Trochu začal viac hučať PC,tak som dal správcu úloh a jeden proces s názvom schvost.exe bral 1. 300 000 K pamäte a bolo zvýšené CPU.Keď som ten schvost.exe vypol,prestalo vyťaženie PC, aj hučanie.. PO pol hodine sa to opakovalo a tak je to asi 2 dni.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2016-01-16 13:44:17
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 27 GB (25%) free of 110 GB
Total RAM: 8154 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:44:19, on 16. 1. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files\trend micro\Martin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [pcmgr] C:\Program Files (x86)\ppt\Uninst.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.hola.org
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 4660 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"taskhost.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\wuauclt.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
taskeng.exe {A67C5193-9C62-493C-903C-AE870D69C248}
"C:\Windows\system32\Dwm.exe"
"C:\Windows\system32\wuauclt.exe"
C:\Windows\System32\svchost.exe -k netsvcs
taskeng.exe {B6883357-237D-4D50-8E26-4CDF16316373}
"C:\Users\Martin\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Wise Care 365.job - D:\PROGRAMY\Wise Care 365 12\WiseTray.exe -StartTray
C:\Windows\tasks\Wise Turbo Checker.job - D:\PROGRAMY\Wise Care 365 12\WiseTurbo.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-07-28 767176]
"pcmgr"=C:\Program Files (x86)\ppt\Uninst.exe [2015-12-28 1571296]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\95508523.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\95508523.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2016-01-16 13:44:17 ----D---- C:\Program Files\trend micro
2016-01-16 13:44:16 ----D---- C:\rsit
2016-01-15 20:49:50 ----D---- C:\Users\Martin\AppData\Roaming\Tencent
2016-01-15 20:49:50 ----D---- C:\ProgramData\Tencent
2016-01-15 20:47:49 ----D---- C:\AdwCleaner
2016-01-15 20:33:56 ----D---- C:\Program Files (x86)\ESET
2016-01-14 17:08:01 ----D---- C:\Users\Martin\AppData\Roaming\Seznam.cz
2016-01-13 12:04:33 ----A---- C:\Windows\system32\drivers\EsgScanner.sys
2016-01-13 11:41:57 ----D---- C:\ProgramData\kingsoft
2016-01-13 11:41:44 ----D---- C:\Program Files (x86)\ppt
2016-01-04 17:50:06 ----D---- C:\Program Files (x86)\GUM86E2.tmp
2015-12-17 15:52:28 ----D---- C:\Program Files (x86)\GameSpy Arcade
======List of files/folders modified in the last 1 month======
2016-01-16 13:44:17 ----RD---- C:\Program Files
2016-01-16 13:44:17 ----D---- C:\Windows\Temp
2016-01-16 13:38:49 ----D---- C:\Windows\system32\catroot2
2016-01-16 13:38:49 ----D---- C:\Windows\system32\catroot
2016-01-16 13:38:48 ----D---- C:\Windows\winsxs
2016-01-16 13:23:12 ----D---- C:\Windows\system32\config
2016-01-16 13:23:11 ----D---- C:\Windows\Logs
2016-01-16 12:42:59 ----D---- C:\Windows\System32
2016-01-16 12:42:59 ----D---- C:\Windows\inf
2016-01-16 12:42:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-01-15 20:49:50 ----D---- C:\ProgramData
2016-01-15 20:33:56 ----RD---- C:\Program Files (x86)
2016-01-15 20:06:15 ----SHD---- C:\Windows\Installer
2016-01-15 20:06:15 ----D---- C:\Config.Msi
2016-01-15 20:06:08 ----D---- C:\Windows\system32\drivers
2016-01-15 19:42:59 ----SHD---- C:\System Volume Information
2016-01-15 19:39:06 ----D---- C:\Windows
2016-01-15 19:39:00 ----SD---- C:\ProgramData\Microsoft
2016-01-15 18:44:17 ----D---- C:\Windows\system32\Tasks
2016-01-15 18:43:51 ----D---- C:\Windows\SysWOW64
2016-01-14 15:23:37 ----D---- C:\Users\Martin\AppData\Roaming\Spotify
2016-01-14 12:35:08 ----D---- C:\Program Files (x86)\Opera
2016-01-13 12:35:30 ----D---- C:\Windows\Tasks
2016-01-06 12:21:14 ----D---- C:\Program Files (x86)\Google
2015-12-29 15:52:26 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-12-17 17:00:51 ----D---- C:\Windows\system32\NDF
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-04-22 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-04-22 60416]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-07-29 21622784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-07-29 665088]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2015-07-15 96256]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-03 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-04-22 18432]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-04-22 95232]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2016-01-13 22704]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WiseHDInfo;WiseHDInfo; \??\C:\Windows\WiseHDInfo64.dll [2015-09-02 14800]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-07-29 246784]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-07-28 344064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-08 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-04 269000]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-02-08 569024]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Krasny den Vam preju 
Microsoft 12.1.2016 uvolnil dalsi aktualizace operacniho systemu - doinstalujte je vcetne IE11.
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
Microsoft 12.1.2016 uvolnil dalsi aktualizace operacniho systemu - doinstalujte je vcetne IE11. V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Cleaning
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu logu
# AdwCleaner v5.029 - Logfile created 16/01/2016 at 17:52:19
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Downloads\adwcleaner_5.029.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\Users\Martin\AppData\Roaming\tencent
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt - [792 bytes] ##########
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Downloads\adwcleaner_5.029.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\Users\Martin\AppData\Roaming\tencent
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt - [792 bytes] ##########
Re: Prosím o kontrolu logu
Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu logu
Tu sú dva logy:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Martin (administrator) on MARTIN-PC (16-01-2016 18:24:00)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\ppt\Uninst.exe [1571296 2015-12-28] (Tencent)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5844788-BED4-4849-99BF-940E9B612EC4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515885200-768628804-3900138106-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-04]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-04]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-04]
CHR Extension: (Hľadať v Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-04]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-04]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-04]
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-01-05]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-04-22] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-09-02] (wisecleaner.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-16 18:24 - 2016-01-16 18:24 - 00006732 _____ C:\Users\Martin\Desktop\FRST.txt
2016-01-16 18:23 - 2016-01-16 18:24 - 00000000 ____D C:\FRST
2016-01-16 18:21 - 2016-01-16 18:21 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2016-01-16 18:19 - 2016-01-16 18:19 - 02370560 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-01-16 17:53 - 2016-01-16 17:53 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Tencent
2016-01-16 17:53 - 2016-01-16 17:53 - 00000000 ____D C:\ProgramData\Tencent
2016-01-16 17:51 - 2016-01-16 17:51 - 01754112 _____ C:\Users\Martin\Downloads\adwcleaner_5.029.exe
2016-01-16 16:32 - 2016-01-16 16:32 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-01-16 16:32 - 2016-01-16 16:32 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-01-16 16:31 - 2016-01-16 17:48 - 00000000 ____D C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2016-01-16 16:29 - 2016-01-16 16:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Martin\Downloads\SpyHunter-Installer.exe
2016-01-16 13:44 - 2016-01-16 13:44 - 00000000 ____D C:\rsit
2016-01-16 13:44 - 2016-01-16 13:44 - 00000000 ____D C:\Program Files\trend micro
2016-01-15 20:47 - 2016-01-16 17:52 - 00000000 ____D C:\AdwCleaner
2016-01-15 19:39 - 2016-01-15 20:06 - 00001912 _____ C:\Windows\epplauncher.mif
2016-01-14 17:08 - 2016-01-15 12:15 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Seznam.cz
2016-01-14 17:07 - 2016-01-14 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
2016-01-13 11:46 - 2016-01-13 11:46 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-01-13 11:41 - 2016-01-13 11:50 - 00000000 ____D C:\Users\Martin\AppData\Local\PPTAssist
2016-01-13 11:41 - 2016-01-13 11:41 - 00041472 _____ C:\Users\Martin\AppData\Local\statstrip.dat
2016-01-13 11:41 - 2016-01-13 11:41 - 00000187 _____ C:\Users\Martin\AppData\Local\statstrip.exe.config
2016-01-13 11:41 - 2016-01-13 11:41 - 00000000 ____D C:\ProgramData\kingsoft
2016-01-13 11:41 - 2016-01-13 11:41 - 00000000 ____D C:\Program Files (x86)\ppt
2016-01-13 11:40 - 2016-01-13 11:40 - 00000000 ____D C:\Users\Martin\AppData\Local\Ball Video
2016-01-04 17:50 - 2016-01-04 17:50 - 00000000 ____D C:\Program Files (x86)\GUM86E2.tmp
2015-12-30 12:55 - 2015-12-30 13:05 - 46129157 _____ C:\Users\Martin\Downloads\MOJO - February 2016.pdf
2015-12-29 15:14 - 2015-12-28 22:18 - 00000000 ____D C:\Users\Martin\Desktop\Uncut - February 2016
2015-12-17 15:52 - 2016-01-13 12:35 - 00000532 _____ C:\Users\Martin\Desktop\MotoGP URT 3.lnk
2015-12-17 15:52 - 2015-12-17 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-12-17 15:52 - 2015-12-17 15:54 - 00000000 ____D C:\Program Files (x86)\GameSpy Arcade
2015-12-17 15:52 - 2015-12-17 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-16 18:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-16 18:00 - 2009-07-14 05:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-16 18:00 - 2009-07-14 05:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-16 17:59 - 2009-07-14 06:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-16 17:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-16 17:53 - 2015-09-02 12:53 - 00000350 _____ C:\Windows\Tasks\Wise Care 365.job
2016-01-16 17:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-16 16:55 - 2009-07-14 06:08 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-16 16:53 - 2015-10-04 18:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-16 13:00 - 2015-09-02 12:47 - 00000378 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2016-01-15 18:44 - 2015-12-04 19:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 18:44 - 2014-12-24 12:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 17:35 - 2014-07-28 17:35 - 00000000 ____D C:\Users\Martin
2016-01-14 17:16 - 2014-12-15 19:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Apps\2.0
2016-01-14 15:23 - 2014-08-16 19:49 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Spotify
2016-01-14 12:35 - 2015-09-28 17:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1443458430
2016-01-14 12:35 - 2014-07-28 17:51 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-13 12:35 - 2015-09-28 17:40 - 00000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-01-13 12:35 - 2015-09-28 17:40 - 00000982 _____ C:\Users\Public\Desktop\Opera.lnk
2016-01-13 11:54 - 2014-07-28 17:43 - 00001443 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-13 11:54 - 2014-07-28 17:43 - 00001409 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-01-13 11:54 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-06 12:21 - 2015-01-27 12:23 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-29 15:52 - 2015-10-04 18:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-29 15:52 - 2014-07-29 12:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-29 15:52 - 2014-07-29 12:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-17 17:01 - 2014-08-24 11:31 - 00000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2015-12-17 17:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2015-07-25 15:15 - 2015-07-25 15:15 - 0007605 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2016-01-13 11:41 - 2016-01-13 11:41 - 0041472 _____ () C:\Users\Martin\AppData\Local\statstrip.dat
2016-01-13 11:41 - 2016-01-13 11:41 - 0000187 _____ () C:\Users\Martin\AppData\Local\statstrip.exe.config
2015-06-16 16:54 - 2015-06-16 16:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat
Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\4A68.tmp.exe
C:\Users\Martin\AppData\Local\Temp\55DD.tmp.exe
C:\Users\Martin\AppData\Local\Temp\82E7.tmp.exe
C:\Users\Martin\AppData\Local\Temp\atdl.exe
C:\Users\Martin\AppData\Local\Temp\avg1007.exe
C:\Users\Martin\AppData\Local\Temp\C0C0.tmp.exe
C:\Users\Martin\AppData\Local\Temp\F4AA.tmp.exe
C:\Users\Martin\AppData\Local\Temp\fsd820B.exe
C:\Users\Martin\AppData\Local\Temp\ICReinstall_C0C0.tmp.exe
C:\Users\Martin\AppData\Local\Temp\nsa9FF7.exe
C:\Users\Martin\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe
C:\Users\Martin\AppData\Local\Temp\qqpcmgr_v10.8.16208.227_71913_Silence.exe
C:\Users\Martin\AppData\Local\Temp\set.exe
C:\Users\Martin\AppData\Local\Temp\SHSetup.exe
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll
C:\Users\Martin\AppData\Local\Temp\Uninstall.exe
C:\Users\Martin\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-09 15:28
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:107.32 GB) (Free:23.68 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:338.64 GB) NTFS
Available physical RAM: 6943.63 MB
Total physical RAM: 8154.46 MB
Percentage of memory in use: 14%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Wise Care 365.job => D:\PROGRAMY\Wise Care 365 12\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => D:\PROGRAMY\Wise Care 365 12\WiseTurbo.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Martin\Desktop" je 23 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper
"C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Martin (2016-01-16 18:24:42)
Running from C:\Users\Martin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-28 16:35:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-515885200-768628804-3900138106-500 - Administrator - Disabled)
Guest (S-1-5-21-515885200-768628804-3900138106-501 - Limited - Disabled)
Martin (S-1-5-21-515885200-768628804-3900138106-1000 - Administrator - Enabled) => C:\Users\Martin
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoGP URT 3 (HKLM-x32\...\MotoGP URT 3_is1) (Version: - THQ)
Opera Stable 34.0.2036.47 (HKLM-x32\...\Opera 34.0.2036.47) (Version: 34.0.2036.47 - Opera Software)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version: - )
Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version: - Crystal Dynamics)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {153E60DE-B891-4F9C-90E9-EDB9F37976E0} - \{089BE96F-D0A5-49E1-88C2-9FE40C798689} -> No File <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6E86966C-6566-4B68-97C9-37B15DA4CD51} - System32\Tasks\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6 => C:\Users\Martin\AppData\Local\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6.exe <==== ATTENTION
Task: {74FC347C-1BDA-4916-9FA0-84CA926BA809} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-04] (Adobe Systems Incorporated)
Task: {83497BC7-1377-4BDA-8E0B-6A7AA66C781E} - \Ball Video -> No File <==== ATTENTION
Task: {8417D9E8-0C9F-4D41-854E-3F361E2CDC95} - System32\Tasks\Wise Care 365 => D:\PROGRAMY\Wise Care 365 12\WiseTray.exe
Task: {A300431C-3D06-4EE2-92D7-D979BCDFBD8C} - System32\Tasks\AAF6B80D-57C6-4E1B-A87-4797EA17A06D => C:\Users\Martin\AppData\Local\AAF6B80D-57C6-4E1B-A87-4797EA17A06D\AAF6B80D-57C6-4E1B-A87-4797EA17A06D.exe <==== ATTENTION
Task: {A81DF6E5-E8E1-4F79-B256-46CF9F0CCF4D} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> No File <==== ATTENTION
Task: {C0EA700A-9EA1-4722-A17F-150A55E2C990} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {C2CDE5CD-B99C-4FF1-9907-2DB7A1A6B816} - System32\Tasks\Opera scheduled Autoupdate 1443458430 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-08] (Opera Software)
Task: {D8044E06-3646-45FB-A080-F58C859785B2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E0FE3EA5-4712-4F0E-B38F-B2C912AE54CB} - \Ball Video2 -> No File <==== ATTENTION
Task: {EA3BA796-07CB-4948-BE46-C9FFE08B8D9E} - System32\Tasks\Wise Turbo Checker => D:\PROGRAMY\Wise Care 365 12\WiseTurbo.exe
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Wise Care 365.job => D:\PROGRAMY\Wise Care 365 12\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => D:\PROGRAMY\Wise Care 365 12\WiseTurbo.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-28 21:45 - 2015-07-28 21:45 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-07-28 21:45 - 2015-07-28 21:45 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\95508523.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\95508523.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\hola.org -> hxxp://hola.org
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-09-30 18:40 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{646DCD8D-DF44-49C1-8F8E-C9FF2902413E}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{A2AD1C24-3EE8-4850-8E35-DFBB4C259DAA}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{E5575B45-0733-47F6-958D-0E74A7E5D2BA}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{7067E74E-652C-4023-B71A-FE815B893FF5}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{D7B9C5CE-4AC8-48C1-BD71-B357B8BF3E5F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9A8EE00C-D15B-4081-98BC-A1B3116BD335}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{E15D46E9-0EA6-489E-9917-B27393EA56A1}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{B12F4E68-0197-4558-B750-D4D26A9EAC50}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [TCP Query User{C5EB449F-BED4-49D4-8CE4-ADA02F25B1F3}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [UDP Query User{E20D8B8E-7B76-46C2-9AC2-8FCEA7D0CA8B}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [TCP Query User{916542B8-37B2-4B45-8060-109345C8D7D2}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [UDP Query User{94383437-B0C7-46BF-8400-48F5FAA98512}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [TCP Query User{DE4540C8-E0F0-447C-8CBD-E517EC8A5631}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F39D7C0B-109B-49DA-A5BD-098C0BF1FCDE}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
==================== Restore Points =========================
07-07-2015 16:07:19 Installed iTunes
07-07-2015 16:10:38 Removed iTunes
07-07-2015 16:11:12 Removed Bonjour
07-07-2015 16:11:32 Removed Apple Software Update
07-07-2015 16:11:50 Removed Apple Mobile Device Support
15-07-2015 14:17:03 Plánovaný kontrolný bod
24-07-2015 15:21:05 Plánovaný kontrolný bod
02-08-2015 15:19:30 Plánovaný kontrolný bod
19-08-2015 08:59:11 Plánovaný kontrolný bod
31-08-2015 20:18:06 Plánovaný kontrolný bod
08-09-2015 17:17:47 Plánovaný kontrolný bod
16-09-2015 13:23:56 Plánovaný kontrolný bod
23-09-2015 18:02:32 Plánovaný kontrolný bod
30-09-2015 21:21:17 zoek.exe restore point
10-10-2015 14:14:19 Plánovaný kontrolný bod
18-10-2015 16:05:14 Plánovaný kontrolný bod
26-10-2015 19:53:51 Plánovaný kontrolný bod
03-11-2015 19:21:44 Plánovaný kontrolný bod
11-11-2015 15:42:48 Plánovaný kontrolný bod
19-11-2015 21:32:04 Plánovaný kontrolný bod
27-11-2015 12:29:01 Plánovaný kontrolný bod
04-12-2015 18:19:17 Plánovaný kontrolný bod
15-12-2015 13:29:48 Plánovaný kontrolný bod
31-12-2015 15:57:26 Plánovaný kontrolný bod
10-01-2016 15:18:49 Plánovaný kontrolný bod
15-01-2016 19:42:48 Windows Update
16-01-2016 16:31:28 Installed SpyHunter
16-01-2016 17:47:34 Removed SpyHunter
16-01-2016 17:48:30 Removed SpyHunter
==================== Faulty Device Manager Devices =============
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/16/2016 05:59:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (01/16/2016 05:59:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (01/16/2016 05:55:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2016 05:48:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/16/2016 05:39:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (01/16/2016 05:39:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (01/16/2016 05:34:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2016 05:06:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/16/2016 01:49:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (01/16/2016 01:49:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
System errors:
=============
Error: (01/16/2016 05:53:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.
Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126
Error: (01/16/2016 05:52:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Volume Shadow Copy sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (01/16/2016 05:52:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Inštalátor systému Windows sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Error: (01/16/2016 05:52:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Modules Installer sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Error: (01/16/2016 05:52:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (01/16/2016 05:52:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (01/16/2016 05:52:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Error: (01/16/2016 05:52:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (01/16/2016 04:55:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows Update sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 3-krát.
Error: (01/16/2016 04:55:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows Management Instrumentation sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 3-krát.
CodeIntegrity:
===================================
Date: 2015-06-18 15:32:57.908
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.846
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.768
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.705
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.697
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.635
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.479
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 12:45:36.352
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 12:45:36.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 14%
Total physical RAM: 8154.46 MB
Available physical RAM: 6943.63 MB
Total Virtual: 16307.11 MB
Available Virtual: 14999.15 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:107.32 GB) (Free:23.68 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:338.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Martin (administrator) on MARTIN-PC (16-01-2016 18:24:00)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\ppt\Uninst.exe [1571296 2015-12-28] (Tencent)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5844788-BED4-4849-99BF-940E9B612EC4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515885200-768628804-3900138106-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-04]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-04]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-04]
CHR Extension: (Hľadať v Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-04]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-04]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-04]
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-01-05]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-04-22] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-09-02] (wisecleaner.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-16 18:24 - 2016-01-16 18:24 - 00006732 _____ C:\Users\Martin\Desktop\FRST.txt
2016-01-16 18:23 - 2016-01-16 18:24 - 00000000 ____D C:\FRST
2016-01-16 18:21 - 2016-01-16 18:21 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2016-01-16 18:19 - 2016-01-16 18:19 - 02370560 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-01-16 17:53 - 2016-01-16 17:53 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Tencent
2016-01-16 17:53 - 2016-01-16 17:53 - 00000000 ____D C:\ProgramData\Tencent
2016-01-16 17:51 - 2016-01-16 17:51 - 01754112 _____ C:\Users\Martin\Downloads\adwcleaner_5.029.exe
2016-01-16 16:32 - 2016-01-16 16:32 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-01-16 16:32 - 2016-01-16 16:32 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-01-16 16:31 - 2016-01-16 17:48 - 00000000 ____D C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2016-01-16 16:29 - 2016-01-16 16:29 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Martin\Downloads\SpyHunter-Installer.exe
2016-01-16 13:44 - 2016-01-16 13:44 - 00000000 ____D C:\rsit
2016-01-16 13:44 - 2016-01-16 13:44 - 00000000 ____D C:\Program Files\trend micro
2016-01-15 20:47 - 2016-01-16 17:52 - 00000000 ____D C:\AdwCleaner
2016-01-15 19:39 - 2016-01-15 20:06 - 00001912 _____ C:\Windows\epplauncher.mif
2016-01-14 17:08 - 2016-01-15 12:15 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Seznam.cz
2016-01-14 17:07 - 2016-01-14 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
2016-01-13 11:46 - 2016-01-13 11:46 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-01-13 11:41 - 2016-01-13 11:50 - 00000000 ____D C:\Users\Martin\AppData\Local\PPTAssist
2016-01-13 11:41 - 2016-01-13 11:41 - 00041472 _____ C:\Users\Martin\AppData\Local\statstrip.dat
2016-01-13 11:41 - 2016-01-13 11:41 - 00000187 _____ C:\Users\Martin\AppData\Local\statstrip.exe.config
2016-01-13 11:41 - 2016-01-13 11:41 - 00000000 ____D C:\ProgramData\kingsoft
2016-01-13 11:41 - 2016-01-13 11:41 - 00000000 ____D C:\Program Files (x86)\ppt
2016-01-13 11:40 - 2016-01-13 11:40 - 00000000 ____D C:\Users\Martin\AppData\Local\Ball Video
2016-01-04 17:50 - 2016-01-04 17:50 - 00000000 ____D C:\Program Files (x86)\GUM86E2.tmp
2015-12-30 12:55 - 2015-12-30 13:05 - 46129157 _____ C:\Users\Martin\Downloads\MOJO - February 2016.pdf
2015-12-29 15:14 - 2015-12-28 22:18 - 00000000 ____D C:\Users\Martin\Desktop\Uncut - February 2016
2015-12-17 15:52 - 2016-01-13 12:35 - 00000532 _____ C:\Users\Martin\Desktop\MotoGP URT 3.lnk
2015-12-17 15:52 - 2015-12-17 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-12-17 15:52 - 2015-12-17 15:54 - 00000000 ____D C:\Program Files (x86)\GameSpy Arcade
2015-12-17 15:52 - 2015-12-17 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-16 18:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-16 18:00 - 2009-07-14 05:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-16 18:00 - 2009-07-14 05:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-16 17:59 - 2009-07-14 06:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-16 17:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-16 17:53 - 2015-09-02 12:53 - 00000350 _____ C:\Windows\Tasks\Wise Care 365.job
2016-01-16 17:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-16 16:55 - 2009-07-14 06:08 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-16 16:53 - 2015-10-04 18:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-16 13:00 - 2015-09-02 12:47 - 00000378 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2016-01-15 18:44 - 2015-12-04 19:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 18:44 - 2014-12-24 12:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 17:35 - 2014-07-28 17:35 - 00000000 ____D C:\Users\Martin
2016-01-14 17:16 - 2014-12-15 19:30 - 00000000 ____D C:\Users\Martin\AppData\Local\Apps\2.0
2016-01-14 15:23 - 2014-08-16 19:49 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Spotify
2016-01-14 12:35 - 2015-09-28 17:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1443458430
2016-01-14 12:35 - 2014-07-28 17:51 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-13 12:35 - 2015-09-28 17:40 - 00000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-01-13 12:35 - 2015-09-28 17:40 - 00000982 _____ C:\Users\Public\Desktop\Opera.lnk
2016-01-13 11:54 - 2014-07-28 17:43 - 00001443 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-13 11:54 - 2014-07-28 17:43 - 00001409 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-01-13 11:54 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-06 12:21 - 2015-01-27 12:23 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-29 15:52 - 2015-10-04 18:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-29 15:52 - 2014-07-29 12:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-29 15:52 - 2014-07-29 12:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-17 17:01 - 2014-08-24 11:31 - 00000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2015-12-17 17:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2015-07-25 15:15 - 2015-07-25 15:15 - 0007605 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2016-01-13 11:41 - 2016-01-13 11:41 - 0041472 _____ () C:\Users\Martin\AppData\Local\statstrip.dat
2016-01-13 11:41 - 2016-01-13 11:41 - 0000187 _____ () C:\Users\Martin\AppData\Local\statstrip.exe.config
2015-06-16 16:54 - 2015-06-16 16:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat
Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\4A68.tmp.exe
C:\Users\Martin\AppData\Local\Temp\55DD.tmp.exe
C:\Users\Martin\AppData\Local\Temp\82E7.tmp.exe
C:\Users\Martin\AppData\Local\Temp\atdl.exe
C:\Users\Martin\AppData\Local\Temp\avg1007.exe
C:\Users\Martin\AppData\Local\Temp\C0C0.tmp.exe
C:\Users\Martin\AppData\Local\Temp\F4AA.tmp.exe
C:\Users\Martin\AppData\Local\Temp\fsd820B.exe
C:\Users\Martin\AppData\Local\Temp\ICReinstall_C0C0.tmp.exe
C:\Users\Martin\AppData\Local\Temp\nsa9FF7.exe
C:\Users\Martin\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe
C:\Users\Martin\AppData\Local\Temp\qqpcmgr_v10.8.16208.227_71913_Silence.exe
C:\Users\Martin\AppData\Local\Temp\set.exe
C:\Users\Martin\AppData\Local\Temp\SHSetup.exe
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll
C:\Users\Martin\AppData\Local\Temp\Uninstall.exe
C:\Users\Martin\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-09 15:28
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:107.32 GB) (Free:23.68 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:338.64 GB) NTFS
Available physical RAM: 6943.63 MB
Total physical RAM: 8154.46 MB
Percentage of memory in use: 14%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Wise Care 365.job => D:\PROGRAMY\Wise Care 365 12\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => D:\PROGRAMY\Wise Care 365 12\WiseTurbo.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Martin\Desktop" je 23 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper
"C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Martin (2016-01-16 18:24:42)
Running from C:\Users\Martin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-28 16:35:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-515885200-768628804-3900138106-500 - Administrator - Disabled)
Guest (S-1-5-21-515885200-768628804-3900138106-501 - Limited - Disabled)
Martin (S-1-5-21-515885200-768628804-3900138106-1000 - Administrator - Enabled) => C:\Users\Martin
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoGP URT 3 (HKLM-x32\...\MotoGP URT 3_is1) (Version: - THQ)
Opera Stable 34.0.2036.47 (HKLM-x32\...\Opera 34.0.2036.47) (Version: 34.0.2036.47 - Opera Software)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version: - )
Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version: - Crystal Dynamics)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {153E60DE-B891-4F9C-90E9-EDB9F37976E0} - \{089BE96F-D0A5-49E1-88C2-9FE40C798689} -> No File <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6E86966C-6566-4B68-97C9-37B15DA4CD51} - System32\Tasks\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6 => C:\Users\Martin\AppData\Local\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6.exe <==== ATTENTION
Task: {74FC347C-1BDA-4916-9FA0-84CA926BA809} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-04] (Adobe Systems Incorporated)
Task: {83497BC7-1377-4BDA-8E0B-6A7AA66C781E} - \Ball Video -> No File <==== ATTENTION
Task: {8417D9E8-0C9F-4D41-854E-3F361E2CDC95} - System32\Tasks\Wise Care 365 => D:\PROGRAMY\Wise Care 365 12\WiseTray.exe
Task: {A300431C-3D06-4EE2-92D7-D979BCDFBD8C} - System32\Tasks\AAF6B80D-57C6-4E1B-A87-4797EA17A06D => C:\Users\Martin\AppData\Local\AAF6B80D-57C6-4E1B-A87-4797EA17A06D\AAF6B80D-57C6-4E1B-A87-4797EA17A06D.exe <==== ATTENTION
Task: {A81DF6E5-E8E1-4F79-B256-46CF9F0CCF4D} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> No File <==== ATTENTION
Task: {C0EA700A-9EA1-4722-A17F-150A55E2C990} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {C2CDE5CD-B99C-4FF1-9907-2DB7A1A6B816} - System32\Tasks\Opera scheduled Autoupdate 1443458430 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-08] (Opera Software)
Task: {D8044E06-3646-45FB-A080-F58C859785B2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E0FE3EA5-4712-4F0E-B38F-B2C912AE54CB} - \Ball Video2 -> No File <==== ATTENTION
Task: {EA3BA796-07CB-4948-BE46-C9FFE08B8D9E} - System32\Tasks\Wise Turbo Checker => D:\PROGRAMY\Wise Care 365 12\WiseTurbo.exe
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Wise Care 365.job => D:\PROGRAMY\Wise Care 365 12\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => D:\PROGRAMY\Wise Care 365 12\WiseTurbo.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-28 21:45 - 2015-07-28 21:45 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-07-28 21:45 - 2015-07-28 21:45 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\95508523.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\95508523.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\hola.org -> hxxp://hola.org
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-09-30 18:40 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{646DCD8D-DF44-49C1-8F8E-C9FF2902413E}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{A2AD1C24-3EE8-4850-8E35-DFBB4C259DAA}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{E5575B45-0733-47F6-958D-0E74A7E5D2BA}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{7067E74E-652C-4023-B71A-FE815B893FF5}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{D7B9C5CE-4AC8-48C1-BD71-B357B8BF3E5F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9A8EE00C-D15B-4081-98BC-A1B3116BD335}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{E15D46E9-0EA6-489E-9917-B27393EA56A1}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{B12F4E68-0197-4558-B750-D4D26A9EAC50}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [TCP Query User{C5EB449F-BED4-49D4-8CE4-ADA02F25B1F3}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [UDP Query User{E20D8B8E-7B76-46C2-9AC2-8FCEA7D0CA8B}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [TCP Query User{916542B8-37B2-4B45-8060-109345C8D7D2}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [UDP Query User{94383437-B0C7-46BF-8400-48F5FAA98512}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [TCP Query User{DE4540C8-E0F0-447C-8CBD-E517EC8A5631}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F39D7C0B-109B-49DA-A5BD-098C0BF1FCDE}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
==================== Restore Points =========================
07-07-2015 16:07:19 Installed iTunes
07-07-2015 16:10:38 Removed iTunes
07-07-2015 16:11:12 Removed Bonjour
07-07-2015 16:11:32 Removed Apple Software Update
07-07-2015 16:11:50 Removed Apple Mobile Device Support
15-07-2015 14:17:03 Plánovaný kontrolný bod
24-07-2015 15:21:05 Plánovaný kontrolný bod
02-08-2015 15:19:30 Plánovaný kontrolný bod
19-08-2015 08:59:11 Plánovaný kontrolný bod
31-08-2015 20:18:06 Plánovaný kontrolný bod
08-09-2015 17:17:47 Plánovaný kontrolný bod
16-09-2015 13:23:56 Plánovaný kontrolný bod
23-09-2015 18:02:32 Plánovaný kontrolný bod
30-09-2015 21:21:17 zoek.exe restore point
10-10-2015 14:14:19 Plánovaný kontrolný bod
18-10-2015 16:05:14 Plánovaný kontrolný bod
26-10-2015 19:53:51 Plánovaný kontrolný bod
03-11-2015 19:21:44 Plánovaný kontrolný bod
11-11-2015 15:42:48 Plánovaný kontrolný bod
19-11-2015 21:32:04 Plánovaný kontrolný bod
27-11-2015 12:29:01 Plánovaný kontrolný bod
04-12-2015 18:19:17 Plánovaný kontrolný bod
15-12-2015 13:29:48 Plánovaný kontrolný bod
31-12-2015 15:57:26 Plánovaný kontrolný bod
10-01-2016 15:18:49 Plánovaný kontrolný bod
15-01-2016 19:42:48 Windows Update
16-01-2016 16:31:28 Installed SpyHunter
16-01-2016 17:47:34 Removed SpyHunter
16-01-2016 17:48:30 Removed SpyHunter
==================== Faulty Device Manager Devices =============
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/16/2016 05:59:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (01/16/2016 05:59:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (01/16/2016 05:55:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2016 05:48:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/16/2016 05:39:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (01/16/2016 05:39:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (01/16/2016 05:34:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/16/2016 05:06:08 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/16/2016 01:49:36 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (01/16/2016 01:49:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
System errors:
=============
Error: (01/16/2016 05:53:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.
Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126
Error: (01/16/2016 05:52:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Volume Shadow Copy sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (01/16/2016 05:52:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Inštalátor systému Windows sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Error: (01/16/2016 05:52:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Modules Installer sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Error: (01/16/2016 05:52:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (01/16/2016 05:52:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (01/16/2016 05:52:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Error: (01/16/2016 05:52:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (01/16/2016 04:55:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows Update sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 3-krát.
Error: (01/16/2016 04:55:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows Management Instrumentation sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 3-krát.
CodeIntegrity:
===================================
Date: 2015-06-18 15:32:57.908
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.846
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.768
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.705
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.697
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.635
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.479
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 12:45:36.352
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 12:45:36.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 14%
Total physical RAM: 8154.46 MB
Available physical RAM: 6943.63 MB
Total Virtual: 16307.11 MB
Available Virtual: 14999.15 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:107.32 GB) (Free:23.68 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:338.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Re: Prosím o kontrolu logu
Microsoft 12.1.2016 uvolnil dalsi aktualizace operacniho systemu - doinstalujte vsechny dulezite aktualizace vcetne IE11. Navic nemate nainstalovany ani antivir. V teto situaci je odstranovani malwaru zbytecne, protoze bychom Vas meli zanedlouho zpatky. Odinstalujte SpyHunter - odmita ucast na srovnavacich testech antimalwarovych nastroju a nektere zdroje ho radi mezi tzv. rogueware. Zkratka jeho cinnost i ucinnost je velice diskutabilni. Pro dalsi informace doporucuji procist http://www.bleepingcomputer.com/forums/ ... try3491488Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu logu
Díky za pomoc,ale musel som to riešiť.Ospravedlňujem sa. ESET online a Malwarebytes mi odstránili asi 31 nečistôt. Problém s pc zmizol. Samozrejme nainštalujem to, čo ste mi odporučili vrátane IE 11. V prípade problémov sa ozvem.
Re: Prosím o kontrolu logu
Mne se za nezabezpeceni sveho PC omlouvat nemusite, protoze me s nejvyssi pravdepodobnosti nijak neovlivni. Odvirovani tohoto PC je otazka nekolika minut, ale byla by to zbytecna prace pokud se alespon nepokusim o jakousi informacni osvetu 
Protoze nevim, co ESET Online Scanner a MBAM nalezli a smazali, nemuzu rict, zda byl PC odvirovan (mozne to je). Pokud byste chtel moji asistenci, ozvete se.
V pripade potreby urgentni pomoci doporucuji http://neslape.cz/
Protoze nevim, co ESET Online Scanner a MBAM nalezli a smazali, nemuzu rict, zda byl PC odvirovan (mozne to je). Pokud byste chtel moji asistenci, ozvete se.
V pripade potreby urgentni pomoci doporucuji http://neslape.cz/
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?