B2-86A6-411A-B7F3-B994EF9F6990}" task was unlocked successfully. <===== ATTENTION
Task: {380569B2-86A6-411A-B7F3-B994EF9F6990} - \FQ No Task File <==== ATTENTION
Task: {3E289DB8-2CC5-4B7F-9677-8B2B5CB70E99} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Locked "{4678C31F-ABD3-4E3E-B511-084876757130}" task was unlocked successfully. <===== ATTENTION
Task: {4678C31F-ABD3-4E3E-B511-084876757130} - \NOHNQG No Task File <==== ATTENTION
Task: {539349B1-17FC-446B-A9E6-518447EAFA19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-16] (Google Inc.)
Locked "{6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E}" task was unlocked successfully. <===== ATTENTION
Task: {6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E} - \VUXCG No Task File <==== ATTENTION
Task: {851D13B0-B512-477B-A545-FF1EEBDB52B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {908CB079-8B45-4080-9A97-C79B00192DA5} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-12-09] (IObit)
Task: {98189309-6B1C-49A9-8664-DB7CE51FB52F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A4ED4221-FE44-4995-86E4-A9D26D20F796} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-16] (Google Inc.)
Task: {CBA91EDE-EA91-4CEC-B9BD-FB2963695FFD} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {D24323A7-3A8B-40A9-BF58-5385C30B7308} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {D64D4E5D-4733-4594-B18F-56E9E86BE39A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Locked "{F1788A21-0660-413D-9628-496736B0805C}" task was unlocked successfully. <===== ATTENTION
Task: {F1788A21-0660-413D-9628-496736B0805C} - \EDKNSFK No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2007-09-10 23:45 - 2007-09-10 23:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2014-05-03 13:02 - 2013-12-09 15:10 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-05-03 13:02 - 2013-12-09 15:10 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-05-03 13:02 - 2013-12-09 15:10 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-05-03 13:02 - 2013-12-09 15:10 - 00089920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll
2014-05-03 13:02 - 2013-12-09 15:11 - 00041280 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2015-01-26 22:52 - 2015-01-26 22:52 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3478427585-1692798960-3486473302-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mamka\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 10.0.0.1 - 10.0.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3478427585-1692798960-3486473302-500 - Administrator - Disabled)
Guest (S-1-5-21-3478427585-1692798960-3486473302-501 - Limited - Disabled)
Mamka (S-1-5-21-3478427585-1692798960-3486473302-1001 - Administrator - Enabled) => C:\Users\Mamka

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2015 11:30:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/27/2015 11:30:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/27/2015 11:27:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 6.3.9600.17284, časové razítko: 0x53f816dc
Název chybujícího modulu: twinui.dll, verze: 6.3.9600.17324, časové razítko: 0x53f822bf
Kód výjimky: 0x80270249
Posun chyby: 0x000000000029076f
ID chybujícího procesu: 0x51c
Čas spuštění chybující aplikace: 0xExplorer.EXE0
Cesta k chybující aplikaci: Explorer.EXE1
Cesta k chybujícímu modulu: Explorer.EXE2
ID zprávy: Explorer.EXE3
Úplný název chybujícího balíčku: Explorer.EXE4
ID aplikace související s chybujícím balíčkem: Explorer.EXE5

Error: (02/27/2015 08:37:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/27/2015 08:37:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/27/2015 08:37:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/27/2015 08:35:07 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/27/2015 08:34:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0xC004F074
Argument příkazového řádku:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/27/2015 08:33:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 6.3.9600.17284, časové razítko: 0x53f816dc
Název chybujícího modulu: twinui.dll, verze: 6.3.9600.17324, časové razítko: 0x53f822bf
Kód výjimky: 0x80270249
Posun chyby: 0x000000000029076f
ID chybujícího procesu: 0x550
Čas spuštění chybující aplikace: 0xExplorer.EXE0
Cesta k chybující aplikaci: Explorer.EXE1
Cesta k chybujícímu modulu: Explorer.EXE2
ID zprávy: Explorer.EXE3
Úplný název chybujícího balíčku: Explorer.EXE4
ID aplikace související s chybujícím balíčkem: Explorer.EXE5

Error: (02/26/2015 10:50:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (02/27/2015 11:29:31 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (02/27/2015 11:27:43 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (02/27/2015 11:27:38 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Službě Plánovač úloh se při spuštění nepodařilo načíst úlohy. Další údaje: Hodnota chyby: 2147942405

Error: (02/27/2015 08:33:09 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (02/27/2015 08:33:05 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Službě Plánovač úloh se při spuštění nepodařilo načíst úlohy. Další údaje: Hodnota chyby: 2147942405

Error: (02/26/2015 10:43:11 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (02/26/2015 10:43:08 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Službě Plánovač úloh se při spuštění nepodařilo načíst úlohy. Další údaje: Hodnota chyby: 2147942405

Error: (02/26/2015 10:42:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:10:53, ‎26. ‎2. ‎2015) bylo neočekávané.

Error: (02/26/2015 00:34:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (02/26/2015 00:34:14 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Službě Plánovač úloh se při spuštění nepodařilo načíst úlohy. Další údaje: Hodnota chyby: 2147942405

Microsoft Office Sessions:
=========================
Error: (02/27/2015 11:30:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/27/2015 11:30:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/27/2015 11:27:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dctwinui.dll6.3.9600.1732453f822bf80270249000000000029076f51c01d0527802fac648C:\Windows\Explorer.EXEC:\Windows\system32\twinui.dll4b804b26-be6b-11e4-8476-002713dbfb25

Error: (02/27/2015 08:37:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (02/27/2015 08:37:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (02/27/2015 08:37:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (02/27/2015 08:35:07 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/27/2015 08:34:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/27/2015 08:33:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dctwinui.dll6.3.9600.1732453f822bf80270249000000000029076f55001d0525fa08e0262C:\Windows\Explorer.EXEC:\Windows\system32\twinui.dlle7facd81-be52-11e4-8475-002713dbfb25

Error: (02/26/2015 10:50:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

CodeIntegrity Errors:
===================================
Date: 2015-02-25 13:19:48.630
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:38:18.959
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:38:18.717
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:38:18.495
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:38:16.867
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:38:16.509
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:32:53.900
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:32:53.681
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:32:53.431
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-24 14:32:52.134
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD Athlon(tm) II P320 Dual-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 3834.9 MB
Available physical RAM: 2663.36 MB
Total Pagefile: 6010.9 MB
Available Pagefile: 1489.35 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.75 GB) (Free:260.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B7FBDD52)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#12 Příspěvek od **altrok** » 27 úno 2015 21:34

Doporucuji vymenit Windows Defender za napr. avast! Free nebo aviru (ve free verzi anglicky), protoze Defender ma dle srovnavacich testu cca 50% uspesnost detekce viz http://forum.viry.cz/viewtopic.php?f=14 ... 3#p1377913
Pak se jen ujistete, ze je Win. Defender vypnuty.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
2015-02-25 18:21 - 2015-02-27 11:30 - 00000000 ____D () C:\Users\Mamka\Desktop\FRST-OlderVersion
2015-02-25 18:21 - 2015-02-25 18:21 - 00029696 _____ () C:\Users\Mamka\AppData\Local\MSGBOX.EXE
2015-02-25 18:21 - 2015-02-25 18:21 - 00015327 _____ () C:\Users\Mamka\Desktop\LM.bat
2015-02-25 18:16 - 2015-02-25 18:16 - 00082259 _____ () C:\Users\Mamka\Desktop\27c0a3.rar
2015-02-23 20:40 - 2015-02-23 20:40 - 00203216 _____ () C:\Users\Mamka\Desktop\27c0a3.exe
Locked "{380569B2-86A6-411A-B7F3-B994EF9F6990}" task was unlocked successfully. <===== ATTENTION
Task: {380569B2-86A6-411A-B7F3-B994EF9F6990} - \FQ No Task File <==== ATTENTION
Locked "{4678C31F-ABD3-4E3E-B511-084876757130}" task was unlocked successfully. <===== ATTENTION
Task: {4678C31F-ABD3-4E3E-B511-084876757130} - \NOHNQG No Task File <==== ATTENTION
Locked "{6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E}" task was unlocked successfully. <===== ATTENTION
Task: {6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E} - \VUXCG No Task File <==== ATTENTIONLocked "{F1788A21-0660-413D-9628-496736B0805C}" task was unlocked successfully. <===== ATTENTION
Task: {F1788A21-0660-413D-9628-496736B0805C} - \EDKNSFK No Task File <==== ATTENTION
C:\Users\Mamka\AppData\Local\Temp
End

Saturas · #13 Příspěvek od **Saturas** » 28 úno 2015 09:54

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Mamka at 2015-02-28 09:50:48 Run:2
Running from C:\Users\Mamka\Desktop
Loaded Profiles: Mamka (Available profiles: Mamka)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
2015-02-25 18:21 - 2015-02-27 11:30 - 00000000 ____D () C:\Users\Mamka\Desktop\FRST-OlderVersion
2015-02-25 18:21 - 2015-02-25 18:21 - 00029696 _____ () C:\Users\Mamka\AppData\Local\MSGBOX.EXE
2015-02-25 18:21 - 2015-02-25 18:21 - 00015327 _____ () C:\Users\Mamka\Desktop\LM.bat
2015-02-25 18:16 - 2015-02-25 18:16 - 00082259 _____ () C:\Users\Mamka\Desktop\27c0a3.rar
2015-02-23 20:40 - 2015-02-23 20:40 - 00203216 _____ () C:\Users\Mamka\Desktop\27c0a3.exe
Locked "{380569B2-86A6-411A-B7F3-B994EF9F6990}" task was unlocked successfully. <===== ATTENTION
Task: {380569B2-86A6-411A-B7F3-B994EF9F6990} - \FQ No Task File <==== ATTENTION
Locked "{4678C31F-ABD3-4E3E-B511-084876757130}" task was unlocked successfully. <===== ATTENTION
Task: {4678C31F-ABD3-4E3E-B511-084876757130} - \NOHNQG No Task File <==== ATTENTION
Locked "{6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E}" task was unlocked successfully. <===== ATTENTION
Task: {6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E} - \VUXCG No Task File <==== ATTENTIONLocked "{F1788A21-0660-413D-9628-496736B0805C}" task was unlocked successfully. <===== ATTENTION
Task: {F1788A21-0660-413D-9628-496736B0805C} - \EDKNSFK No Task File <==== ATTENTION
C:\Users\Mamka\AppData\Local\Temp
End
*****************

Processes closed successfully.
C:\Users\Mamka\Desktop\FRST-OlderVersion => Moved successfully.
C:\Users\Mamka\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\Users\Mamka\Desktop\LM.bat => Moved successfully.
C:\Users\Mamka\Desktop\27c0a3.rar => Moved successfully.
C:\Users\Mamka\Desktop\27c0a3.exe => Moved successfully.
Locked "{380569B2-86A6-411A-B7F3-B994EF9F6990}" task was unlocked successfully. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{380569B2-86A6-411A-B7F3-B994EF9F6990}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FQ" => Key deleted successfully.
Locked "{4678C31F-ABD3-4E3E-B511-084876757130}" task was unlocked successfully. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4678C31F-ABD3-4E3E-B511-084876757130}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NOHNQG" => Key deleted successfully.
Locked "{6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E}" task was unlocked successfully. <===== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DA5DB3E-BE06-4A17-95BF-04B5F7C3DC5E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VUXCG" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1788A21-0660-413D-9628-496736B0805C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EDKNSFK" => Key deleted successfully.
C:\Users\Mamka\AppData\Local\Temp => Moved successfully.

The system needed a reboot.

==== End of Fixlog 09:50:49 ====

#14 Příspěvek od **altrok** » 28 úno 2015 13:13

Vyborne, log je ted cisty, takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

Saturas · #15 Příspěvek od **Saturas** » 28 úno 2015 22:15

Moc děkuji za pomoc, velmi si ji vážím

VIRY.CZ

istarsurf v mozzile

istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile

Re: istarsurf v mozzile