Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Reklama s VIREM- Odcizení účtu steam

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Worthexik
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 30 zář 2015 11:56

Reklama s VIREM- Odcizení účtu steam

#1 Příspěvek od Worthexik »

Dobrý den, asi před 4 dnama jsem koukal, na seriál a vyletěla reklama či spíš taková tabulka, že v mém PC je vir, envzpomenu si už co přesně to psalo, ale něco jako keylogger asi. Pár hodin po té se mě odhlásil učet ze steamu. Vrátit zpátky to zatím nejde, protože si změnil e-mail na tom účtě. (ZAtím čekám an support ale to nic) Moje otázka zní, jak zjistím, zda je ještě něco takového v PC? Antivirákama jsem PC už projížděl a dnes kolem asi 11 hodiny mě PC začal uplně blbnout pomalu na všech programech co jsem chtěl pustit bylo ''neodesílat'' Asi po 3. pokusu jsem v PC zvolil ''Obnova systému''. Zatím vše jede tak nějak jak by mělo, jako že bez ''neodesílat. Když jsem pátral tak nějak po ''zbytkách'' učtu našel jsem i IP adresu viníka + i jeho místo kde bydlí ( Zkrátka místo, kde by ten den naposledy na mém odcizeném účtě). Což mě je k ničemu mám pocit. Děkuji za odpověd.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119674
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Reklama s VIREM- Odcizení účtu steam

#2 Příspěvek od Rudy »

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Dále doporučuji si vše, co máte pod heslem, přeheslovat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Worthexik
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 30 zář 2015 11:56

Re: Reklama s VIREM- Odcizení účtu steam

#3 Příspěvek od Worthexik »

Zdravím, zde je ten log.

- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Martin (administrator) on MARTIN-PC (01-10-2015 14:49:17)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.0.0.110\NSBU.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.0.0.110\NSBU.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [uTorrent] => C:\Users\Martin\AppData\Roaming\uTorrent\updates\3.4.5_41162.exe [1821536 2015-09-26] (BitTorrent Inc.)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-07-24] (Sony)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55358992 2015-09-04] (Skype Technologies S.A.)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\MountPoints2: {f8c20bb4-efe1-11e4-86a1-10bf4862eb7c} - E:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\MountPoints2: {fe6061cf-f22e-11e4-86bf-10bf4862eb7c} - E:\Startme.exe
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.0.0.110\buShell.dll [2014-08-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.0.0.110\buShell.dll [2014-08-20] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.0.0.110\buShell.dll [2014-08-20] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{346D9C71-87BF-4F81-AC44-CE66EEBD6871}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{346D9C71-87BF-4F81-AC44-CE66EEBD6871}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.0.0.110\coIEPlg.dll [2014-09-13] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.0.0.110\coIEPlg.dll [2014-09-13] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.0.0.110\coIEPlg.dll [2014-09-13] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.0.0.110\coIEPlg.dll [2014-09-13] (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\bfwyvm7f.default
FF Homepage: hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2015-07-28] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Seznam lištička - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\bfwyvm7f.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-09-14]
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\bfwyvm7f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.0.0.110\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.0.0.110\coFFPlgn [2015-10-01]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-30]
CHR Extension: (Vyhledávání Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Spyware Terminator Internet Guard) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elbjpfdfllhaioofjgmiaekihidancnc [2015-09-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.0.0.110\Exts\Chrome.crx [2015-09-30]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.0.0.110\Exts\Chrome.crx [2015-09-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\NSBU.exe [282016 2015-07-16] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\BASHDefs\20150928.001\BHDrvx64.sys [1650936 2015-09-28] (Symantec Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-01] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-09-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-09-29] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\IPSDefs\20150930.001\IDSvia64.sys [767216 2015-09-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150930.025\ENG64.SYS [138488 2015-09-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150930.025\EX64.SYS [2146040 2015-09-29] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NSBUx64\1600000.06E\SRTSP64.SYS [1016024 2014-09-09] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R4 SymDS; C:\Windows\System32\drivers\NSBUx64\1600000.06E\SYMDS64.SYS [490712 2014-09-09] (Symantec Corporation)
R4 SymEFA; C:\Windows\System32\drivers\NSBUx64\1600000.06E\SYMEFA64.SYS [1151704 2014-09-09] (Symantec Corporation)
S0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-10-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\NSBUx64\1600000.06E\SYMNETS.SYS [565464 2014-09-09] (Symantec Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-17] (CyberLink Corp.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-01 14:49 - 2015-10-01 14:49 - 00016643 _____ C:\Users\Martin\Desktop\FRST.txt
2015-10-01 14:47 - 2015-10-01 14:46 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2015-10-01 14:46 - 2015-10-01 14:46 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Downloads\FRSTLauncher.exe
2015-10-01 14:42 - 2015-10-01 14:49 - 00000000 ____D C:\FRST
2015-10-01 14:42 - 2015-10-01 14:42 - 02192384 _____ (Farbar) C:\Users\Martin\Desktop\frst64.exe
2015-10-01 14:10 - 2015-10-01 14:10 - 00000446 _____ C:\Windows\PFRO.log
2015-09-30 17:33 - 2015-09-30 17:33 - 00000794 _____ C:\Users\Martin\Desktop\Lizam kredenc.lnk
2015-09-30 10:56 - 2015-09-30 10:56 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security with Backup
2015-09-30 10:55 - 2015-10-01 14:36 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-09-30 10:55 - 2015-10-01 14:36 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-09-30 10:55 - 2015-09-30 10:55 - 00003242 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-09-30 10:55 - 2015-09-30 10:55 - 00002629 _____ C:\Users\Public\Desktop\Norton Security with Backup.lnk
2015-09-30 10:55 - 2015-09-30 10:55 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-09-30 10:54 - 2015-10-01 14:35 - 00000000 ____D C:\Windows\system32\Drivers\NSBUx64
2015-09-30 10:54 - 2015-09-30 10:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2015-09-30 10:54 - 2015-09-30 10:54 - 00000000 ____D C:\Program Files (x86)\Norton Security with Backup
2015-09-30 10:44 - 2015-10-01 14:10 - 00000112 _____ C:\Windows\setupact.log
2015-09-30 10:44 - 2015-09-30 10:44 - 00000000 _____ C:\Windows\setuperr.log
2015-09-30 08:22 - 2015-09-30 08:22 - 00000000 ____D C:\Users\Martin\AppData\Local\GWX
2015-09-28 18:51 - 2015-09-30 10:32 - 00000752 _____ C:\Windows\system32\config\afw_hm.conf
2015-09-28 18:51 - 2015-09-30 10:32 - 00000004 _____ C:\Windows\system32\config\afw_db.conf
2015-09-28 18:37 - 2015-09-28 18:37 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-28 18:36 - 2015-09-30 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
2015-09-28 18:36 - 2015-09-28 18:52 - 00000000 ____D C:\Users\Martin\AppData\Roaming\BullGuard
2015-09-28 18:35 - 2015-09-28 18:35 - 00000000 ____D C:\Program Files\Common Files\BullGuard Ltd
2015-09-28 18:35 - 2015-09-28 18:35 - 00000000 ____D C:\Program Files\BullGuard Ltd
2015-09-28 18:33 - 2015-09-28 18:33 - 00000000 ____D C:\Users\Martin\AppData\Roaming\QuickScan
2015-09-28 18:32 - 2015-09-30 10:33 - 00000000 ____D C:\ProgramData\BullGuard
2015-09-28 16:42 - 2015-09-30 10:40 - 00000000 ____D C:\ProgramData\Spyware Terminator
2015-09-28 16:42 - 2015-09-30 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2015-09-28 16:42 - 2015-09-30 10:40 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2015-09-28 16:42 - 2015-09-28 16:42 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Spyware Terminator
2015-09-27 18:19 - 2015-09-30 10:54 - 00000000 ____D C:\ProgramData\Norton
2015-09-27 09:47 - 2015-09-30 10:41 - 00000000 ____D C:\Program Files (x86)\FCleaner
2015-09-27 09:47 - 2015-09-27 09:47 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FTWeak
2015-09-27 09:47 - 2015-09-27 09:47 - 00000000 ____D C:\ProgramData\FTWeak
2015-09-27 09:45 - 2015-09-27 09:45 - 00007693 _____ C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2015-09-26 19:41 - 2015-09-30 10:40 - 00000000 ____D C:\Windows\system32\GWX
2015-09-26 19:10 - 2015-09-30 10:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-26 19:10 - 2015-09-30 10:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-22 13:15 - 2015-09-22 13:15 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-09-22 08:46 - 2015-09-22 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-17 03:27 - 2015-09-17 03:27 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2015-09-17 03:27 - 2015-09-17 03:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2015-09-17 01:18 - 2015-09-30 10:41 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2015-09-14 22:17 - 2015-09-14 22:17 - 00000000 ____D C:\Users\Martin\AppData\Roaming\ppslog
2015-09-14 21:58 - 2015-09-14 21:58 - 00000000 ____D C:\Users\Martin\AppData\Local\globalUpdate
2015-09-14 21:58 - 2015-09-14 21:58 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-09-14 21:58 - 2015-09-14 21:58 - 00000000 ____D C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071
2015-09-14 21:57 - 2015-09-14 21:57 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-09-14 21:56 - 2015-09-16 13:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Seznam.cz
2015-09-14 21:56 - 2015-09-16 13:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\cpuminer
2015-09-14 21:55 - 2015-09-16 13:40 - 00000000 ____D C:\Users\Martin\AppData\Local\SysassistByHotWheel
2015-09-14 21:55 - 2015-09-15 21:06 - 00000000 ____D C:\Users\Martin\AppData\Local\Unity
2015-09-14 21:55 - 2015-09-14 21:55 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-14 21:54 - 2015-09-16 13:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\IQIYI Video
2015-09-14 21:54 - 2015-09-14 22:27 - 00000000 ____D C:\ProgramData\IQIYI Video
2015-09-10 18:36 - 2015-09-10 18:40 - 00000000 ____D C:\Users\Martin\Documents\GTA San Andreas User Files
2015-09-05 14:26 - 2015-09-05 14:26 - 03003437 _____ C:\Users\Martin\Desktop\update.rar
2015-09-03 22:46 - 2015-09-03 22:46 - 00000000 ____D C:\Users\Martin\Downloads\Gameforge Live
2015-09-03 17:59 - 2015-09-03 17:59 - 00000000 ____D C:\Users\Martin\Documents\svctest
2015-09-03 17:59 - 2015-09-03 17:59 - 00000000 ____D C:\Users\Martin\Documents\svcrecord

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-01 14:32 - 2015-01-30 01:28 - 01104271 _____ C:\Windows\WindowsUpdate.log
2015-10-01 14:25 - 2009-07-14 06:45 - 00014448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-01 14:25 - 2009-07-14 06:45 - 00014448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-01 14:24 - 2015-01-30 13:14 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2015-10-01 14:15 - 2015-01-30 00:49 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-01 14:13 - 2015-04-27 19:58 - 00000000 ____D C:\Users\Martin\AppData\Roaming\uTorrent
2015-10-01 14:12 - 2015-01-30 13:17 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-01 14:10 - 2015-01-30 13:01 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-01 14:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-30 17:21 - 2015-08-02 12:45 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2015-09-30 17:20 - 2009-07-14 17:18 - 00668332 _____ C:\Windows\system32\perfh005.dat
2015-09-30 17:20 - 2009-07-14 17:18 - 00140992 _____ C:\Windows\system32\perfc005.dat
2015-09-30 17:20 - 2009-07-14 07:13 - 01582374 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-30 10:53 - 2015-02-12 19:10 - 00001912 _____ C:\Windows\epplauncher.mif
2015-09-30 10:44 - 2015-01-29 21:15 - 00061928 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-30 10:44 - 2015-01-29 19:46 - 00000000 ____D C:\Users\Martin
2015-09-30 10:41 - 2015-08-27 13:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-30 10:41 - 2015-07-27 17:29 - 00000000 ____D C:\Users\Martin\AppData\Local\Akamai
2015-09-30 10:41 - 2015-07-15 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-09-30 10:41 - 2015-05-01 15:11 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-09-30 10:41 - 2015-02-14 16:56 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-09-30 10:41 - 2015-02-14 14:52 - 00000000 ____D C:\Program Files (x86)\Drakensang Online
2015-09-30 10:41 - 2015-01-30 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-30 10:41 - 2009-07-14 17:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\schemas
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-30 10:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-09-30 10:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-09-30 10:34 - 2015-01-30 13:26 - 00000000 ____D C:\HRY
2015-09-30 10:34 - 2015-01-29 21:04 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-30 08:52 - 2015-01-31 19:33 - 00000000 ____D C:\Users\Martin\AppData\Roaming\LolClient
2015-09-28 18:46 - 2015-01-29 19:40 - 00000000 ____D C:\Windows\Panther
2015-09-28 18:33 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-09-27 13:47 - 2015-01-31 17:47 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Riot Games
2015-09-26 19:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2015-09-26 19:34 - 2015-01-30 19:17 - 00000000 ____D C:\Windows\system32\MRT
2015-09-26 09:31 - 2015-01-30 10:59 - 00000000 __SHD C:\Users\Martin\AppData\Local\EmieUserList
2015-09-26 09:31 - 2015-01-30 10:59 - 00000000 __SHD C:\Users\Martin\AppData\Local\EmieSiteList
2015-09-26 09:31 - 2015-01-30 10:59 - 00000000 __SHD C:\Users\Martin\AppData\Local\EmieBrowserModeList
2015-09-22 13:15 - 2015-01-30 00:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 13:15 - 2015-01-30 00:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-22 13:15 - 2015-01-30 00:49 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-22 08:47 - 2015-01-30 13:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-22 08:47 - 2015-01-30 13:14 - 00000000 ____D C:\ProgramData\Skype
2015-09-20 09:56 - 2015-07-23 18:14 - 00000024 _____ C:\Users\Martin\random.dat
2015-09-20 09:55 - 2015-07-24 15:10 - 00000045 _____ C:\Users\Martin\jagex_cl_oldschool_LIVE.dat
2015-09-20 09:55 - 2015-07-23 18:14 - 00000023 _____ C:\Users\Martin\jagexappletviewer.preferences
2015-09-17 03:28 - 2015-04-27 17:02 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-09-17 01:18 - 2015-02-14 14:52 - 00001972 _____ C:\Users\Martin\Desktop\Drakensang Online.lnk
2015-09-16 21:36 - 2015-01-30 13:01 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 21:36 - 2015-01-30 13:01 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 21:36 - 2015-01-30 13:01 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-16 13:40 - 2015-07-28 12:13 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2015-09-16 13:40 - 2015-01-30 16:21 - 00000000 ____D C:\.alotic_cache_32
2015-09-16 13:40 - 2015-01-30 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-16 13:40 - 2015-01-30 00:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-16 13:39 - 2015-01-30 13:01 - 00000000 ____D C:\Users\Martin\AppData\Local\Google

==================== Files in the root of some directories =======

2015-09-27 09:45 - 2015-09-27 09:45 - 0007693 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Martin\alotic_preferences.dat
C:\Users\Martin\alotic_preferences2.dat


Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\sfamcc00001.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-21 12:04

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.66 GB) (Free:333.67 GB) NTFS

Available physical RAM: 4919.66 MB
Total physical RAM: 8131.35 MB
Percentage of memory in use: 39%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0B980B97)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Norton Security se zálohováním (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security se zálohováním (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security se zálohováním (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martin\Desktop" je 5487 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD14Agent
"C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr
"C:\Program Files (x86)\Raptr\raptrstub.exe" --startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk
C:\PROGRA~2\MICROS~2\Office10\OSA.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119674
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Reklama s VIREM- Odcizení účtu steam

#4 Příspěvek od Rudy »

Teď spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Worthexik
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 30 zář 2015 11:56

Re: Reklama s VIREM- Odcizení účtu steam

#5 Příspěvek od Worthexik »

Zde je log po ADW # AdwCleaner v5.009 - Logfile created 01/10/2015 at 18:29:29
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Downloads\adwcleaner_5.009.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\ProgramData\IQIYI Video
[-] Folder Deleted : C:\Users\Martin\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Martin\AppData\Local\SysassistByHotWheel
[-] Folder Deleted : C:\Users\Martin\AppData\Roaming\IQIYI Video
[-] Folder Deleted : C:\Users\Martin\AppData\Roaming\cpuminer
[-] Folder Deleted : C:\Users\Martin\AppData\Roaming\ppslog
[-] Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\bfwyvm7f.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

***** [ Files ] *****

[-] File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Adobe Flash Player Updater

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP

***** [ Web browsers ] *****

[-] [C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search here
[-] [C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : call-of-duty-2.en.softonic.com
[-] [C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : twister-antivirus.en.softonic.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3028 bytes] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119674
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Reklama s VIREM- Odcizení účtu steam

#6 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Worthexik
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 30 zář 2015 11:56

Re: Reklama s VIREM- Odcizení účtu steam

#7 Příspěvek od Worthexik »

Nové - Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Martin (administrator) on MARTIN-PC (01-10-2015 18:51:18)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\nsbu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\nsbu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [uTorrent] => C:\Users\Martin\AppData\Roaming\uTorrent\updates\3.4.5_41162.exe [1821536 2015-09-26] (BitTorrent Inc.)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-07-24] (Sony)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [55358992 2015-09-04] (Skype Technologies S.A.)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\MountPoints2: {f8c20bb4-efe1-11e4-86a1-10bf4862eb7c} - E:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\MountPoints2: {fe6061cf-f22e-11e4-86bf-10bf4862eb7c} - E:\Startme.exe
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{346D9C71-87BF-4F81-AC44-CE66EEBD6871}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{346D9C71-87BF-4F81-AC44-CE66EEBD6871}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-20] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-20] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\bfwyvm7f.default
FF Homepage: hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll [2015-07-28] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\bfwyvm7f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.0.0.110\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.0.0.110\coFFPlgn [2015-10-01]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-30]
CHR Extension: (Vyhledávání Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Spyware Terminator Internet Guard) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elbjpfdfllhaioofjgmiaekihidancnc [2015-09-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\Exts\Chrome.crx [2015-10-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\Exts\Chrome.crx [2015-10-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\NSBU.exe [282016 2015-07-16] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\BASHDefs\20150928.001\BHDrvx64.sys [1650936 2015-09-28] (Symantec Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-01] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-09-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-09-29] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\IPSDefs\20150930.001\IDSvia64.sys [767216 2015-09-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150930.025\ENG64.SYS [138488 2015-09-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.0.0.110\Definitions\VirusDefs\20150930.025\EX64.SYS [2146040 2015-09-29] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-10-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-17] (CyberLink Corp.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-01 18:50 - 2015-10-01 18:50 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Downloads\FRSTLauncher.exe
2015-10-01 18:50 - 2015-10-01 18:50 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2015-10-01 18:39 - 2015-10-01 18:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security with Backup
2015-10-01 18:33 - 2015-10-01 18:33 - 00002448 _____ C:\Users\Public\Desktop\Norton Security se zálohov..LNK
2015-10-01 18:28 - 2015-10-01 18:29 - 00000000 ____D C:\AdwCleaner
2015-10-01 18:27 - 2015-10-01 18:27 - 01670656 _____ C:\Users\Martin\Desktop\adwcleaner_5.009.exe
2015-10-01 15:59 - 2015-10-01 15:59 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2015-10-01 14:49 - 2015-10-01 18:51 - 00016114 _____ C:\Users\Martin\Desktop\FRST.txt
2015-10-01 14:42 - 2015-10-01 18:51 - 00000000 ____D C:\FRST
2015-10-01 14:42 - 2015-10-01 14:42 - 02192384 _____ (Farbar) C:\Users\Martin\Desktop\frst64.exe
2015-10-01 14:10 - 2015-10-01 14:10 - 00000446 _____ C:\Windows\PFRO.log
2015-09-30 17:33 - 2015-09-30 17:33 - 00000794 _____ C:\Users\Martin\Desktop\Lizam kredenc.lnk
2015-09-30 10:55 - 2015-10-01 18:33 - 00003240 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-09-30 10:55 - 2015-10-01 14:36 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-09-30 10:55 - 2015-10-01 14:36 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-09-30 10:55 - 2015-09-30 10:55 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-09-30 10:54 - 2015-10-01 18:34 - 00000000 ____D C:\Windows\system32\Drivers\NSBUx64
2015-09-30 10:54 - 2015-10-01 18:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2015-09-30 10:54 - 2015-09-30 10:54 - 00000000 ____D C:\Program Files (x86)\Norton Security with Backup
2015-09-30 10:44 - 2015-10-01 18:32 - 00000168 _____ C:\Windows\setupact.log
2015-09-30 10:44 - 2015-09-30 10:44 - 00000000 _____ C:\Windows\setuperr.log
2015-09-30 08:22 - 2015-09-30 08:22 - 00000000 ____D C:\Users\Martin\AppData\Local\GWX
2015-09-28 18:51 - 2015-09-30 10:32 - 00000752 _____ C:\Windows\system32\config\afw_hm.conf
2015-09-28 18:51 - 2015-09-30 10:32 - 00000004 _____ C:\Windows\system32\config\afw_db.conf
2015-09-28 18:37 - 2015-09-28 18:37 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-28 18:36 - 2015-09-30 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
2015-09-28 18:36 - 2015-09-28 18:52 - 00000000 ____D C:\Users\Martin\AppData\Roaming\BullGuard
2015-09-28 18:35 - 2015-09-28 18:35 - 00000000 ____D C:\Program Files\Common Files\BullGuard Ltd
2015-09-28 18:35 - 2015-09-28 18:35 - 00000000 ____D C:\Program Files\BullGuard Ltd
2015-09-28 18:33 - 2015-09-28 18:33 - 00000000 ____D C:\Users\Martin\AppData\Roaming\QuickScan
2015-09-28 18:32 - 2015-09-30 10:33 - 00000000 ____D C:\ProgramData\BullGuard
2015-09-28 16:42 - 2015-09-30 10:40 - 00000000 ____D C:\ProgramData\Spyware Terminator
2015-09-28 16:42 - 2015-09-30 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2015-09-28 16:42 - 2015-09-30 10:40 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2015-09-28 16:42 - 2015-09-28 16:42 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Spyware Terminator
2015-09-27 18:19 - 2015-09-30 10:54 - 00000000 ____D C:\ProgramData\Norton
2015-09-27 09:47 - 2015-09-30 10:41 - 00000000 ____D C:\Program Files (x86)\FCleaner
2015-09-27 09:47 - 2015-09-27 09:47 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FTWeak
2015-09-27 09:47 - 2015-09-27 09:47 - 00000000 ____D C:\ProgramData\FTWeak
2015-09-27 09:45 - 2015-09-27 09:45 - 00007693 _____ C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2015-09-26 19:41 - 2015-09-30 10:40 - 00000000 ____D C:\Windows\system32\GWX
2015-09-26 19:10 - 2015-09-30 10:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-26 19:10 - 2015-09-30 10:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-22 13:15 - 2015-09-22 13:15 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-09-22 08:46 - 2015-09-22 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-17 03:27 - 2015-09-17 03:27 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2015-09-17 03:27 - 2015-09-17 03:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2015-09-17 01:18 - 2015-09-30 10:41 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2015-09-14 21:58 - 2015-09-14 21:58 - 00000000 ____D C:\Program Files (x86)\2285a674-871e-49c9-b934-0f0813fec071
2015-09-14 21:57 - 2015-09-14 21:57 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-09-14 21:56 - 2015-09-16 13:40 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Seznam.cz
2015-09-14 21:55 - 2015-09-15 21:06 - 00000000 ____D C:\Users\Martin\AppData\Local\Unity
2015-09-14 21:55 - 2015-09-14 21:55 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-10 18:36 - 2015-09-10 18:40 - 00000000 ____D C:\Users\Martin\Documents\GTA San Andreas User Files
2015-09-05 14:26 - 2015-09-05 14:26 - 03003437 _____ C:\Users\Martin\Desktop\update.rar
2015-09-03 22:46 - 2015-09-03 22:46 - 00000000 ____D C:\Users\Martin\Downloads\Gameforge Live
2015-09-03 17:59 - 2015-09-03 17:59 - 00000000 ____D C:\Users\Martin\Documents\svctest
2015-09-03 17:59 - 2015-09-03 17:59 - 00000000 ____D C:\Users\Martin\Documents\svcrecord

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-01 18:44 - 2015-01-30 13:14 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2015-10-01 18:42 - 2015-01-30 01:28 - 01123578 _____ C:\Windows\WindowsUpdate.log
2015-10-01 18:42 - 2009-07-14 06:45 - 00014448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-01 18:42 - 2009-07-14 06:45 - 00014448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-01 18:35 - 2015-04-27 19:58 - 00000000 ____D C:\Users\Martin\AppData\Roaming\uTorrent
2015-10-01 18:34 - 2015-01-30 13:17 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-01 18:32 - 2015-01-30 13:01 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-01 18:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-01 14:52 - 2015-08-02 12:45 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2015-09-30 17:20 - 2009-07-14 17:18 - 00668332 _____ C:\Windows\system32\perfh005.dat
2015-09-30 17:20 - 2009-07-14 17:18 - 00140992 _____ C:\Windows\system32\perfc005.dat
2015-09-30 17:20 - 2009-07-14 07:13 - 01582374 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-30 10:53 - 2015-02-12 19:10 - 00001912 _____ C:\Windows\epplauncher.mif
2015-09-30 10:44 - 2015-01-29 21:15 - 00061928 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-30 10:44 - 2015-01-29 19:46 - 00000000 ____D C:\Users\Martin
2015-09-30 10:41 - 2015-08-27 13:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-30 10:41 - 2015-07-27 17:29 - 00000000 ____D C:\Users\Martin\AppData\Local\Akamai
2015-09-30 10:41 - 2015-07-15 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-09-30 10:41 - 2015-05-01 15:11 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-09-30 10:41 - 2015-02-14 16:56 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-09-30 10:41 - 2015-02-14 14:52 - 00000000 ____D C:\Program Files (x86)\Drakensang Online
2015-09-30 10:41 - 2015-01-30 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-30 10:41 - 2009-07-14 17:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\schemas
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-09-30 10:41 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-30 10:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-09-30 10:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-09-30 10:34 - 2015-01-30 13:26 - 00000000 ____D C:\HRY
2015-09-30 10:34 - 2015-01-29 21:04 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-30 08:52 - 2015-01-31 19:33 - 00000000 ____D C:\Users\Martin\AppData\Roaming\LolClient
2015-09-28 18:46 - 2015-01-29 19:40 - 00000000 ____D C:\Windows\Panther
2015-09-28 18:33 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-09-27 13:47 - 2015-01-31 17:47 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Riot Games
2015-09-26 19:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2015-09-26 19:34 - 2015-01-30 19:17 - 00000000 ____D C:\Windows\system32\MRT
2015-09-26 09:31 - 2015-01-30 10:59 - 00000000 __SHD C:\Users\Martin\AppData\Local\EmieUserList
2015-09-26 09:31 - 2015-01-30 10:59 - 00000000 __SHD C:\Users\Martin\AppData\Local\EmieSiteList
2015-09-26 09:31 - 2015-01-30 10:59 - 00000000 __SHD C:\Users\Martin\AppData\Local\EmieBrowserModeList
2015-09-22 13:15 - 2015-01-30 00:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 13:15 - 2015-01-30 00:49 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-22 08:47 - 2015-01-30 13:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-22 08:47 - 2015-01-30 13:14 - 00000000 ____D C:\ProgramData\Skype
2015-09-20 09:56 - 2015-07-23 18:14 - 00000024 _____ C:\Users\Martin\random.dat
2015-09-20 09:55 - 2015-07-24 15:10 - 00000045 _____ C:\Users\Martin\jagex_cl_oldschool_LIVE.dat
2015-09-20 09:55 - 2015-07-23 18:14 - 00000023 _____ C:\Users\Martin\jagexappletviewer.preferences
2015-09-17 03:28 - 2015-04-27 17:02 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-09-17 01:18 - 2015-02-14 14:52 - 00001972 _____ C:\Users\Martin\Desktop\Drakensang Online.lnk
2015-09-16 21:36 - 2015-01-30 13:01 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 21:36 - 2015-01-30 13:01 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 21:36 - 2015-01-30 13:01 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-16 13:40 - 2015-07-28 12:13 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2015-09-16 13:40 - 2015-01-30 16:21 - 00000000 ____D C:\.alotic_cache_32
2015-09-16 13:40 - 2015-01-30 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-16 13:40 - 2015-01-30 00:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-16 13:39 - 2015-01-30 13:01 - 00000000 ____D C:\Users\Martin\AppData\Local\Google

==================== Files in the root of some directories =======

2015-09-27 09:45 - 2015-09-27 09:45 - 0007693 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Martin\alotic_preferences.dat
C:\Users\Martin\alotic_preferences2.dat


Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-21 12:04

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.66 GB) (Free:333 GB) NTFS

Available physical RAM: 4796.9 MB
Total physical RAM: 8131.35 MB
Percentage of memory in use: 41%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0B980B97)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Norton Security se zálohováním (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security se zálohováním (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security se zálohováním (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martin\Desktop" je 5488 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD14Agent
"C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr
"C:\Program Files (x86)\Raptr\raptrstub.exe" --startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk
C:\PROGRA~2\MICROS~2\Office10\OSA.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119674
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Reklama s VIREM- Odcizení účtu steam

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
C:\Users\Martin\AppData\Local\Akamai
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\MountPoints2: {f8c20bb4-efe1-11e4-86a1-10bf4862eb7c} - E:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-4054526268-3199098465-2013731470-1000\...\MountPoints2: {fe6061cf-f22e-11e4-86bf-10bf4862eb7c} - E:\Startme.exe
C:\Program Files (x86)\Skype\Toolbars
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Martin\AppData\Local\Akamai
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Martin\alotic_preferences.dat
C:\Users\Martin\alotic_preferences2.dat
C:\Users\Martin\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:
Velikost slozky "C:\Users\Martin\Desktop" je 5488 MB.
To je příliš mnoho. Takové množství dat může zpomalovat start PC. Vytvořte v C:\Users\Martin novou složku, do níž přesuňte všechna data z plochy (kromě zástupců) a pro snazší přístup vylvořte na ploše zástupce.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“