Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu - PC je totálně zaspamované

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
davidek.hlavacek
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 21 zář 2014 09:19

Prosím o kontrolu logu - PC je totálně zaspamované

#1 Příspěvek od davidek.hlavacek »

Dobrý den, chtěl bych poprosit o kontrolu logu a případné vyčištění PC. Tady je log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by David at 2015-03-07 07:55:10
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 396 GB (83%) free of 477 GB
Total RAM: 3071 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:55:32, on 7.3.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Program Files\VLC Player GPU+\UsageLog.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe
C:\Users\David\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
C:\Users\David\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
C:\Program Files\Genie Soft\Genie Cleaner\GenieFloater.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Windows\expIorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mobogenie3\MoboGenieHelper.exe
C:\Users\David\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Program Files\Mobogenie3\mobogenieP2sp.exe
C:\Program Files\VLC Player GPU+\UsageMonitor.exe
C:\Windows\inf\mncrntpd\mncrntpd.exe
C:\Users\David\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrsetup.exe
C:\Users\David\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Totalcmd\TOTALCMD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\David\Desktop\RSIT.exe
C:\Program Files\trend micro\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: CrossriderApp0048559 - {11111111-1111-1111-1111-110411851159} - C:\Program Files\Apps Hat\Apps Hat-bho.dll
O2 - BHO: CrossriderApp0050301 - {11111111-1111-1111-1111-110511031101} - C:\Program Files\Apps Hat Mini\Apps Hat Mini-bho.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: maucampo 1.0.0.7 - {5d7d4fb9-aca5-4013-8879-c58dcd4df9f1} - C:\Program Files\maucampo\maucampoBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: InjectScript - {F6C07882-D703-4DD5-905A-2C4E815A5066} - C:\Users\David\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4\Shopping Suggestion.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs
O4 - HKLM\..\Run: [MSStp] C:\Windows\system32\msstp.vbe
O4 - HKLM\..\Run: [mncrntpdSrv] C:\Windows\inf\mncrntpd.vbe
O4 - HKLM\..\Run: [msfneiSrv] "C:\Windows\system32\msfnei.vbe" msyyhd mssrrv
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [UsageTemp] "C:\Users\David\AppData\Local\Temp\UsageTemp.exe"
O4 - HKLM\..\Run: [UsageLoader] "C:\Program Files\VLC Player GPU+\UsageLog.exe"
O4 - HKLM\..\RunOnce: [filesfrog_apt_flvplayer] "C:\Users\David\AppData\Local\Temp\\BI_RunOnce.exe" /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid "filesfrog_apt_flvplayer" /id "flvplayerqjgi" /name "FLV Player Update" /uniqid FLVPlayerUpdate_downloader_by_FLVPlayerUpdate ${CUSTOM_ARGS} /uuid 03000200-0400-0500-0006-000700080009 /biosserial To Be Filled By O.E.M. /biosversion 052410 - 20100524 /csname To Be Filled By O.E.M.
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\David\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [SpeedUpMyComputer] C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
O4 - HKCU\..\Run: [AppsHat] C:\Users\David\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
O4 - HKCU\..\Run: [FLV Player] C:\Users\David\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
O4 - HKCU\..\Run: [Yahoo! Search] C:\Users\David\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
O4 - HKCU\..\Run: [GenieFloater] C:\Program Files\Genie Soft\Genie Cleaner\GenieFloater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2581518723-3841867643-131084604-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: GenieCleanService - Oppoos.com - C:\Program Files\Genie Soft\Genie Cleaner\GenieCleanService.exe
O23 - Service: GenieWifiService - Oppoos.com - C:\Program Files\Genie Soft\Genie Wifi\GenieWifiService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MaintainerSvc4.00.4737669 - Unknown owner - C:\ProgramData\a4bfa1f9-a877-4764-8645-bc2e9e51a9a4\maintainer.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: MgAssist Service (MgAssistService) - Unknown owner - C:\Program Files\Mobogenie\MgAssist.exe
O23 - Service: MobogenieService - Mobogenie.com - C:\Program Files\Mobogenie3\MobogenieService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Network HTTP Support Service (NetHttpService) - Unknown owner - C:\Windows\system32\nethtsrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
O23 - Service: Network Support Service Updater (ServiceUpdater) - Unknown owner - C:\Windows\system32\netupdsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Update maucampo - Unknown owner - C:\Program Files\maucampo\updatemaucampo.exe
O23 - Service: Util maucampo - Unknown owner - C:\Program Files\maucampo\bin\utilmaucampo.exe

--
End of file - 11764 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AmiUpdXp.job - C:\Users\David\AppData\Local\4573\a25750.exe
C:\Windows\tasks\Apps Hat Mini-codedownloader.job - C:\Program Files\Apps Hat Mini\Apps Hat Mini-codedownloader.exe /reinstallapp /runfrom=task /agentregpath='Apps Hat Mini' /appid=50301 /srcid='000971' /subid='0' /zdata='appshatmini' /bic=F193D2FE76E34AE38E855BC858C8DD55IE /verifier=db0861316a718770893720e07ce29300 /installerversion=1_34_1_29 /installerfullversion=1.34.1.29 /installationtime=1391252696 /statsdomain=http://stats.srvstatsdata.com /errorsdomain=http://errors.srvstatsdata.com /codedownloaddomain=http://app-static.crossrider.com /defbro=ch /allusers /autoupdateulr='http://update.srvstatsdata.com/ie_code_ ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\Apps Hat Mini-firefoxinstaller.job - C:\Program Files\Apps Hat Mini\Apps Hat Mini-firefoxinstaller.exe /installxpi /agentregpath='Apps Hat Mini' /extensionfilepath='C:\Program Files\Apps Hat Mini\50301.xpi' /appid=50301 /srcid='000971' /subid='0' /zdata='appshatmini' /bic=F193D2FE76E34AE38E855BC858C8DD55IE /verifier=db0861316a718770893720e07ce29300 /installerversion=1_34_1_29 /installerfullversion=1.34.1.29 /installationtime=1391252696 /statsdomain=http://stats.srvstatsdata.com /errorsdomain=http://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com /extensionversion=0.93 /prefsbranch=aa055e456a2004197b11ab82eb9b5ea1ce3a45ca070b044d3aeb30176a65ffa43com50301 /updateurl=https://w9u6a2p6.ssl.hwcdn.net/plugin/f ... /50301.rdf /extensionname='Apps Hat Mini' /extensiondesc='Apps Hat is the cool new Android app store that helps you discover hot new apps, both free and discounted. Get personalised recommendations, price drop alerts, and share your favourite apps with your friends.' /publishername='Nero' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='http://update.srvstatsdata.com/ff_agent ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\Apps Hat Mini-updater.job - C:\Program Files\Apps Hat Mini\Apps Hat Mini-updater.exe /rawdata=RAgWfw+VZrZLxlH3xL+dvxjOrO4DMB2OpH6wedZIST00hNkZBJ2jHHXHL0T/JG+2IVc3tFnlIJSkCU+8a32d8XhHr9hUzh1Xqgn+2bgY/UrsAJKWRvet+6kSYqnFg1MP3YUWhUTEEaGkg2Sq4um9tMdWug+VZPllHe/bE0uDPgi4GbD1HSgdJP+W2UC2A3LwsdJfGsKm/YX1LvV/uBdAp+IRSx38Zbs1H+ZuN2aMJADWE366YK4w53WfRURGvw1eHMO25sH6WkVokhcT1N3vSQxrRoKH0lyAJQ8Iy6F1+BiCpYD7KiJtg/FKYCEaf+T8sl2hbrnxYPcJkTcOR5gj0DFsQHIzYIYZ6ytWr/qhyAkxzrIShOhluGtJkpO+d9NsTuWKM+7+0D2qnj/Lc87z6q5aMSOkJTzQDrhfT0JFcGyWqLQtTXgqRMKOzSOLnrwM2aqMGS+ycMXjAsjwolboxARvITNCu2VEPspnJhFCFLhQ7LyXzTRh4b6YLdo01lvtG19ZFxYdwVqsSG6VP3jlNhzcYG3fSiCVJtidFJMONyVS2BhOf9SkDhx1KNcdtdqhvrQRvO1PzMqqBtK20JeR7UGnf2m+QLROxG7BbX/q2k18HWR0kkltmeq0trOHLWXIE6Fx3smt+EUGw1XNsZc1kMBgttwOvFLD0qO5wvrf9mPDJxuL5+RUSvDfunMhFwVl2EgkGXWCylzKoCA3ADxym19eVGij0Mxdq2GmEZqjZjc52Tf6X4Qc5PrfA2rtcbpoeK97reha0iUtmsnw/EW+YFYyT+cZ9L/oasI6UzFzaK1VBydiu5bCW8DzOSvtVPNH6KJOnIZd6Wrbr+7na8J4PKRo5RbxvFxsWmBIEdNN4xCQkFaPLS3l3TI6d/DCKdEBvEF8C7Ltp+6YQkH1CKBkd+8fNwPWv2C4xoHkvYijMICVCmp9gzGT1UmJ6tfXuTrXSFTVUfhZ5R0+0zKh9OwOZLUi8J8Zv/OchPDQIoswQg8X7wb7gvBst6LW7ALSrjQC
C:\Windows\tasks\Apps Hat-chromeinstaller.job - C:\Program Files\Apps Hat\Apps Hat-chromeinstaller.exe /installcrx /agentregpath='Apps Hat' /extensionfilepath='C:\Program Files\Apps Hat\48559.crx' /appid=48559 /srcid='000820' /subid='0' /zdata='appshatmadness' /bic=F193D2FE76E34AE38E855BC858C8DD55IE /verifier=db0861316a718770893720e07ce29300 /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390137165 /statsdomain=http://stats.srvstatsdata.com /errorsdomain=http://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=pbffpbffjfiigoledmkcibcbadpbenec /extensionversion=1.26.25 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCp3NqmRawjPxtZ6VsMJVS9DyMHQTJAZve3uLjS+xGsIZjVvI1IDgTNfFnfgkn6LHlZERzsTa5cfx/JnEX5g4l1JCLoi76F9KY/cStxDff9NmLSWUeZGGeRz5zCDaXFxhhpweXRD/CV2xUBrIn3Yaj8wZ57VKTTemOV9Hsr3jxq2wIDAQAB /defbro=ch /allusers /allprofiles /crxinstalltype=1 /runfrom='task' /externallog=''
C:\Windows\tasks\Apps Hat-codedownloader.job - C:\Program Files\Apps Hat\Apps Hat-codedownloader.exe /reinstallapp /runfrom=task /agentregpath='Apps Hat' /appid=48559 /srcid='000820' /subid='0' /zdata='appshatmadness' /bic=F193D2FE76E34AE38E855BC858C8DD55IE /verifier=db0861316a718770893720e07ce29300 /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390137165 /statsdomain=http://stats.srvstatsdata.com /errorsdomain=http://errors.srvstatsdata.com /codedownloaddomain=http://app-static.crossrider.com /defbro=ch /allusers /runfrom='task' /externallog=''
C:\Windows\tasks\Apps Hat-firefoxinstaller.job - C:\Program Files\Apps Hat\Apps Hat-firefoxinstaller.exe /installxpi /agentregpath='Apps Hat' /extensionfilepath='C:\Program Files\Apps Hat\48559.xpi' /appid=48559 /srcid='000820' /subid='0' /zdata='appshatmadness' /bic=F193D2FE76E34AE38E855BC858C8DD55IE /verifier=db0861316a718770893720e07ce29300 /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1390137165 /statsdomain=http://stats.srvstatsdata.com /errorsdomain=http://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=39ed7c16-185d-4f88-b976-666d4928ba01@fe4550c1-7a4f-4a62-ad1c-45e0afdf81a4.com /extensionversion=0.93 /prefsbranch=a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559 /updateurl=https://w9u6a2p6.ssl.hwcdn.net/plugin/f ... /48559.rdf /extensionname='Apps Hat' /extensiondesc='Apps Hat is the cool new Android app store that helps you discover hot new apps, both free and discounted. Get personalised recommendations, price drop alerts, and share your favourite apps with your friends.' /publishername='Nero' /defbro=ch /allusers /allprofiles /runfrom='task' /externallog=''
C:\Windows\tasks\Apps Hat-updater.job - C:\Program Files\Apps Hat\Apps Hat-updater.exe /rawdata=Iws+mqenXb8oAPYL9kr3QARYbg+PNcJJSvYPQPA+lXNs32ntA1UXPz839CmwThR6QpI9dYDU5ImZATLopEM4EMbo1ZAx+4LO5HjGHr9kitmiu3fMvEjnBveu2L4XAdQcB7+L3SHzJBRxSnEPiR8oAowEiipiEtzEx1dMlUDMy1N9N814BV+CQiRtjbg+9giF6hxuzNHk9jW9DDlj+tO2z3OhueT6we1Kmszdrm/sRY2cHGjow0406E82XUQhc6+ZYilC435IHbzVTF757NobyFsTM6kV2SjXvfclhgdhmwFwFFcR8/dCu5cZOQdkw18q421yqK3ojsnngn+0I7ty8MHnduCaPAiUpsOWspfnaC9ft5+muP4I0NXKwV7ZbJKqRYna2jmiyD4t4sufO0HSBoc4fiiJrZkqFh9Kl8cAjhCTzul/BSdl8uXc3E/3RXcIuGVw6iLyYnh3/XI2PIrh5spQVZgpmef6+8i440JKnnrZJUoNO1To4r7G6BosB67+xTB14qf1WUDfQpsv7yLHvwyt1KIrBD4Lv1R6hjqkALJZa1I7v8wCkPsY3UgVaNGnTYESwKvhJpJS/0zpERG3ouE8nnovitwRpiQZWljNn+tXUgGiRFQTJmLMbt2q/l49ivD+CDkx7aDIglfgQnCcahd5wdB1m+Io/WTgpToKtW9hNpane8FKKvLv2p/XT0qSm33zKuaCxlRqLvdX5Lm9Plo38VO9RmHYf0iMGVVCgfn2YT+NeLFfEcNM5b5wC6rNyUG8skaUdKhwIj6Iq8+XWItkF+QO18Qpxqvia+nRBsxxCc5XQsRMHV9B6PPFlkS34RID17EyNiuHKK90DAEmgQ==
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\PCConfidential.job - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe /ac

=========Mozilla firefox=========

ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vg0bt390.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"ext@MediaPlayerV1alpha3554.net"=C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha3554\ff
"ext@MediaViewerV1alpha5607.net"=C:\Program Files\MediaViewerV1\MediaViewerV1alpha5607\ff
"ext@MediaViewV1alpha3731.net"=C:\Program Files\MediaViewV1\MediaViewV1alpha3731\ff
"ext@MediaViewV1alpha9179.net"=C:\Program Files\MediaViewV1\MediaViewV1alpha9179\ff
"ext@MediaWatchV1home9235.net"=C:\Program Files\MediaWatchV1\MediaWatchV1home9235\ff
"ext@RichMediaViewV1release1097.net"=C:\Program Files\RichMediaViewV1\RichMediaViewV1release1097\ff
"ext@TrustMediaViewerV1alpha5090.net"=C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha5090\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39]
"Description"=
"Path"=C:\Windows\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411851159}]
Apps Hat - C:\Program Files\Apps Hat\Apps Hat-bho.dll [2014-01-19 640512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511031101}]
Apps Hat Mini - C:\Program Files\Apps Hat Mini\Apps Hat Mini-bho.dll [2014-02-01 640512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d7d4fb9-aca5-4013-8879-c58dcd4df9f1}]
maucampo 1.0.0.7 - C:\Program Files\maucampo\maucampoBHO.dll [2015-01-29 269032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2013-02-15 330160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-02-15 59824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6C07882-D703-4DD5-905A-2C4E815A5066}]
Shopping Suggestion - C:\Users\David\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4\Shopping Suggestion.dll [2014-01-19 115712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-12-11 6703648]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"mobilegeni daemon"=C:\Program Files\Mobogenie\DaemonProcess.exe [2014-08-10 748736]
"Printsrv"=c:\Windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs [2013-12-04 559]
"MSStp"=C:\Windows\system32\msstp.vbe [2014-01-13 1418]
"mncrntpdSrv"=C:\Windows\inf\mncrntpd.vbe [2014-01-13 1338]
"msfneiSrv"=C:\Windows\system32\msfnei.vbe [2013-12-10 583]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"UsageTemp"=C:\Users\David\AppData\Local\Temp\UsageTemp.exe [2014-01-19 1310432]
"UsageLoader"=C:\Program Files\VLC Player GPU+\UsageLog.exe [2014-01-12 1325792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"filesfrog_apt_flvplayer"=C:\Users\David\AppData\Local\Temp\\BI_RunOnce.exe [2014-12-08 198144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-11-14 20584608]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"NextLive"=C:\Users\David\AppData\Roaming\newnext.me\nengine.dll [2014-01-06 1283584]
"cz.seznam.software.autoupdate"=C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"SpeedUpMyComputer"=C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe [2013-07-22 2054776]
"AppsHat"=C:\Users\David\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [2012-10-26 202752]
"FLV Player"=C:\Users\David\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [2012-10-26 202752]
"Yahoo! Search"=C:\Users\David\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe [2015-01-22 644816]
"GenieFloater"=C:\Program Files\Genie Soft\Genie Cleaner\GenieFloater.exe [2015-02-06 1850520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=1
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"VIDC.ZMBV"=zmbv.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.X264"=x264vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"vidc.iv50"=ir50_32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-03-07 07:55:10 ----D---- C:\rsit
2015-03-07 07:55:10 ----D---- C:\Program Files\trend micro
2015-03-07 07:46:38 ----D---- C:\Program Files\PhotoScape
2015-03-07 07:33:17 ----D---- C:\Users\David\AppData\Roaming\GHISLER
2015-03-07 07:33:17 ----D---- C:\Program Files\Totalcmd
2015-03-07 07:33:17 ----A---- C:\Windows\UC.PIF
2015-03-07 07:33:17 ----A---- C:\Windows\RAR.PIF
2015-03-07 07:33:17 ----A---- C:\Windows\PKZIP.PIF
2015-03-07 07:33:17 ----A---- C:\Windows\PKUNZIP.PIF
2015-03-07 07:33:17 ----A---- C:\Windows\LHA.PIF
2015-03-07 07:33:17 ----A---- C:\Windows\ARJ.PIF
2015-03-07 07:27:08 ----D---- C:\ProgramData\Mozilla
2015-03-07 07:27:07 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-03-07 07:27:06 ----D---- C:\Program Files\Mozilla Firefox
2015-02-15 17:46:48 ----A---- C:\Windows\system32\jscript9.dll
2015-02-15 17:46:48 ----A---- C:\Windows\system32\jscript.dll
2015-02-14 15:14:17 ----D---- C:\Program Files\KMPlayer
2015-02-14 14:27:24 ----A---- C:\Windows\system32\oleaut32.dll
2015-02-14 14:26:43 ----A---- C:\Windows\system32\win32k.sys
2015-02-14 14:26:04 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-14 14:23:05 ----A---- C:\Windows\system32\vbscript.dll
2015-02-14 14:23:05 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-14 14:23:03 ----A---- C:\Windows\system32\wininet.dll
2015-02-14 14:23:03 ----A---- C:\Windows\system32\ieui.dll
2015-02-14 14:23:03 ----A---- C:\Windows\system32\dxtrans.dll
2015-02-14 14:23:02 ----A---- C:\Windows\system32\mshtmled.dll
2015-02-14 14:22:59 ----A---- C:\Windows\system32\mshtml.dll
2015-02-14 14:22:58 ----A---- C:\Windows\system32\mshta.exe
2015-02-14 14:22:58 ----A---- C:\Windows\system32\msfeedssync.exe
2015-02-14 14:22:58 ----A---- C:\Windows\system32\msfeedsbs.dll
2015-02-14 14:22:58 ----A---- C:\Windows\system32\jsproxy.dll
2015-02-14 14:22:57 ----A---- C:\Windows\system32\urlmon.dll
2015-02-14 14:22:57 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-14 14:22:56 ----A---- C:\Windows\system32\url.dll
2015-02-14 14:22:56 ----A---- C:\Windows\system32\ieUnatt.exe
2015-02-14 14:22:56 ----A---- C:\Windows\system32\iertutil.dll
2015-02-14 14:22:56 ----A---- C:\Windows\system32\ieframe.dll
2015-02-14 14:22:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-02-14 14:22:45 ----A---- C:\Windows\system32\scesrv.dll

======List of files/folders modified in the last 1 month======

2015-03-07 07:55:10 ----D---- C:\Program Files
2015-03-07 07:48:12 ----D---- C:\games
2015-03-07 07:43:36 ----D---- C:\Windows\Temp
2015-03-07 07:41:53 ----D---- C:\ProgramData\a4bfa1f9-a877-4764-8645-bc2e9e51a9a4
2015-03-07 07:33:17 ----D---- C:\Windows
2015-03-07 07:27:20 ----D---- C:\Users\David\AppData\Roaming\Mozilla
2015-03-07 07:27:08 ----HD---- C:\ProgramData
2015-03-07 07:18:26 ----D---- C:\Users\David\AppData\Roaming\newnext.me
2015-03-07 06:47:24 ----D---- C:\Users\David\AppData\Roaming\Seznam.cz
2015-03-07 06:45:39 ----D---- C:\Windows\System32
2015-03-07 06:45:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-03-07 06:45:38 ----D---- C:\Windows\inf
2015-03-07 06:42:39 ----D---- C:\Windows\Prefetch
2015-03-07 06:35:47 ----D---- C:\Windows\winsxs
2015-03-07 06:32:50 ----D---- C:\Windows\system32\drivers
2015-02-24 03:23:36 ----N---- C:\Windows\system32\MpSigStub.exe
2015-02-15 19:37:10 ----D---- C:\Program Files\maucampo
2015-02-15 17:45:49 ----D---- C:\Windows\system32\catroot
2015-02-15 17:37:07 ----A---- C:\Windows\win.ini
2015-02-15 17:29:55 ----D---- C:\Windows\system32\migration
2015-02-15 17:29:55 ----D---- C:\Program Files\Internet Explorer
2015-02-14 15:51:50 ----D---- C:\Program Files\Mobogenie3
2015-02-14 15:07:42 ----D---- C:\Program Files\Genie Soft
2015-02-14 14:45:43 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-02-14 14:31:06 ----D---- C:\Users\David\AppData\Roaming\.minecraft
2015-02-14 14:27:39 ----D---- C:\Windows\system32\MRT
2015-02-14 14:27:36 ----A---- C:\Windows\system32\mrt.exe
2015-02-14 14:27:24 ----SHD---- C:\Windows\Installer
2015-02-14 14:27:19 ----D---- C:\ProgramData\Microsoft Help
2015-02-14 14:23:10 ----D---- C:\Windows\system32\catroot2
2015-02-13 17:39:54 ----D---- C:\Windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys [2007-03-05 20880]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys [2007-03-05 35600]
R0 hotcore3;hotcore3; C:\Windows\system32\drivers\hotcore3.sys [2007-03-30 38448]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-01-20 717296]
R1 {ef8714df-a44b-464c-9034-549a70dc4cd7}t;{ef8714df-a44b-464c-9034-549a70dc4cd7}t; C:\Windows\system32\drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}t.sys [2014-04-24 55224]
R1 {f3effdbb-ac83-4e56-899c-c0c06faf5650}t;{f3effdbb-ac83-4e56-899c-c0c06faf5650}t; C:\Windows\system32\drivers\{f3effdbb-ac83-4e56-899c-c0c06faf5650}t.sys [2014-12-05 55816]
R1 InCDPass;InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [2004-07-16 28672]
R1 incdrm;InCD Reader; C:\Windows\system32\drivers\incdrm.sys [2004-07-16 27648]
R1 nethfdrv;nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [2014-12-16 49152]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\Windows\System32\Drivers\Uim_IM.sys [2008-01-17 131456]
R1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\UimBus.sys [2008-01-17 32352]
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2011-08-04 138768]
R2 PDFSFilter;PDFsFilter; C:\Windows\system32\DRIVERS\PDFsFilter.sys [2011-09-07 66832]
R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-05-23 16272]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-12-11 2250272]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2013-02-19 10919200]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-11-10 135680]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDfs.sys [2004-07-16 92672]
S3 3xHybrid;3xHybrid service; C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]
S3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys []
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
S3 aqlao36c;aqlao36c; C:\Windows\system32\drivers\aqlao36c.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-23 36496]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-11-11 154272]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-09-04 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-09-04 19968]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-09-04 24832]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 GenieCleanService;GenieCleanService; C:\Program Files\Genie Soft\Genie Cleaner\GenieCleanService.exe [2015-02-06 53400]
R2 GenieWifiService;GenieWifiService; C:\Program Files\Genie Soft\Genie Wifi\GenieWifiService.exe [2015-03-05 51352]
R2 MaintainerSvc4.00.4737669;MaintainerSvc4.00.4737669; C:\ProgramData\a4bfa1f9-a877-4764-8645-bc2e9e51a9a4\maintainer.exe [2015-03-07 123624]
R2 MgAssistService;MgAssist Service; C:\Program Files\Mobogenie\MgAssist.exe [2014-08-10 105664]
R2 MobogenieService;MobogenieService; C:\Program Files\Mobogenie3\MobogenieService.exe [2015-02-03 127168]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 NetHttpService;Network HTTP Support Service; C:\Windows\system32\nethtsrv.exe [2014-12-16 358912]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 634656]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-19 1259296]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2011-09-07 1244936]
R2 ServiceUpdater;Network Support Service Updater; C:\Windows\system32\netupdsrv.exe [2014-12-16 336384]
R2 Update maucampo;Update maucampo; C:\Program Files\maucampo\updatemaucampo.exe [2015-02-15 401640]
R2 Util maucampo;Util maucampo; C:\Program Files\maucampo\bin\utilmaucampo.exe [2015-02-15 401640]
R3 PDEngine;PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2011-09-07 2117384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-29 107912]
S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-07-16 1163378]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-14 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-29 107912]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-05 148080]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-09-11 770168]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
Děkuji
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu - PC je totálně zaspamované

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
davidek.hlavacek
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 21 zář 2014 09:19

Re: Prosím o kontrolu logu - PC je totálně zaspamované

#3 Příspěvek od davidek.hlavacek »

Tady je log z AdwCleaneru, druhý log je v příloze.

# AdwCleaner v4.111 - Logfile created 07/03/2015 at 08:24:28
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : David - DAVIDOFF
# Running from : C:\Users\David\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : MgAssistService
[#] Service Deleted : nethfdrv
Service Deleted : NethxxpService
Service Deleted : ServiceUpdater
[#] Service Deleted : Update maucampo
[#] Service Deleted : Util maucampo
Service Deleted : MaintainerSvc4.00.4737669
[#] Service Deleted : {ef8714df-a44b-464c-9034-549a70dc4cd7}t
[#] Service Deleted : {f3effdbb-ac83-4e56-899c-c0c06faf5650}t

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\SafetyNut
Folder Deleted : C:\Program Files\AppsHat Mobile Apps
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\maucampo
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\SmartTweak
Folder Deleted : C:\Program Files\apps hat
Folder Deleted : C:\Program Files\Apps Hat Mini
Folder Deleted : C:\Users\David\AppData\Local\AppsHat Mobile Apps
Folder Deleted : C:\Users\David\AppData\Local\FilesFrog Update Checker
Folder Deleted : C:\Users\David\AppData\Local\genienext
Folder Deleted : C:\Users\David\AppData\Local\Mobogenie
Folder Deleted : C:\Users\David\AppData\Local\pay-by-ads
Folder Deleted : C:\Users\David\AppData\Local\SwvUpdater
[!] Folder Deleted : C:\Users\David\AppData\Local\webplayer
Folder Deleted : C:\Users\David\AppData\Local\apps hat
Folder Deleted : C:\Users\David\AppData\Local\Apps Hat Mini
Folder Deleted : C:\Users\David\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4
Folder Deleted : C:\Users\David\AppData\Roaming\Mobogenie
Folder Deleted : C:\Users\David\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Folder Deleted : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat
Folder Deleted : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
Folder Deleted : C:\Users\David\Documents\Mobogenie
Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vg0bt390.default\Extensions\39ed7c16-185d-4f88-b976-666d4928ba01@fe4550c1-7a4f-4a62-ad1c-45e0afdf81a4.com
Folder Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic
Folder Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec
[/!\] Not Deleted ( Junction ) : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec
File Deleted : C:\Windows\system32\drivers\nethfdrv.sys
File Deleted : C:\Windows\system32\hfpapi.dll
File Deleted : C:\Windows\system32\installd.exe
File Deleted : C:\Windows\system32\nethtsrv.exe
File Deleted : C:\Windows\system32\netupdsrv.exe
File Deleted : C:\Windows\system32\hfnapi.dll
File Deleted : C:\Windows\system32\drivers\{ef8714df-a44b-464c-9034-549a70dc4cd7}t.sys
File Deleted : C:\Windows\system32\drivers\{f3effdbb-ac83-4e56-899c-c0c06faf5650}t.sys
File Deleted : C:\Users\David\daemonprocess.txt
File Deleted : C:\Users\David\Desktop\Mobogenie.lnk
File Deleted : C:\Users\David\Desktop\AppsHat.lnk
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.icmwebserv.com_0.localstorage-journal
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****

Task Deleted : AmiUpdXp
Task Deleted : Apps Hat Mini-codedownloader
Task Deleted : Apps Hat Mini-firefoxinstaller
Task Deleted : Apps Hat Mini-updater
Task Deleted : SomotoUpdateCheckerAutoStart
Task Deleted : Yahoo! Search
Task Deleted : Yahoo! Search Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AppsHat]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [FLV Player]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedUpMyComputer]
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update maucampo
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util maucampo
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0048559.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0048559.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0048559.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0048559.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0050301.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0050301.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0050301.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0050301.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D7D4FB9-ACA5-4013-8879-C58DCD4DF9F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6C07882-D703-4DD5-905A-2C4E815A5066}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411851159}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511031101}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422852259}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522032201}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455855559}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555035501}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466856659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566036601}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1E7DBB4-1DD9-4025-9C52-18F9A2AD944E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99E29823-2F67-41C3-8AA5-6425097A771F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444854459}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544034401}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5275ac7f-2327-42cc-92c8-1d2aa6a563cf}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D7D4FB9-ACA5-4013-8879-C58DCD4DF9F1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6C07882-D703-4DD5-905A-2C4E815A5066}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411851159}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511031101}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D7D4FB9-ACA5-4013-8879-C58DCD4DF9F1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6C07882-D703-4DD5-905A-2C4E815A5066}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411851159}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511031101}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D7D4FB9-ACA5-4013-8879-C58DCD4DF9F1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F6C07882-D703-4DD5-905A-2C4E815A5066}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338A754C-B46E-4BF2-8AC8-23DE36862AD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411851159}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511031101}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2884a270-a08f-4ebd-9f2f-00e8a1568a78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6d61c0ce-e6bc-4817-8bf4-a2294bfd44ef}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a2f25cab-da34-4fb9-8b09-645aa32aa918}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{485FC838-C2E0-4069-AFEF-3A3761129ABE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}
Key Deleted : HKCU\Software\APNDTX
Key Deleted : HKCU\Software\Freeze.com
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\maucampo
Key Deleted : HKCU\Software\Mobogenie
Key Deleted : HKCU\Software\SafetyNut
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\onekit
Key Deleted : HKCU\Software\AppDataLow\Software\Apps Hat Mini
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Apps Hat
Key Deleted : HKLM\SOFTWARE\Apps Hat Mini
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\maucampo
Key Deleted : HKLM\SOFTWARE\MediaPlayerV1
Key Deleted : HKLM\SOFTWARE\MediaViewerV1
Key Deleted : HKLM\SOFTWARE\MediaViewV1
Key Deleted : HKLM\SOFTWARE\MediaWatchV1
Key Deleted : HKLM\SOFTWARE\SafetyNut
Key Deleted : HKLM\SOFTWARE\TrustMediaViewerV1
Key Deleted : HKLM\SOFTWARE\Apps Hat
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\maucampo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedUpMyComputer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - local

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16609

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v36.0.1 (x86 cs)


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [19692 bytes] - [07/03/2015 08:19:06]
AdwCleaner[S0].txt - [17363 bytes] - [07/03/2015 08:24:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17423 bytes] ##########
Přílohy
zoek-results.txt.zip
(46.49 KiB) Staženo 57 x
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu - PC je totálně zaspamované

#4 Příspěvek od vyosek »

Poprosim nyni o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
davidek.hlavacek
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 21 zář 2014 09:19

Re: Prosím o kontrolu logu - PC je totálně zaspamované

#5 Příspěvek od davidek.hlavacek »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by David (administrator) on DAVIDOFF on 07-03-2015 09:39:53
Running from C:\Users\David\Desktop
Loaded Profiles: David & UpdatusUser (Available profiles: David & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Oppoos.com) C:\Program Files\Genie Soft\Genie Cleaner\GenieCleanService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Oppoos.com) C:\Program Files\Genie Soft\Genie Wifi\GenieWifiService.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Program Files\VLC Player GPU+\UsageLog.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\daemon.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Oppoos.com) C:\Program Files\Genie Soft\Genie Cleaner\GenieFloater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
() C:\Windows\expIorer.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\inf\mncrntpd\mncrntpd.exe
(Ghisler Software GmbH) C:\Program Files\Totalcmd\TOTALCMD.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(forum.viry.cz) C:\Users\David\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2008-12-11] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [Printsrv] => c:\Windows\System32\Printing_Admin_Scripts\en-US\driverupd.vbs [559 2013-12-04] ()
HKLM\...\Run: [MSStp] => C:\Windows\system32\msstp.vbe [1418 2014-01-13] ()
HKLM\...\Run: [mncrntpdSrv] => C:\Windows\inf\mncrntpd.vbe [1338 2014-01-13] ()
HKLM\...\Run: [msfneiSrv] => C:\Windows\system32\msfnei.vbe [583 2013-12-10] ()
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [UsageTemp] => "C:\Users\David\AppData\Local\Temp\UsageTemp.exe" <===== ATTENTION
HKLM\...\Run: [UsageLoader] => C:\Program Files\VLC Player GPU+\UsageLog.exe [1325792 2014-01-12] ()
HKLM\...\RunOnce: [filesfrog_apt_flvplayer] => "C:\Users\David\AppData\Local\Temp\\BI_RunOnce.exe" /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid "filesfrog_apt_flvplayer" /id "flvplayerqjgi" /name "FLV Player Update" /uniqid FLVPlayerUp (the data entry has 189 more characters). <===== ATTENTION
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [490952 2008-07-24] (DT Soft Ltd)
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [Yahoo! Search] => C:\Users\David\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [GenieFloater] => C:\Program Files\Genie Soft\Genie Cleaner\GenieFloater.exe [1850520 2015-02-06] (Oppoos.com)
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\MountPoints2: {1033af47-fc44-11dd-bcaf-806e6f6e6963} - H:\START.EXE
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\MountPoints2: {3cdc1a63-24dc-11de-84e3-806e6f6e6963} - H:\winopen.exe "$EXEDIR$\ostrovy.exe"
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files\Hry.cz\Fishdom\Fishdom Screensaver.scr [139264 2010-05-24] ()
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1000 -> {1E8B0EC5-C9EC-45E0-A1FF-7C94D01A4661} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1000 -> {2698806C-ACD8-4DBE-9BA7-B025104EFB08} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1000 -> {34FCE32D-A1C9-4F59-86BC-0B815256CF98} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1000 -> {40D6925D-91C0-491E-B4D3-DE7B527DE539} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1000 -> {4E4DD672-A2FB-4C3C-ACC6-831805C8B9DC} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1000 -> {72962F9C-C827-4B49-BB17-F4E68FB3F4F5} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1000 -> {96943A0A-292B-471F-AADD-5C2358F1E5E7} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1000 -> {B04C2C08-1BBE-4E87-8444-63CBB8ADD3F9} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1000 -> {F79AD70D-203D-48B6-A369-28685B0FA5C6} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.3.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vg0bt390.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2581518723-3841867643-131084604-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Seznam lištička - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vg0bt390.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-03-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-14]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-12-20]
FF HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10640A&gct=hp& ... 77-369&t=4
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSearchURL: Default -> http://search.seznam.cz/?q={searchTerms}
CHR DefaultSuggestURL: Default -> http://suggest.fulltext.seznam.cz/fullt ... earchTerms}
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2015-03-07]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2015-03-07]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GenieCleanService; C:\Program Files\Genie Soft\Genie Cleaner\GenieCleanService.exe [53400 2015-02-06] (Oppoos.com)
R2 GenieWifiService; C:\Program Files\Genie Soft\Genie Wifi\GenieWifiService.exe [51352 2015-03-05] (Oppoos.com)
S2 InCDsrvR; C:\Program Files\Ahead\InCD\InCDsrv.exe [1163378 2004-07-16] (Ahead Software AG) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1244936 2011-09-07] (Raxco Software, Inc.)
R3 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2117384 2011-09-07] (Raxco Software, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 MobogenieService; C:\Program Files\Mobogenie3\MobogenieService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [674048 2007-04-20] (Philips Semiconductors GmbH)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [16272 2007-05-23] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36496 2007-05-23] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
R2 DefragFS; C:\Windows\system32\Drivers\DefragFS.sys [138768 2011-08-04] (Raxco Software, Inc.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R0 hotcore3; C:\Windows\System32\drivers\hotcore3.sys [38448 2007-03-30] (Paragon Software Group)
R4 InCDfs; C:\Windows\system32\Drivers\InCDfs.sys [92672 2004-07-16] (Ahead Software AG) [File not signed]
R1 InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [28672 2004-07-16] (Ahead Software AG) [File not signed]
U1 InCDrec; C:\Windows\system32\Drivers\InCDrec.sys [7680 2004-07-16] (Ahead Software AG) [File not signed]
R1 incdrm; C:\Windows\system32\Drivers\incdrm.sys [27648 2004-07-16] (Ahead Software AG) [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [507136 2006-12-05] (PixArt Imaging Inc.)
R2 PDFSFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [66832 2011-09-07] (Raxco Software, Inc.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2012-01-20] () [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [32352 2008-01-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [131456 2008-01-17] (Paragon)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-09-04] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-09-04] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-09-04] (LG Electronics Inc.)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
U3 asva58cw; C:\Windows\system32\Drivers\asva58cw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 09:39 - 2015-03-07 09:40 - 00018647 _____ () C:\Users\David\Desktop\FRST.txt
2015-03-07 09:39 - 2015-03-07 09:39 - 00112640 _____ (forum.viry.cz) C:\Users\David\Desktop\FRSTLauncher.exe
2015-03-07 09:39 - 2015-03-07 09:39 - 00000000 ____D () C:\FRST
2015-03-07 09:38 - 2015-03-07 09:38 - 01132544 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
2015-03-07 09:16 - 2015-03-07 09:16 - 00000000 ____D () C:\Users\David\AppData\Local\GHISLER
2015-03-07 09:10 - 2015-03-07 08:31 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-03-07 08:31 - 2015-03-07 09:12 - 00389634 _____ () C:\zoek-results.log
2015-03-07 08:31 - 2015-03-07 09:09 - 00000000 ____D () C:\zoek_backup
2015-03-07 08:30 - 2015-03-07 08:30 - 01305600 _____ () C:\Users\David\Desktop\zoek.exe
2015-03-07 08:25 - 2015-03-07 08:26 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mobogenie
2015-03-07 08:19 - 2015-03-07 09:23 - 00000000 ____D () C:\AdwCleaner
2015-03-07 08:18 - 2015-03-07 08:18 - 02126848 _____ () C:\Users\David\Downloads\adwcleaner_4.111.exe
2015-03-07 08:18 - 2015-03-07 08:18 - 02126848 _____ () C:\Users\David\Desktop\adwcleaner_4.111.exe
2015-03-07 07:55 - 2015-03-07 07:55 - 00000000 ____D () C:\rsit
2015-03-07 07:55 - 2015-03-07 07:55 - 00000000 ____D () C:\Program Files\trend micro
2015-03-07 07:54 - 2015-03-07 07:53 - 01107968 _____ () C:\Users\David\Desktop\RSIT.exe
2015-03-07 07:53 - 2015-03-07 07:53 - 01107968 _____ () C:\Users\David\Downloads\RSIT.exe
2015-03-07 07:46 - 2015-03-07 07:46 - 00000792 _____ () C:\Users\UpdatusUser\Desktop\PhotoScape.lnk
2015-03-07 07:46 - 2015-03-07 07:46 - 00000792 _____ () C:\Users\David\Desktop\PhotoScape.lnk
2015-03-07 07:46 - 2015-03-07 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2015-03-07 07:46 - 2015-03-07 07:46 - 00000000 ____D () C:\Program Files\PhotoScape
2015-03-07 07:33 - 2015-03-07 07:46 - 00000000 ____D () C:\Program Files\Totalcmd
2015-03-07 07:33 - 2015-03-07 07:33 - 00000790 _____ () C:\Users\Public\Desktop\Total Commander.lnk
2015-03-07 07:33 - 2015-03-07 07:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\GHISLER
2015-03-07 07:33 - 2015-03-07 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-03-07 07:33 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\UC.PIF
2015-03-07 07:33 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\RAR.PIF
2015-03-07 07:33 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\PKZIP.PIF
2015-03-07 07:33 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\PKUNZIP.PIF
2015-03-07 07:33 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\LHA.PIF
2015-03-07 07:33 - 2014-04-30 08:51 - 00000545 _____ () C:\Windows\ARJ.PIF
2015-03-07 07:32 - 2015-03-07 07:32 - 03788928 _____ (Ghisler Software GmbH) C:\Users\David\Downloads\tcmd851ax32.exe
2015-03-07 07:28 - 2015-03-07 07:28 - 00000000 ____D () C:\Users\David\AppData\Local\Macromedia
2015-03-07 07:27 - 2015-03-07 07:27 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-07 07:27 - 2015-03-07 07:27 - 00000812 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-07 07:27 - 2015-03-07 07:27 - 00000000 ____D () C:\Users\David\AppData\Local\Mozilla
2015-03-07 07:27 - 2015-03-07 07:27 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-07 07:27 - 2015-03-07 07:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-07 07:27 - 2015-03-07 07:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-07 07:25 - 2015-03-07 07:25 - 00243504 _____ () C:\Users\David\Downloads\Firefox Setup Stub 36.0.1.exe
2015-02-15 17:46 - 2015-01-23 04:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 17:46 - 2015-01-23 03:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-14 15:14 - 2015-02-14 15:14 - 00000764 _____ () C:\Users\UpdatusUser\Desktop\KMPlayer.lnk
2015-02-14 15:14 - 2015-02-14 15:14 - 00000764 _____ () C:\Users\David\Desktop\KMPlayer.lnk
2015-02-14 15:14 - 2015-02-14 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2015-02-14 15:14 - 2015-02-14 15:14 - 00000000 ____D () C:\Program Files\KMPlayer
2015-02-14 15:07 - 2015-03-07 07:43 - 00000944 _____ () C:\Users\Public\Desktop\Genie Wifi.lnk
2015-02-14 14:27 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-14 14:26 - 2015-01-13 02:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-14 14:26 - 2015-01-09 01:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-14 14:23 - 2015-01-14 02:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-14 14:23 - 2015-01-14 02:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-14 14:23 - 2015-01-14 02:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-14 14:23 - 2015-01-14 02:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-14 14:23 - 2015-01-14 02:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-14 14:23 - 2015-01-14 02:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-14 14:23 - 2015-01-14 02:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-14 14:22 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-14 14:22 - 2015-01-14 02:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-14 14:22 - 2015-01-14 02:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-14 14:22 - 2015-01-14 02:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-14 14:22 - 2015-01-14 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-14 14:22 - 2015-01-14 02:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-14 14:22 - 2015-01-14 02:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-14 14:22 - 2015-01-14 02:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-14 14:22 - 2015-01-14 02:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-14 14:22 - 2015-01-14 02:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-14 14:22 - 2015-01-14 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-14 14:22 - 2015-01-14 02:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-14 14:22 - 2015-01-14 02:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-14 14:22 - 2015-01-14 02:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-14 14:22 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 09:32 - 2012-01-20 14:46 - 00002455 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-03-07 09:17 - 2014-01-19 14:11 - 00000000 ____D () C:\Users\David\AppData\Roaming\Seznam.cz
2015-03-07 09:17 - 2008-01-21 07:47 - 01541318 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 09:16 - 2013-02-15 22:03 - 01094563 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 09:13 - 2014-01-20 16:25 - 00015482 _____ () C:\Users\David\rgmnr
2015-03-07 09:12 - 2014-02-10 15:35 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-07 09:12 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 09:12 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 09:11 - 2013-04-28 19:42 - 00107296 _____ () C:\Windows\PFRO.log
2015-03-07 09:11 - 2006-11-02 14:01 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-07 09:11 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 09:08 - 2009-02-16 17:20 - 00000000 ____D () C:\Users\David
2015-03-07 09:08 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-07 08:45 - 2013-03-03 18:59 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 08:44 - 2010-02-01 10:50 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 08:25 - 2014-07-21 19:39 - 00000729 _____ () C:\Users\Public\Desktop\Mobogenie3.lnk
2015-03-07 07:48 - 2009-02-21 13:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Lunch Design
2015-03-07 07:48 - 2009-02-21 13:02 - 00000000 ____D () C:\games
2015-03-07 07:27 - 2009-11-23 07:11 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mozilla
2015-03-07 06:32 - 2013-02-27 14:05 - 00002490 _____ () C:\Windows\setupact.log
2015-02-24 03:23 - 2009-10-03 13:34 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-15 17:37 - 2006-11-02 11:23 - 00000692 _____ () C:\Windows\win.ini
2015-02-14 15:53 - 2006-11-02 13:47 - 00425544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 15:07 - 2015-01-10 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genie Soft
2015-02-14 15:07 - 2015-01-10 17:49 - 00000000 ____D () C:\Program Files\Genie Soft
2015-02-14 15:02 - 2015-01-10 17:49 - 00000986 _____ () C:\Users\Public\Desktop\Genie Cleaner.lnk
2015-02-14 14:59 - 2010-05-26 21:04 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 14:45 - 2013-08-15 15:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-14 14:45 - 2013-03-03 18:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-14 14:45 - 2011-11-28 17:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-14 14:31 - 2014-01-19 12:53 - 00000000 ____D () C:\Users\David\AppData\Roaming\.minecraft
2015-02-14 14:27 - 2008-12-10 09:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-14 14:27 - 2006-11-02 11:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-13 17:39 - 2010-02-01 10:50 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== Files in the root of some directories =======

2009-02-18 21:57 - 2009-02-28 09:45 - 0000128 _____ () C:\Users\David\AppData\Roaming\default.rss
2012-01-28 18:14 - 2012-01-28 18:14 - 0000552 _____ () C:\Users\David\AppData\Local\d3d8caps.dat
2012-01-25 19:44 - 2013-02-27 12:56 - 0001356 _____ () C:\Users\David\AppData\Local\d3d9caps.dat
2009-02-19 08:20 - 2013-01-12 19:26 - 0030720 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-03-25 11:34 - 2009-03-25 11:34 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-07 09:18




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.76 GB) (Free:385.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Available physical RAM: 1719.46 MB
Total physical RAM: 3070.55 MB
Percentage of memory in use: 44%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B8F5F5D7)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCConfidential.job => C:\Program Files\Winferno\PC Confidential\PCConfidential.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Security Center ==================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\David\Desktop" je 91 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe
C:\Windows\ehome\ehTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor
C:\Windows\PixArt\PAC207\Monitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
C:\Windows\system32\NeroCheck.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu - PC je totálně zaspamované

#6 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSStp] => C:\Windows\system32\msstp.vbe [1418 2014-01-13] ()
HKLM\...\Run: [mncrntpdSrv] => C:\Windows\inf\mncrntpd.vbe [1338 2014-01-13] ()
HKLM\...\Run: [msfneiSrv] => C:\Windows\system32\msfnei.vbe [583 2013-12-10] ()
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [UsageTemp] => "C:\Users\David\AppData\Local\Temp\UsageTemp.exe" <===== ATTENTION
HKLM\...\Run: [UsageLoader] => C:\Program Files\VLC Player GPU+\UsageLog.exe [1325792 2014-01-12] ()
HKLM\...\RunOnce: [filesfrog_apt_flvplayer] => "C:\Users\David\AppData\Local\Temp\\BI_RunOnce.exe" /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid "filesfrog_apt_flvplayer" /id "flvplayerqjgi" /name "FLV Player Update" /uniqid FLVPlayerUp (the data entry has 189 more characters). <===== ATTENTION
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [490952 2008-07-24] (DT Soft Ltd)
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [Yahoo! Search] => C:\Users\David\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\MountPoints2: {1033af47-fc44-11dd-bcaf-806e6f6e6963} - H:\START.EXE
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\MountPoints2: {3cdc1a63-24dc-11de-84e3-806e6f6e6963} - H:\winopen.exe "$EXEDIR$\ostrovy.exe"
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files\Hry.cz\Fishdom\Fishdom Screensaver.scr [139264 2010-05-24] ()

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10640A& ... 77-369&t=4
CHR DefaultSearchURL: Default -> http://search.seznam.cz/?q={searchTerms}
CHR DefaultSuggestURL: Default -> http://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2015-03-07]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2015-03-07]

S2 MobogenieService; C:\Program Files\Mobogenie3\MobogenieService.exe [X]
U3 asva58cw; C:\Windows\system32\Drivers\asva58cw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

C:\Program Files\Mobogenie3
C:\Windows\inf\mncrntpd.vbe
C:\Windows\system32\msstp.vbe
C:\Windows\system32\msfnei.vbe
C:\Users\David\AppData\Local\Pay-By-Ads
2015-03-07 09:39 - 2015-03-07 09:40 - 00018647 _____ () C:\Users\David\Desktop\FRST.txt
2015-03-07 09:39 - 2015-03-07 09:39 - 00112640 _____ (forum.viry.cz) C:\Users\David\Desktop\FRSTLauncher.exe
2015-03-07 09:10 - 2015-03-07 08:31 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-03-07 08:31 - 2015-03-07 09:12 - 00389634 _____ () C:\zoek-results.log
2015-03-07 08:31 - 2015-03-07 09:09 - 00000000 ____D () C:\zoek_backup
2015-03-07 08:30 - 2015-03-07 08:30 - 01305600 _____ () C:\Users\David\Desktop\zoek.exe
2015-03-07 08:25 - 2015-03-07 08:26 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mobogenie
2015-03-07 08:19 - 2015-03-07 09:23 - 00000000 ____D () C:\AdwCleaner
2015-03-07 08:18 - 2015-03-07 08:18 - 02126848 _____ () C:\Users\David\Downloads\adwcleaner_4.111.exe
2015-03-07 08:18 - 2015-03-07 08:18 - 02126848 _____ () C:\Users\David\Desktop\adwcleaner_4.111.exe
2015-03-07 07:55 - 2015-03-07 07:55 - 00000000 ____D () C:\rsit
2015-03-07 07:55 - 2015-03-07 07:55 - 00000000 ____D () C:\Program Files\trend micro
2015-03-07 07:54 - 2015-03-07 07:53 - 01107968 _____ () C:\Users\David\Desktop\RSIT.exe
2015-03-07 07:53 - 2015-03-07 07:53 - 01107968 _____ () C:\Users\David\Downloads\RSIT.exe
2015-03-07 07:32 - 2015-03-07 07:32 - 03788928 _____ (Ghisler Software GmbH) C:\Users\David\Downloads\tcmd851ax32.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCConfidential.job => C:\Program Files\Winferno\PC Confidential\PCConfidential.exe

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
davidek.hlavacek
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 21 zář 2014 09:19

Re: Prosím o kontrolu logu - PC je totálně zaspamované

#7 Příspěvek od davidek.hlavacek »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2015
Ran by David at 2015-03-07 10:32:29 Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David & UpdatusUser (Available profiles: David & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSStp] => C:\Windows\system32\msstp.vbe [1418 2014-01-13] ()
HKLM\...\Run: [mncrntpdSrv] => C:\Windows\inf\mncrntpd.vbe [1338 2014-01-13] ()
HKLM\...\Run: [msfneiSrv] => C:\Windows\system32\msfnei.vbe [583 2013-12-10] ()
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [UsageTemp] => "C:\Users\David\AppData\Local\Temp\UsageTemp.exe" <===== ATTENTION
HKLM\...\Run: [UsageLoader] => C:\Program Files\VLC Player GPU+\UsageLog.exe [1325792 2014-01-12] ()
HKLM\...\RunOnce: [filesfrog_apt_flvplayer] => "C:\Users\David\AppData\Local\Temp\\BI_RunOnce.exe" /initurl http://bi.bisrv.com/:affid:/:sid:/:uid:? /affid "filesfrog_apt_flvplayer" /id "flvplayerqjgi" /name "FLV Player Update" /uniqid FLVPlayerUp (the data entry has 189 more characters). <===== ATTENTION
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [490952 2008-07-24] (DT Soft Ltd)
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\Run: [Yahoo! Search] => C:\Users\David\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\MountPoints2: {1033af47-fc44-11dd-bcaf-806e6f6e6963} - H:\START.EXE
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\...\MountPoints2: {3cdc1a63-24dc-11de-84e3-806e6f6e6963} - H:\winopen.exe "$EXEDIR$\ostrovy.exe"
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files\Hry.cz\Fishdom\Fishdom Screensaver.scr [139264 2010-05-24] ()

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2581518723-3841867643-131084604-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10640A& ... 77-369&t=4
CHR DefaultSearchURL: Default -> http://search.seznam.cz/?q={searchTerms}
CHR DefaultSuggestURL: Default -> http://suggest.fulltext.seznam.cz/fullt ... earchTerms}
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2015-03-07]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2015-03-07]

S2 MobogenieService; C:\Program Files\Mobogenie3\MobogenieService.exe [X]
U3 asva58cw; C:\Windows\system32\Drivers\asva58cw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

C:\Program Files\Mobogenie3
C:\Windows\inf\mncrntpd.vbe
C:\Windows\system32\msstp.vbe
C:\Windows\system32\msfnei.vbe
C:\Users\David\AppData\Local\Pay-By-Ads
2015-03-07 09:39 - 2015-03-07 09:40 - 00018647 _____ () C:\Users\David\Desktop\FRST.txt
2015-03-07 09:39 - 2015-03-07 09:39 - 00112640 _____ (forum.viry.cz) C:\Users\David\Desktop\FRSTLauncher.exe
2015-03-07 09:10 - 2015-03-07 08:31 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-03-07 08:31 - 2015-03-07 09:12 - 00389634 _____ () C:\zoek-results.log
2015-03-07 08:31 - 2015-03-07 09:09 - 00000000 ____D () C:\zoek_backup
2015-03-07 08:30 - 2015-03-07 08:30 - 01305600 _____ () C:\Users\David\Desktop\zoek.exe
2015-03-07 08:25 - 2015-03-07 08:26 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mobogenie
2015-03-07 08:19 - 2015-03-07 09:23 - 00000000 ____D () C:\AdwCleaner
2015-03-07 08:18 - 2015-03-07 08:18 - 02126848 _____ () C:\Users\David\Downloads\adwcleaner_4.111.exe
2015-03-07 08:18 - 2015-03-07 08:18 - 02126848 _____ () C:\Users\David\Desktop\adwcleaner_4.111.exe
2015-03-07 07:55 - 2015-03-07 07:55 - 00000000 ____D () C:\rsit
2015-03-07 07:55 - 2015-03-07 07:55 - 00000000 ____D () C:\Program Files\trend micro
2015-03-07 07:54 - 2015-03-07 07:53 - 01107968 _____ () C:\Users\David\Desktop\RSIT.exe
2015-03-07 07:53 - 2015-03-07 07:53 - 01107968 _____ () C:\Users\David\Downloads\RSIT.exe
2015-03-07 07:32 - 2015-03-07 07:32 - 03788928 _____ (Ghisler Software GmbH) C:\Users\David\Downloads\tcmd851ax32.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCConfidential.job => C:\Program Files\Winferno\PC Confidential\PCConfidential.exe

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSStp => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mncrntpdSrv => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\msfneiSrv => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\UsageTemp => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\UsageLoader => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\filesfrog_apt_flvplayer => value deleted successfully.
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG => value deleted successfully.
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value deleted successfully.
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value deleted successfully.
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search => value deleted successfully.
"HKU\S-1-5-21-2581518723-3841867643-131084604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1033af47-fc44-11dd-bcaf-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{1033af47-fc44-11dd-bcaf-806e6f6e6963} => Key not found.
"HKU\S-1-5-21-2581518723-3841867643-131084604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cdc1a63-24dc-11de-84e3-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{3cdc1a63-24dc-11de-84e3-806e6f6e6963} => Key not found.
HKU\S-1-5-21-2581518723-3841867643-131084604-1000\Control Panel\Desktop\\SCRNSAVE.EXE => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2581518723-3841867643-131084604-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
Chrome HomePage deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig => Moved successfully.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd => Moved successfully.
MobogenieService => Service deleted successfully.
asva58cw => Service deleted successfully.
amdiox86 => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
"C:\Program Files\Mobogenie3" => File/Directory not found.
C:\Windows\inf\mncrntpd.vbe => Moved successfully.
C:\Windows\system32\msstp.vbe => Moved successfully.
C:\Windows\system32\msfnei.vbe => Moved successfully.
"C:\Users\David\AppData\Local\Pay-By-Ads" => File/Directory not found.
C:\Users\David\Desktop\FRST.txt => Moved successfully.
C:\Users\David\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\David\Desktop\zoek.exe => Moved successfully.
C:\Users\David\AppData\Roaming\Mobogenie => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\David\Downloads\adwcleaner_4.111.exe => Moved successfully.
C:\Users\David\Desktop\adwcleaner_4.111.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\David\Desktop\RSIT.exe => Moved successfully.
C:\Users\David\Downloads\RSIT.exe => Moved successfully.
C:\Users\David\Downloads\tcmd851ax32.exe => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\PCConfidential.job => Moved successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck => Key Deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 182.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:33:42 ====
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu - PC je totálně zaspamované

#8 Příspěvek od vyosek »

Jak se chova PC??
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
davidek.hlavacek
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 21 zář 2014 09:19

Re: Prosím o kontrolu logu - PC je totálně zaspamované

#9 Příspěvek od davidek.hlavacek »

Bezvadně. Vše se zdá být opět v pořádku :)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu - PC je totálně zaspamované

#10 Příspěvek od vyosek »

Tak jeste uklidime :James008:

:arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remote disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
davidek.hlavacek
Návštěvník
Návštěvník
Příspěvky: 13
Registrován: 21 zář 2014 09:19

Re: Prosím o kontrolu logu - PC je totálně zaspamované

#11 Příspěvek od davidek.hlavacek »

Vše provedeno. CCleaner jsem nechal nainstalovaný.

Mockrát děkuju :idea: a přeju hezký den :fez:
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Prosím o kontrolu logu - PC je totálně zaspamované

#12 Příspěvek od vyosek »

Nemate zac, rad jsem pomohl :worship: Zase nekdy :)


A na zaklade Pravidla o zamykani temat :lock:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“