Problém s odstraněním programu/viru.

Zpráva

Mic · #1 Příspěvek od **Mic** » 19 srp 2015 13:03

Předem příspěvku všechny zůčastněné zdravím a předem děkuji za případné odpovědi.Omylem sem si rozjel jednu instalaci při které se mi nainstalovalo několik programů (zřejmě 4),z toho tři určitě ruské,jeden z nich je Mail.ru a nějaký prohlížeč/vyhledávač Kometa.Nikde se mi nezobrazují ani když bych je chtěl klasicky odinstalovat.Plus se mi přidal do Mozilly nějaký prohlížeč Torrentexpert.ru.Potřeboval bych to všechno odstranit.Navíc se mi zdá,že se mi od té doby nějak zpomalil celý systém.Přidávám printscreen.Díky

Mic · #2 Příspěvek od **Mic** » 19 srp 2015 14:50

Zdravím,tady posílám oba logy,doufám že sem postupoval správně.Díky

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015
Ran by Mic (administrator) on MIC-PC (19-08-2015 15:39:06)
Running from C:\Users\Mic\Desktop
Loaded Profiles: Mic (Available Profiles: Mic)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(KORG Inc.) C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(C. Ghisler & Co.) C:\Program Files\totalcmd\TOTALCMD.EXE
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Mic\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [644104 2010-12-07] (Avid Technology, Inc.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [KORG USB-MIDI Driver] => C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe [394096 2014-01-16] (KORG Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-15] (AVAST Software)
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\...\Run: [Hobbyist Software VLC Streamer] => "C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\...\Run: [eTranslator Automatic Update] => C:\Users\Mic\AppData\Roaming\eTranslator\eTranslator.exe [4822328 2015-08-18] (eTranslator App)
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\...\Run: [luuwynhjbz] => explorer "http://torrentexpert.ru/?utm_source=uou ... 2CCEA44504" <===== ATTENTION
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\...\Run: [kometaup] => C:\Users\Mic\AppData\Local\Kometa\kometaup.exe [1106528 2015-08-18] (Kometa LCC)
Startup: C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-12-20]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-15] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://torrentexpert.ru/?utm_source=startpage03&utm_content=a58416f70956ebe1106d7b20d0c7b909&utm_term=D6D745D4F36E75F7DB28F22CCEA44504
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-398789677-1632921365-3791617423-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=blackbear6
SearchScopes: HKU\S-1-5-21-398789677-1632921365-3791617423-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-398789677-1632921365-3791617423-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=blackbear6
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-15] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-398789677-1632921365-3791617423-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\..\Interfaces\{32EF1F19-7A5F-4B3F-9814-B159653B59FC}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FE61F0CB-D408-499D-ABCE-3F0B55E5AC3A}: [NameServer] 10.255.255.10,10.255.255.20

FireFox:
========
FF ProfilePath: C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\y6y7s7wr.default-1435317240039
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxp://torrentexpert.ru/?utm_source=startpage03&utm_content=a58416f70956ebe1106d7b20d0c7b909&utm_term=D6D745D4F36E75F7DB28F22CCEA44504
FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: Adblock Plus - C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\y6y7s7wr.default-1435317240039\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-26]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-16]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-08-16]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-15] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-15] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Update Ttessab; "C:\Program Files\Ttessab\updateTtessab.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-08-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-15] (AVAST Software)
S3 AXIOM; C:\Windows\System32\DRIVERS\MAudioAxiom.sys [115336 2010-03-11] (M-Audio)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUMDS.SYS [24536 2014-01-16] (KORG INC.)
R3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [158600 2010-12-07] (Avid Technology, Inc.)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-15] (AVAST Software)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [73728 2015-03-17] (Rainbow Technologies, Inc.) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-15] (Avast Software)
S3 kqhvufdn; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 15:39 - 2015-08-19 15:39 - 00014567 _____ C:\Users\Mic\Desktop\FRST.txt
2015-08-19 15:32 - 2015-08-19 15:39 - 00000000 ____D C:\FRST
2015-08-19 15:31 - 2015-08-19 15:32 - 00112640 _____ (forum.viry.cz) C:\Users\Mic\Desktop\FRSTLauncher.exe
2015-08-19 15:17 - 2015-08-19 15:17 - 01677312 _____ (Farbar) C:\Users\Mic\Desktop\FRST.exe
2015-08-19 13:38 - 2015-08-19 13:48 - 00000000 ____D C:\Users\Mic\Downloads\Joe Henderson - 5 Blue Note CD's
2015-08-18 23:29 - 2015-08-18 23:29 - 19881984 _____ C:\Windows\system32\config\system.sav.LOG
2015-08-18 23:28 - 2015-08-18 23:28 - 43409408 _____ C:\Windows\system32\config\software.sav.LOG
2015-08-18 23:28 - 2015-08-18 23:28 - 00024576 _____ C:\Windows\system32\config\security.sav.LOG
2015-08-18 23:27 - 2015-08-18 23:27 - 00028672 _____ C:\Windows\system32\config\sam.sav.LOG
2015-08-18 23:26 - 2015-08-18 23:29 - 00001648 _____ C:\Windows\system32\ASOROSet.bin
2015-08-18 23:26 - 2015-08-18 23:26 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2015-08-18 23:23 - 2015-08-18 23:31 - 00000000 ____D C:\Users\Mic\AppData\Roaming\Solvusoft
2015-08-18 23:23 - 2012-10-15 17:02 - 00017840 _____ (solvusoft) C:\Windows\system32\roboot.exe
2015-08-18 23:02 - 2015-08-18 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-18 23:02 - 2015-08-18 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-18 21:21 - 2015-08-18 23:07 - 00000000 ____D C:\Users\Mic\AppData\Local\Kometa
2015-08-18 21:13 - 2015-08-18 21:13 - 00001604 _____ C:\Users\Mic\Desktop\Вoйти в Интeрнет.lnk
2015-08-18 21:13 - 2015-08-18 21:13 - 00000000 ____D C:\Users\Mic\AppData\Local\Вoйти в Интeрнет
2015-08-18 21:06 - 2015-08-18 21:06 - 00000000 ____D C:\Users\Mic\AppData\Roaming\eTranslator
2015-08-18 21:04 - 2015-08-18 21:04 - 00001236 _____ C:\Users\Mic\Desktop\Поиcк в Интeрнете.lnk
2015-08-18 21:04 - 2015-08-18 21:04 - 00000000 ____D C:\Users\Mic\AppData\Local\Поиcк в Интeрнете
2015-08-18 21:04 - 2015-08-18 21:04 - 00000000 ____D C:\Users\Mic\AppData\Local\MailRu
2015-08-18 21:02 - 2015-08-18 21:09 - 00000000 ____D C:\Users\Mic\AppData\Local\Mail.Ru
2015-08-18 21:02 - 2015-08-18 21:02 - 00000174 _____ C:\Users\Mic\Desktop\Искать в Интернете.url
2015-08-18 21:02 - 2015-08-18 21:02 - 00000000 ____D C:\Users\Mic\AppData\Roaming\MailProducts
2015-08-18 20:48 - 2015-08-18 20:49 - 00000000 ____D C:\Users\Mic\Downloads\Joe Henderson - In 'n Out (1964) {Blue Note, RVG Edition, 2004}
2015-08-18 20:36 - 2015-08-18 20:40 - 00000000 ____D C:\Users\Mic\Downloads\Stanley Turrentine - The Blue Note Quintet - Sextet Studio Sessions CD1 (2002) [EAC-FLAC]
2015-08-18 18:54 - 2015-08-18 20:10 - 00000000 ____D C:\Users\Mic\Downloads\Bobby Hutcherson - Head On
2015-08-18 12:33 - 2015-08-18 12:56 - 00000000 ____D C:\Users\Mic\Downloads\Bobby Hutcherson - Wise One
2015-08-18 12:16 - 2015-08-18 12:16 - 00000000 ____D C:\Users\Mic\Downloads\Bobby Hutcherson - Oblique
2015-08-18 11:12 - 2015-08-19 14:43 - 00000000 ____D C:\Users\Mic\Downloads\Albums
2015-08-16 19:19 - 2015-08-16 20:22 - 1128633948 _____ C:\Users\Mic\Downloads\Ghoul-(2015)-CZ-dabing.mkv
2015-08-16 13:35 - 2015-08-17 09:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-15 10:35 - 2015-08-15 10:35 - 00002035 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-15 10:35 - 2015-08-15 10:35 - 00000000 ____D C:\Users\Mic\AppData\Roaming\AVAST Software
2015-08-15 10:35 - 2015-08-15 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-15 10:34 - 2015-08-15 10:34 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-15 10:34 - 2015-08-15 10:34 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00113592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-15 10:34 - 2015-08-15 10:34 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-15 10:33 - 2015-08-15 10:33 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-14 22:00 - 2015-08-14 22:03 - 00000000 ____D C:\Users\Mic\Downloads\Norman Connors - mister c (1981) (arista)
2015-08-12 18:58 - 2015-08-12 19:50 - 932332850 _____ C:\Users\Mic\Downloads\God-Delusion-Debate.avi
2015-08-11 23:54 - 2015-08-12 00:06 - 212674915 _____ C:\Users\Mic\Downloads\Noam-Chomsky-vs-Michel-Foucault-(FULL-DEBATE)-(1971).mp4
2015-08-11 23:54 - 2015-08-11 23:54 - 00086614 _____ C:\Users\Mic\Downloads\Noam-Chomsky-vs-Michel-Foucault-(FULL-DEBATE)-(1971).srt
2015-08-02 19:24 - 2015-08-02 19:34 - 00000000 ____D C:\Users\Mic\Downloads\VA-The Blue Note Years-14 cd
2015-08-02 18:38 - 2015-08-02 18:38 - 00000000 ____D C:\Users\Mic\Downloads\Stanley Turrentine - Never Let Me Go (APE+CUE)
2015-07-23 00:19 - 2015-07-23 15:38 - 00000000 ____D C:\Users\Mic\Downloads\Stanley Turrentine - More Than A Mood (1992) [EAC-APE]
2015-07-22 23:36 - 2015-07-22 23:40 - 00000000 ____D C:\Users\Mic\Downloads\Stanley Turrentine - Easy Walker (1966) [EAC-FLAC]
2015-07-22 23:28 - 2015-07-22 23:33 - 00000000 ____D C:\Users\Mic\Downloads\Stanley Turrentine - T Time (1995) [EAC-APE]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 15:36 - 2009-07-14 06:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-19 15:36 - 2009-07-14 06:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-19 15:27 - 2013-12-27 16:26 - 00000000 ____D C:\Users\Mic\AppData\Roaming\uTorrent
2015-08-19 15:27 - 2013-12-20 22:26 - 00000000 ____D C:\Users\Mic\AppData\Roaming\vlc
2015-08-19 15:27 - 2013-12-20 19:40 - 00000000 ____D C:\Users\Mic\AppData\Roaming\Skype
2015-08-19 15:07 - 2014-08-17 18:58 - 00000000 ____D C:\FFOutput
2015-08-19 14:56 - 2015-06-26 13:59 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-19 14:51 - 2014-12-24 22:29 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-19 13:44 - 2013-12-20 19:23 - 01819744 _____ C:\Windows\WindowsUpdate.log
2015-08-19 09:51 - 2014-12-24 22:29 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-19 09:36 - 2014-12-19 17:27 - 00105019 _____ C:\Windows\setupact.log
2015-08-19 09:36 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 23:49 - 2013-12-20 21:30 - 00007597 _____ C:\Users\Mic\AppData\Local\Resmon.ResmonCfg
2015-08-18 23:30 - 2013-12-20 19:23 - 00000000 ____D C:\Users\Mic
2015-08-18 23:02 - 2014-03-05 11:30 - 00002719 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-18 23:02 - 2013-12-20 19:40 - 00000000 ___RD C:\Program Files\Skype
2015-08-18 23:02 - 2013-12-20 19:40 - 00000000 ____D C:\ProgramData\Skype
2015-08-18 21:34 - 2014-12-19 17:27 - 03649140 _____ C:\Windows\PFRO.log
2015-08-18 21:02 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-17 09:19 - 2015-04-15 09:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-15 10:33 - 2013-12-20 20:42 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-12 16:56 - 2015-06-26 13:59 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 16:56 - 2015-06-26 13:59 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-07 16:44 - 2013-12-20 19:29 - 00006240 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2013-12-20 21:30 - 2015-08-18 23:49 - 0007597 _____ () C:\Users\Mic\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Mic\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Mic\AppData\Local\Temp\FFSetup3.6.0.0.exe
C:\Users\Mic\AppData\Local\Temp\gRUKjlCUeLzh.exe
C:\Users\Mic\AppData\Local\Temp\gy4EsbjJ3i70.exe
C:\Users\Mic\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Mic\AppData\Local\Temp\lZZKRoORqMoU.exe
C:\Users\Mic\AppData\Local\Temp\NeynNxDckW4j.exe
C:\Users\Mic\AppData\Local\Temp\nfue9maf.dll
C:\Users\Mic\AppData\Local\Temp\ochelper.exe
C:\Users\Mic\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mic\AppData\Local\Temp\~13B3.exe
C:\Users\Mic\AppData\Local\Temp\~17F3.exe
C:\Users\Mic\AppData\Local\Temp\~2476.exe
C:\Users\Mic\AppData\Local\Temp\~32B.exe
C:\Users\Mic\AppData\Local\Temp\~36F8.exe
C:\Users\Mic\AppData\Local\Temp\~37A.exe
C:\Users\Mic\AppData\Local\Temp\~4837.exe
C:\Users\Mic\AppData\Local\Temp\~51A9.exe
C:\Users\Mic\AppData\Local\Temp\~5457.exe
C:\Users\Mic\AppData\Local\Temp\~5B98.exe
C:\Users\Mic\AppData\Local\Temp\~731C.exe
C:\Users\Mic\AppData\Local\Temp\~77CE.exe
C:\Users\Mic\AppData\Local\Temp\~B36.exe
C:\Users\Mic\AppData\Local\Temp\~C725.exe
C:\Users\Mic\AppData\Local\Temp\~F852.exe
C:\Users\Mic\AppData\Local\Temp\~FC9.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-12 10:40

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:391.47 GB) (Free:79.58 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:540.04 GB) (Free:27.4 GB) NTFS

Available physical RAM: 2058.05 MB
Total physical RAM: 3582.49 MB
Percentage of memory in use: 42%

==================== MBR and Partition Table ==================

TreeSize Free V1.7.9 (HKLM\...\TreeSize Free_is1) (Version: - JAM Software)
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DD7F38B1)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3B188761)
Partition 1: (Active) - (Size=391.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=540 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Mic\Desktop" je 126 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Mic · #3 Příspěvek od **Mic** » 19 srp 2015 15:37

Po restartu to vypadá že je vše v pořádku,přidávám fixlog.

Fix result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by Mic (2015-08-19 16:25:50) Run:1
Running from C:\Users\Mic\Desktop
Loaded Profiles: Mic (Available Profiles: Mic)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:

HKU\S-1-5-21-398789677-1632921365-3791617423-1001\...\Run: [luuwynhjbz] => explorer "http://torrentexpert.ru/?utm_source=uou ... 2CCEA44504" <===== ATTENTION
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\...\Run: [kometaup] => C:\Users\Mic\AppData\Local\Kometa\kometaup.exe [1106528 2015-08-18] (Kometa LCC)

HKU\S-1-5-21-398789677-1632921365-3791617423-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://torrentexpert.ru/?utm_source=sta ... 2CCEA44504
SearchScopes: HKU\S-1-5-21-398789677-1632921365-3791617423-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=blackbear6
SearchScopes: HKU\S-1-5-21-398789677-1632921365-3791617423-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-398789677-1632921365-3791617423-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=blackbear6
Toolbar: HKU\S-1-5-21-398789677-1632921365-3791617423-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxp://torrentexpert.ru/?utm_source=sta ... 2CCEA44504
FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=

S2 Update Ttessab; "C:\Program Files\Ttessab\updateTtessab.exe" [X]
C:\Program Files\Ttessab

2015-08-18 21:21 - 2015-08-18 23:07 - 00000000 ____D C:\Users\Mic\AppData\Local\Kometa
2015-08-18 21:13 - 2015-08-18 21:13 - 00001604 _____ C:\Users\Mic\Desktop\Вoйти в Интeрнет.lnk
2015-08-18 21:13 - 2015-08-18 21:13 - 00000000 ____D C:\Users\Mic\AppData\Local\Вoйти в Интeрнет
2015-08-18 21:06 - 2015-08-18 21:06 - 00000000 ____D C:\Users\Mic\AppData\Roaming\eTranslator
2015-08-18 21:04 - 2015-08-18 21:04 - 00001236 _____ C:\Users\Mic\Desktop\Поиcк в Интeрнете.lnk
2015-08-18 21:04 - 2015-08-18 21:04 - 00000000 ____D C:\Users\Mic\AppData\Local\Поиcк в Интeрнете
2015-08-18 21:04 - 2015-08-18 21:04 - 00000000 ____D C:\Users\Mic\AppData\Local\MailRu
2015-08-18 21:02 - 2015-08-18 21:09 - 00000000 ____D C:\Users\Mic\AppData\Local\Mail.Ru
2015-08-18 21:02 - 2015-08-18 21:02 - 00000174 _____ C:\Users\Mic\Desktop\Искать в Интернете.url

EmptyTemp:

End
*****************

Processes closed successfully.
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\Software\Microsoft\Windows\CurrentVersion\Run\\luuwynhjbz => value removed successfully.
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\Software\Microsoft\Windows\CurrentVersion\Run\\kometaup => value removed successfully.
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-398789677-1632921365-3791617423-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => key removed successfully.
HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} => key not found.
"HKU\S-1-5-21-398789677-1632921365-3791617423-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => key removed successfully.
HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found.
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
Firefox SelectedSearchEngine removed successfully.
Firefox "homepage" removed successfully.
Firefox "Keyword.URL" removed successfully.
Update Ttessab => service removed successfully.
C:\Program Files\Ttessab => moved successfully.
C:\Users\Mic\AppData\Local\Kometa => moved successfully.
C:\Users\Mic\Desktop\Вoйти в Интeрнет.lnk => moved successfully.
C:\Users\Mic\AppData\Local\Вoйти в Интeрнет => moved successfully.
C:\Users\Mic\AppData\Roaming\eTranslator => moved successfully.
C:\Users\Mic\Desktop\Поиcк в Интeрнете.lnk => moved successfully.
C:\Users\Mic\AppData\Local\Поиcк в Интeрнете => moved successfully.
C:\Users\Mic\AppData\Local\MailRu => moved successfully.
C:\Users\Mic\AppData\Local\Mail.Ru => moved successfully.
C:\Users\Mic\Desktop\Искать в Интернете.url => moved successfully.
EmptyTemp: => 24.6 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 16:26:15 ====

Mic · #4 Příspěvek od **Mic** » 19 srp 2015 15:42

Tady ještě přidávám FRST a Addition.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015
Ran by Mic (administrator) on MIC-PC (19-08-2015 16:39:27)
Running from C:\Users\Mic\Desktop
Loaded Profiles: Mic (Available Profiles: Mic)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(KORG Inc.) C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(C. Ghisler & Co.) C:\Program Files\totalcmd\TOTALCMD.EXE
(forum.viry.cz) C:\Users\Mic\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [644104 2010-12-07] (Avid Technology, Inc.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [KORG USB-MIDI Driver] => C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe [394096 2014-01-16] (KORG Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-15] (AVAST Software)
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\...\Run: [Hobbyist Software VLC Streamer] => "C:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\...\Run: [eTranslator Automatic Update] => "C:\Users\Mic\AppData\Roaming\eTranslator\eTranslator.exe" -checkforupdates
Startup: C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-12-20]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-15] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-398789677-1632921365-3791617423-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-15] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\..\Interfaces\{32EF1F19-7A5F-4B3F-9814-B159653B59FC}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FE61F0CB-D408-499D-ABCE-3F0B55E5AC3A}: [NameServer] 10.255.255.10,10.255.255.20

FireFox:
========
FF ProfilePath: C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\y6y7s7wr.default-1435317240039
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: Adblock Plus - C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\y6y7s7wr.default-1435317240039\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-26]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-16]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-15]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-08-16]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-15] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-15] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-08-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-15] (AVAST Software)
S3 AXIOM; C:\Windows\System32\DRIVERS\MAudioAxiom.sys [115336 2010-03-11] (M-Audio)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUMDS.SYS [24536 2014-01-16] (KORG INC.)
R3 MAUSBFASTTRACKPRO; C:\Windows\System32\DRIVERS\MAudioFastTrackPro.sys [158600 2010-12-07] (Avid Technology, Inc.)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-15] (AVAST Software)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [73728 2015-03-17] (Rainbow Technologies, Inc.) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-15] (Avast Software)
S3 kqhvufdn; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 16:39 - 2015-08-19 16:39 - 00012944 _____ C:\Users\Mic\Desktop\FRST.txt
2015-08-19 16:38 - 2015-08-19 16:38 - 00112640 _____ (forum.viry.cz) C:\Users\Mic\Desktop\FRSTLauncher.exe
2015-08-19 16:22 - 2015-08-19 16:22 - 00001008 _____ C:\Users\Mic\Downloads\fixlist.rar
2015-08-19 15:32 - 2015-08-19 16:39 - 00000000 ____D C:\FRST
2015-08-19 15:17 - 2015-08-19 15:17 - 01677312 _____ (Farbar) C:\Users\Mic\Desktop\FRST.exe
2015-08-19 13:38 - 2015-08-19 13:48 - 00000000 ____D C:\Users\Mic\Downloads\Joe Henderson - 5 Blue Note CD's
2015-08-18 23:29 - 2015-08-18 23:29 - 19881984 _____ C:\Windows\system32\config\system.sav.LOG
2015-08-18 23:28 - 2015-08-18 23:28 - 43409408 _____ C:\Windows\system32\config\software.sav.LOG
2015-08-18 23:28 - 2015-08-18 23:28 - 00024576 _____ C:\Windows\system32\config\security.sav.LOG
2015-08-18 23:27 - 2015-08-18 23:27 - 00028672 _____ C:\Windows\system32\config\sam.sav.LOG
2015-08-18 23:26 - 2015-08-18 23:29 - 00001648 _____ C:\Windows\system32\ASOROSet.bin
2015-08-18 23:26 - 2015-08-18 23:26 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2015-08-18 23:23 - 2015-08-18 23:31 - 00000000 ____D C:\Users\Mic\AppData\Roaming\Solvusoft
2015-08-18 23:23 - 2012-10-15 17:02 - 00017840 _____ (solvusoft) C:\Windows\system32\roboot.exe
2015-08-18 23:02 - 2015-08-18 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-18 23:02 - 2015-08-18 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-18 21:02 - 2015-08-18 21:02 - 00000000 ____D C:\Users\Mic\AppData\Roaming\MailProducts
2015-08-18 20:48 - 2015-08-18 20:49 - 00000000 ____D C:\Users\Mic\Downloads\Joe Henderson - In 'n Out (1964) {Blue Note, RVG Edition, 2004}
2015-08-18 20:36 - 2015-08-18 20:40 - 00000000 ____D C:\Users\Mic\Downloads\Stanley Turrentine - The Blue Note Quintet - Sextet Studio Sessions CD1 (2002) [EAC-FLAC]
2015-08-18 18:54 - 2015-08-18 20:10 - 00000000 ____D C:\Users\Mic\Downloads\Bobby Hutcherson - Head On
2015-08-18 12:33 - 2015-08-18 12:56 - 00000000 ____D C:\Users\Mic\Downloads\Bobby Hutcherson - Wise One
2015-08-18 12:16 - 2015-08-18 12:16 - 00000000 ____D C:\Users\Mic\Downloads\Bobby Hutcherson - Oblique
2015-08-18 11:12 - 2015-08-19 14:43 - 00000000 ____D C:\Users\Mic\Downloads\Albums
2015-08-16 19:19 - 2015-08-16 20:22 - 1128633948 _____ C:\Users\Mic\Downloads\Ghoul-(2015)-CZ-dabing.mkv
2015-08-16 13:35 - 2015-08-17 09:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-15 10:35 - 2015-08-15 10:35 - 00002035 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-15 10:35 - 2015-08-15 10:35 - 00000000 ____D C:\Users\Mic\AppData\Roaming\AVAST Software
2015-08-15 10:35 - 2015-08-15 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-15 10:34 - 2015-08-15 10:34 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-15 10:34 - 2015-08-15 10:34 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00113592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-15 10:34 - 2015-08-15 10:34 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-15 10:34 - 2015-08-15 10:34 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-15 10:33 - 2015-08-15 10:33 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-14 22:00 - 2015-08-14 22:03 - 00000000 ____D C:\Users\Mic\Downloads\Norman Connors - mister c (1981) (arista)
2015-08-12 18:58 - 2015-08-12 19:50 - 932332850 _____ C:\Users\Mic\Downloads\God-Delusion-Debate.avi
2015-08-11 23:54 - 2015-08-12 00:06 - 212674915 _____ C:\Users\Mic\Downloads\Noam-Chomsky-vs-Michel-Foucault-(FULL-DEBATE)-(1971).mp4
2015-08-11 23:54 - 2015-08-11 23:54 - 00086614 _____ C:\Users\Mic\Downloads\Noam-Chomsky-vs-Michel-Foucault-(FULL-DEBATE)-(1971).srt
2015-08-02 19:24 - 2015-08-02 19:34 - 00000000 ____D C:\Users\Mic\Downloads\VA-The Blue Note Years-14 cd
2015-08-02 18:38 - 2015-08-02 18:38 - 00000000 ____D C:\Users\Mic\Downloads\Stanley Turrentine - Never Let Me Go (APE+CUE)
2015-07-23 00:19 - 2015-07-23 15:38 - 00000000 ____D C:\Users\Mic\Downloads\Stanley Turrentine - More Than A Mood (1992) [EAC-APE]
2015-07-22 23:36 - 2015-07-22 23:40 - 00000000 ____D C:\Users\Mic\Downloads\Stanley Turrentine - Easy Walker (1966) [EAC-FLAC]
2015-07-22 23:28 - 2015-07-22 23:33 - 00000000 ____D C:\Users\Mic\Downloads\Stanley Turrentine - T Time (1995) [EAC-APE]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 16:30 - 2013-12-20 19:23 - 01825152 _____ C:\Windows\WindowsUpdate.log
2015-08-19 16:27 - 2014-12-24 22:29 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-19 16:27 - 2014-12-19 17:27 - 00105075 _____ C:\Windows\setupact.log
2015-08-19 16:27 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-19 16:25 - 2009-07-14 06:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-19 16:25 - 2009-07-14 06:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-19 15:56 - 2015-06-26 13:59 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-19 15:51 - 2014-12-24 22:29 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-19 15:27 - 2013-12-27 16:26 - 00000000 ____D C:\Users\Mic\AppData\Roaming\uTorrent
2015-08-19 15:27 - 2013-12-20 22:26 - 00000000 ____D C:\Users\Mic\AppData\Roaming\vlc
2015-08-19 15:27 - 2013-12-20 19:40 - 00000000 ____D C:\Users\Mic\AppData\Roaming\Skype
2015-08-19 15:07 - 2014-08-17 18:58 - 00000000 ____D C:\FFOutput
2015-08-18 23:49 - 2013-12-20 21:30 - 00007597 _____ C:\Users\Mic\AppData\Local\Resmon.ResmonCfg
2015-08-18 23:30 - 2013-12-20 19:23 - 00000000 ____D C:\Users\Mic
2015-08-18 23:02 - 2014-03-05 11:30 - 00002719 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-18 23:02 - 2013-12-20 19:40 - 00000000 ___RD C:\Program Files\Skype
2015-08-18 23:02 - 2013-12-20 19:40 - 00000000 ____D C:\ProgramData\Skype
2015-08-18 21:34 - 2014-12-19 17:27 - 03649140 _____ C:\Windows\PFRO.log
2015-08-18 21:02 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-17 09:19 - 2015-04-15 09:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-15 10:33 - 2013-12-20 20:42 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-12 16:56 - 2015-06-26 13:59 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 16:56 - 2015-06-26 13:59 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-07 16:44 - 2013-12-20 19:29 - 00006240 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2013-12-20 21:30 - 2015-08-18 23:49 - 0007597 _____ () C:\Users\Mic\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-12 10:40

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:391.47 GB) (Free:104.22 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:540.04 GB) (Free:27.4 GB) NTFS

Available physical RAM: 1797.05 MB
Total physical RAM: 3582.49 MB
Percentage of memory in use: 49%

==================== MBR and Partition Table ==================

TreeSize Free V1.7.9 (HKLM\...\TreeSize Free_is1) (Version: - JAM Software)
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DD7F38B1)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3B188761)
Partition 1: (Active) - (Size=391.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=540 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Mic\Desktop" je 126 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Mic · #5 Příspěvek od **Mic** » 19 srp 2015 16:08

Korg usb-midi driver používám k syntezátoru,takže znám.Akorát sem si všiml že na start liště mám stále ikonu smartinf.ru (ta ikona nahoře se zeměkoulí a šipkou),po rozkliknutí se otevře nové okno v Mozille s přednastavenou stránkou smartinf.ru.

Mic · #6 Příspěvek od **Mic** » 19 srp 2015 16:15

Tady přidávám log z ADWCleaner.

# AdwCleaner v5.002 - Logfile created 19/08/2015 at 17:11:59
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Mic - MIC-PC
# Running from : C:\Users\Mic\Desktop\adwcleaner_5.002.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Driver Pro
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\Users\Mic\AppData\Roaming\DriverCure
[-] Folder Deleted : C:\Users\Mic\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Mic\AppData\Roaming\ParetoLogic
[-] Folder Deleted : C:\Users\Mic\AppData\Roaming\Solvusoft

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Windows\system32\roboot.exe

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [eTranslator Automatic Update]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
[-] Key Deleted : HKCU\Software\1ClickDownload
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Driver Pro
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\etranslator
[-] Key Deleted : HKCU\Software\Appscion
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\Speedchecker Limited
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\etranslator

***** [ Web browsers ] *****

*************************

:: Proxy settings cleared
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2288 bytes] ##########

Mic · #7 Příspěvek od **Mic** » 19 srp 2015 16:38

Po restartu ikona zůstala,tak sem dal odstranit.Chtěl bych se zeptat,podle toho logu vypadá už vše v pořádku?Četl sem že mail.ru může odesílat různá data a i jinak ohrozit počítač,nevím jak to poznat,jestli už je to zcela pryč.Díky

Mic · #8 Příspěvek od **Mic** » 19 srp 2015 20:08

Tady přidávám log z MBAM.Trvalo to trochu dýl.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 19.8.2015
Čas skenování: 18:32
Protokol: AAA.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.19.04
Databáze rootkitů: v2015.08.16.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Mic

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 494989
Uplynulý čas: 2 hod, 31 min, 58 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 1
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, , [a50b5baf4546072f6cac2129986b7987],

Soubory: 15
PUP.Optional.OpenCandy, D:\Programs\DAEMONToolsPro510-0333.exe, , [535d33d75932122409a5d6a48a7bb64a],
PUP.Optional.OpenCandy, D:\Programs\winamp563_full_emusic-7plus_all.exe, , [b5fb65a5a8e3b18537775e1c1fe64db3],
PUP.Optional.OpenCandy, D:\Programs\Comp Analisys\imgburn-2.5.8.0(1).exe, , [832d2fdbe0ab93a3dfcf4e2c47bebe42],
PUP.Optional.OpenCandy, D:\Programs\Comp Analisys\imgburn-2.5.8.0.exe, , [c4ec38d24f3c9d99b1fdfc7e46bf55ab],
Malware.Packer.Gen, D:\Music Programs\Addictive Drums\XLN-Addictive Drums KG only\Keygen.exe, , [5759878369223006d6599cc8d42cc040],
PUP.RiskWareTool.CK, D:\Music Programs\Korg.Legacy.Collection.Digital.Edition.VSTi.RTAS.v1.32.Incl.Keygen-AiR\keygen.exe, , [4c64c6442a61fc3afb318a400cf520e0],
Trojan.Dropper, D:\Music Programs\Rob.Papen.LinPlug.Albino.VSTi.v3.0.2.incl.KeyGen\Albino3Installer302.exe, , [c2eef7139eed71c5cef0ba63e0221ce4],
Malware.Packer.Gen, D:\Music Programs\XLN.Audio.Addictive.Drums.1.5.2.VSTi.RTAS.AU.Mac.PC+ADPaks+MIDIPaks\Addictive Drums\air-xlnaadkgn.rar, , [8927b258f4975cdacc63a2c2738d32ce],
Malware.Packer.Gen, D:\Music Programs\XLN.Audio.Addictive.Drums.1.5.2.VSTi.RTAS.AU.Mac.PC+ADPaks+MIDIPaks\Addictive Drums\Keygen.exe, , [7d33b258c3c83ef8c26dfb69ac549f61],
Adware.Agent, D:\Music Programs\XLN.Audio.Addictive.Drums.1.5.2.VSTi.RTAS.AU.Mac.PC+ADPaks+MIDIPaks\MIDI Paks\XLN Free Stuff\XLN Addictive Drums Free Stuff Pack.zip, , [a10fd93199f2df57186bc2b26f917888],
Trojan.Agent.W, C:\Windows\Setup\SCRIPTS\Windows7Loader.exe, , [5858709ad1baf640002ab35119ec2ad6],
PUP.Optional.RuKometa, C:\FRST\Quarantine\C\Users\Mic\AppData\Local\Kometa\kometaup.exe, , [8c240ffbd7b450e64b844c53a45d8878],
PUP.Optional.Etranslator, C:\FRST\Quarantine\C\Users\Mic\AppData\Roaming\eTranslator\eTranslator.exe, , [cbe56aa0f893e45210a9fca249b8cf31],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, , [a50b5baf4546072f6cac2129986b7987],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, , [a50b5baf4546072f6cac2129986b7987],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#9 Příspěvek od **vyosek** » 20 srp 2015 16:40

Zdravim

Omlouvam se kolegovi za vstup ale jako MOD si dovolim vstoupit

Jen s dovolenim uzivatele upozornuji, ze pripadna dalsi pomoc s nelegalnim systemem (kterym tento prokazatelne je), bude v souladu s pravidly fora odmitnuta...

Mic · #10 Příspěvek od **Mic** » 20 srp 2015 16:51

Zdravím,ok,tak díky moc za rychlé vyřízení problému.

VIRY.CZ

Problém s odstraněním programu/viru.

Problém s odstraněním programu/viru.

Re: Problém s odstraněním programu/viru.

Re: Problém s odstraněním programu/viru.

Re: Problém s odstraněním programu/viru.

Re: Problém s odstraněním programu/viru.

Re: Problém s odstraněním programu/viru.

Re: Problém s odstraněním programu/viru.

Re: Problém s odstraněním programu/viru.

Re: Problém s odstraněním programu/viru.

Re: Problém s odstraněním programu/viru.