V správcovi úloh mi beží niečo kuriózne ako Lucky Browse a zmenila sa domovská stránka vždy keď spustím OPERU.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2016-04-06 12:32:38
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 73 GB (66%) free of 110 GB
Total RAM: 8154 MB (86% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:32:41, on 6. 4. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe
C:\Program Files\trend micro\Martin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Cash Kitten - {9ea7bd36-2d13-4df3-837f-7ac273765e7d} - C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [SandboxieControl] "D:\PROGRAMY\sandboxie\SbieCtrl.exe"
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.hola.org
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - D:\PROGRAMY\sandboxie\SbieSvc.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 4882 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
taskeng.exe {DA705689-2E5F-4F2D-A54D-57F5272009A3}
"C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe"
"C:\Users\Martin\AppData\Local\Temp\scoped_dir2916_26082\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ea7bd36-2d13-4df3-837f-7ac273765e7d}]
Cash Kitten - C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"=D:\PROGRAMY\sandboxie\SbieCtrl.exe [2016-02-26 797328]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-07-28 767176]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2016-04-06 12:32:39 ----D---- C:\Program Files\trend micro
2016-04-06 12:32:38 ----D---- C:\rsit
2016-04-06 12:28:33 ----D---- C:\Users\Martin\AppData\Roaming\SpringFiles
2016-04-06 12:28:31 ----D---- C:\Program Files (x86)\SrpnFiles
2016-04-06 12:28:25 ----D---- C:\ProgramData\LuckyBrowse
2016-04-06 12:28:25 ----D---- C:\Program Files (x86)\LuckyBrowse
2016-04-06 12:28:11 ----D---- C:\ProgramData\d8986107-dff3-4565-a17b-637d7c3968d3
2016-04-06 12:28:10 ----D---- C:\Program Files (x86)\Cash Kitten
2016-04-02 17:34:10 ----D---- C:\Program Files (x86)\ESET
2016-03-30 13:59:12 ----D---- C:\Program Files\CCleaner
2016-03-30 12:58:57 ----RD---- C:\Sandbox
2016-03-29 14:30:02 ----D---- C:\Users\Martin\AppData\Roaming\XMusicUpdate
2016-03-15 18:32:19 ----D---- C:\Program Files (x86)\GUM5BCC.tmp
2016-03-10 18:10:07 ----SHD---- C:\$RECYCLE.BIN
2016-03-10 18:09:36 ----SD---- C:\ComboFix
2016-03-10 12:51:34 ----D---- C:\Program Files (x86)\Avira
2016-03-09 16:32:45 ----D---- C:\Windows\temp
======List of files/folders modified in the last 1 month======
2016-04-06 12:32:39 ----RD---- C:\Program Files
2016-04-06 12:28:31 ----RD---- C:\Program Files (x86)
2016-04-06 12:28:25 ----D---- C:\Windows\system32\Tasks
2016-04-06 12:28:25 ----D---- C:\ProgramData
2016-04-06 12:28:15 ----D---- C:\Program Files (x86)\Common Files
2016-04-06 08:59:00 ----D---- C:\Windows\System32
2016-04-06 08:59:00 ----D---- C:\Windows\inf
2016-04-06 08:59:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-05 15:24:19 ----D---- C:\Windows
2016-04-05 15:24:19 ----A---- C:\Windows\Sandboxie.ini
2016-04-03 14:29:05 ----SHD---- C:\System Volume Information
2016-03-31 14:22:58 ----SHD---- C:\Windows\Installer
2016-03-31 11:17:16 ----D---- C:\Program Files (x86)\Opera
2016-03-26 18:54:04 ----D---- C:\Windows\system32\config
2016-03-25 17:31:06 ----D---- C:\Users\Martin\AppData\Roaming\Spotify
2016-03-24 15:53:45 ----D---- C:\Windows\SysWOW64
2016-03-24 15:52:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-03-22 11:47:56 ----D---- C:\Windows\system32\catroot2
2016-03-16 11:28:56 ----D---- C:\Program Files (x86)\Google
2016-03-15 18:34:56 ----D---- C:\Windows\Tasks
2016-03-13 17:50:36 ----D---- C:\Config.Msi
2016-03-10 18:09:34 ----D---- C:\Windows\system32\drivers
2016-03-10 12:56:46 ----D---- C:\Windows\system32\catroot
2016-03-09 16:31:07 ----A---- C:\Windows\system.ini
2016-03-09 16:31:03 ----D---- C:\Windows\system32\drivers\etc
2016-03-09 16:28:56 ----D---- C:\Windows\SYSWOW64\drivers
2016-03-09 16:28:56 ----D---- C:\Windows\AppPatch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-04-22 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-04-22 60416]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-07-29 21622784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-07-29 665088]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2015-07-15 96256]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 SbieDrv;SbieDrv; \??\D:\PROGRAMY\sandboxie\SbieDrv.sys [2016-02-26 204944]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-03 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-04-22 18432]
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-04-22 95232]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WiseHDInfo;WiseHDInfo; \??\C:\Windows\WiseHDInfo64.dll [2015-09-02 14800]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-14 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-07-29 246784]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-07-28 344064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 SbieSvc;Sandboxie Service; D:\PROGRAMY\sandboxie\SbieSvc.exe [2016-02-26 187024]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-04 269000]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-02-08 569024]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Krasny den Vam preju 
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Cleaning
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu logu
# AdwCleaner v5.109 - Logfile created 06/04/2016 at 13:13:28
# Updated 04/04/2016 by Xplode
# Database : 2016-04-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\AppData\Local\Temp\scoped_dir464_24283\adwcleaner_5.109.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Common Files\d8986107-dff3-4565-a17b-637d7c3968d3
[-] Folder Deleted : C:\ProgramData\LuckyBrowse
[-] Folder Deleted : C:\ProgramData\d8986107-dff3-4565-a17b-637d7c3968d3
[#] Folder Deleted : C:\ProgramData\Application Data\LuckyBrowse
[#] Folder Deleted : C:\ProgramData\Application Data\d8986107-dff3-4565-a17b-637d7c3968d3
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
[-] Folder Deleted : C:\Users\Martin\AppData\Roaming\SpringFiles
[#] Folder Deleted : C:\Windows\SysNative\Tasks\LuckyBrowse
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Opera.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ\MotoGP URT 3\MotoGP URT 3.lnk
[-] Shortcut Disinfected : C:\Users\Martin\Desktop\MotoGP URT 3.lnk
[-] Shortcut Disinfected : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[-] Shortcut Disinfected : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut Disinfected : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk
***** [ Scheduled tasks ] *****
[-] Task Deleted : LuckyBrowse
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.qq.qmchext
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmbfile
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmgcfiles
[-] Key Deleted : HKLM\SOFTWARE\Classes\qpakfile
[-] Key Deleted : HKLM\SOFTWARE\Classes\qqapp
[-] Key Deleted : HKLM\SOFTWARE\Classes\QQPCMgr.qbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\qqpro
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{573F9869-D92C-4B7E-A9C3-F042278D5078}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
[-] Key Deleted : HKCU\Software\SrpnFiles
[-] Key Deleted : HKLM\SOFTWARE\LuckyBrowse
[-] Key Deleted : HKLM\SOFTWARE\SrpnFiles
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F1A6640F-B2A6-4040-B3CF-575D7BC5F98B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2E71C3C4-45B9-45F9-823A-D8A78D8D55BB}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6D7F57BF-59CF-443B-8C92-3B2F8773660F}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{19DCFEDD-6118-48F6-9643-D646A7A7286C}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1148BC37-65BC-45F4-A124-9D2BB372BBE4}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{44046C28-7421-47D7-8BBB-E0AD735A575E}]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [4906 bytes] - [06/04/2016 13:13:28]
C:\AdwCleaner\AdwCleaner[S1].txt - [5708 bytes] - [06/04/2016 13:12:43]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5052 bytes] ##########
# Updated 04/04/2016 by Xplode
# Database : 2016-04-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\AppData\Local\Temp\scoped_dir464_24283\adwcleaner_5.109.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Common Files\d8986107-dff3-4565-a17b-637d7c3968d3
[-] Folder Deleted : C:\ProgramData\LuckyBrowse
[-] Folder Deleted : C:\ProgramData\d8986107-dff3-4565-a17b-637d7c3968d3
[#] Folder Deleted : C:\ProgramData\Application Data\LuckyBrowse
[#] Folder Deleted : C:\ProgramData\Application Data\d8986107-dff3-4565-a17b-637d7c3968d3
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
[-] Folder Deleted : C:\Users\Martin\AppData\Roaming\SpringFiles
[#] Folder Deleted : C:\Windows\SysNative\Tasks\LuckyBrowse
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Opera.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ\MotoGP URT 3\MotoGP URT 3.lnk
[-] Shortcut Disinfected : C:\Users\Martin\Desktop\MotoGP URT 3.lnk
[-] Shortcut Disinfected : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[-] Shortcut Disinfected : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut Disinfected : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk
***** [ Scheduled tasks ] *****
[-] Task Deleted : LuckyBrowse
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.qq.qmchext
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmbfile
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmgcfiles
[-] Key Deleted : HKLM\SOFTWARE\Classes\qpakfile
[-] Key Deleted : HKLM\SOFTWARE\Classes\qqapp
[-] Key Deleted : HKLM\SOFTWARE\Classes\QQPCMgr.qbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\qqpro
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{573F9869-D92C-4B7E-A9C3-F042278D5078}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
[-] Key Deleted : HKCU\Software\SrpnFiles
[-] Key Deleted : HKLM\SOFTWARE\LuckyBrowse
[-] Key Deleted : HKLM\SOFTWARE\SrpnFiles
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F1A6640F-B2A6-4040-B3CF-575D7BC5F98B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2E71C3C4-45B9-45F9-823A-D8A78D8D55BB}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6D7F57BF-59CF-443B-8C92-3B2F8773660F}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{19DCFEDD-6118-48F6-9643-D646A7A7286C}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1148BC37-65BC-45F4-A124-9D2BB372BBE4}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{44046C28-7421-47D7-8BBB-E0AD735A575E}]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [4906 bytes] - [06/04/2016 13:13:28]
C:\AdwCleaner\AdwCleaner[S1].txt - [5708 bytes] - [06/04/2016 13:12:43]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5052 bytes] ##########
Re: Prosím o kontrolu logu
Doinstalujte dulezite aktualizace operacniho systemu vcetne IE11 apod. Nezaplatovany OS = deravy system = zbytecne leceni. Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu logu
Tu je log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Martin (administrator) on MARTIN-PC (06-04-2016 13:27:43)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [SandboxieControl] => D:\PROGRAMY\sandboxie\SbieCtrl.exe [797328 2016-02-26] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5844788-BED4-4849-99BF-940E9B612EC4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515885200-768628804-3900138106-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Cash Kitten -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll => No File
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-09]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 SbieSvc; D:\PROGRAMY\sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-04-22] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 SbieDrv; D:\PROGRAMY\sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-09-02] (wisecleaner.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-06 13:27 - 2016-04-06 13:28 - 00007487 _____ C:\Users\Martin\Desktop\FRST.txt
2016-04-06 13:26 - 2016-04-06 13:27 - 00000000 ____D C:\FRST
2016-04-06 13:25 - 2016-04-06 13:25 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2016-04-06 13:23 - 2016-04-06 13:24 - 02374144 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-04-06 13:12 - 2016-04-06 13:13 - 00000000 ____D C:\AdwCleaner
2016-04-06 13:12 - 2016-04-06 13:12 - 03119168 _____ C:\Users\Martin\Downloads\adwcleaner_5.109.exe
2016-04-06 13:07 - 2016-04-06 13:08 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Martin\Downloads\SpyHunter-Installer.exe
2016-04-06 12:32 - 2016-04-06 12:32 - 01222144 _____ C:\Users\Martin\Downloads\RSITx64.exe
2016-04-06 12:32 - 2016-04-06 12:32 - 00000000 ____D C:\rsit
2016-04-06 12:32 - 2016-04-06 12:32 - 00000000 ____D C:\Program Files\trend micro
2016-03-31 14:23 - 2016-03-31 14:22 - 00000831 _____ C:\Users\Martin\Desktop\Sandboxed Web Browser.lnk
2016-03-31 14:22 - 2016-03-31 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-03-31 11:44 - 2016-03-31 11:44 - 08584848 _____ (Sandboxie Holdings, LLC) C:\Users\Martin\Downloads\SandboxieInstall.exe
2016-03-30 12:58 - 2016-03-30 12:58 - 00000000 ___RD C:\Sandbox
2016-03-29 14:30 - 2016-03-29 14:30 - 00000000 ____D C:\Users\Martin\AppData\Roaming\XMusicUpdate
2016-03-23 13:44 - 2016-03-23 14:15 - 92434117 _____ C:\Users\Martin\Downloads\MOJO - May 2016 (1).pdf
2016-03-23 12:27 - 2016-03-23 12:30 - 40340902 _____ C:\Users\Martin\Downloads\Q Magazine - May 2016.pdf
2016-03-22 16:42 - 2016-03-22 16:51 - 52295296 _____ C:\Users\Martin\Downloads\Uncut - May 2016.pdf
2016-03-15 18:32 - 2016-03-15 18:32 - 00000000 ____D C:\Program Files (x86)\GUM5BCC.tmp
2016-03-10 18:09 - 2016-03-10 18:11 - 00000000 ___SD C:\ComboFix
2016-03-10 12:51 - 2016-03-10 12:51 - 00000000 ____D C:\Program Files (x86)\Avira
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-06 13:21 - 2009-07-14 06:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-06 13:21 - 2009-07-14 06:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-06 13:18 - 2009-07-14 07:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-06 13:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-06 13:14 - 2016-02-15 15:36 - 00001530 _____ C:\Windows\Sandboxie.ini
2016-04-06 13:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-06 13:13 - 2015-12-17 16:52 - 00000532 _____ C:\Users\Martin\Desktop\MotoGP URT 3.lnk
2016-04-06 13:13 - 2015-09-28 18:40 - 00000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-06 13:13 - 2015-09-28 18:40 - 00000982 _____ C:\Users\Public\Desktop\Opera.lnk
2016-04-06 13:13 - 2014-07-28 18:43 - 00001174 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-06 13:13 - 2014-07-28 18:43 - 00000991 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-06 12:52 - 2015-10-04 19:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-31 21:46 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-03-31 12:46 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-31 11:17 - 2015-09-28 18:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1443458430
2016-03-31 11:17 - 2014-07-28 18:51 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-30 10:34 - 2014-07-28 18:35 - 00000000 ____D C:\Users\Martin
2016-03-29 14:35 - 2015-10-03 20:28 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\虾米网
2016-03-26 16:33 - 2009-07-14 07:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-25 17:31 - 2014-08-16 20:49 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Spotify
2016-03-24 15:52 - 2015-10-04 19:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-24 15:52 - 2014-07-29 13:15 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-24 15:52 - 2014-07-29 13:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-16 11:28 - 2015-01-27 13:23 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-09 16:34 - 2015-12-04 20:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 16:31 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
==================== Files in the root of some directories =======
2015-07-25 16:15 - 2015-07-25 16:15 - 0007605 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2016-01-13 12:41 - 2016-01-13 12:41 - 0041472 _____ () C:\Users\Martin\AppData\Local\statstrip.dat
2016-01-13 12:41 - 2016-01-13 12:41 - 0000187 _____ () C:\Users\Martin\AppData\Local\statstrip.exe.config
2015-06-16 17:54 - 2015-06-16 17:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat
Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\libeay32.dll
C:\Users\Martin\AppData\Local\Temp\msvcr120.dll
C:\Users\Martin\AppData\Local\Temp\o6fqdTZMOS.exe
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll
C:\Users\Martin\AppData\Local\Temp\Zlolpxzm3i.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-29 12:12
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:107.32 GB) (Free:70.81 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:338.26 GB) NTFS
Available physical RAM: 6940.95 MB
Total physical RAM: 8154.46 MB
Percentage of memory in use: 14%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Martin\Desktop" je 2 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Martin (administrator) on MARTIN-PC (06-04-2016 13:27:43)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [SandboxieControl] => D:\PROGRAMY\sandboxie\SbieCtrl.exe [797328 2016-02-26] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5844788-BED4-4849-99BF-940E9B612EC4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-515885200-768628804-3900138106-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Cash Kitten -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll => No File
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-09]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 SbieSvc; D:\PROGRAMY\sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-04-22] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 SbieDrv; D:\PROGRAMY\sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-09-02] (wisecleaner.com)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-06 13:27 - 2016-04-06 13:28 - 00007487 _____ C:\Users\Martin\Desktop\FRST.txt
2016-04-06 13:26 - 2016-04-06 13:27 - 00000000 ____D C:\FRST
2016-04-06 13:25 - 2016-04-06 13:25 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2016-04-06 13:23 - 2016-04-06 13:24 - 02374144 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-04-06 13:12 - 2016-04-06 13:13 - 00000000 ____D C:\AdwCleaner
2016-04-06 13:12 - 2016-04-06 13:12 - 03119168 _____ C:\Users\Martin\Downloads\adwcleaner_5.109.exe
2016-04-06 13:07 - 2016-04-06 13:08 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Martin\Downloads\SpyHunter-Installer.exe
2016-04-06 12:32 - 2016-04-06 12:32 - 01222144 _____ C:\Users\Martin\Downloads\RSITx64.exe
2016-04-06 12:32 - 2016-04-06 12:32 - 00000000 ____D C:\rsit
2016-04-06 12:32 - 2016-04-06 12:32 - 00000000 ____D C:\Program Files\trend micro
2016-03-31 14:23 - 2016-03-31 14:22 - 00000831 _____ C:\Users\Martin\Desktop\Sandboxed Web Browser.lnk
2016-03-31 14:22 - 2016-03-31 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-03-31 11:44 - 2016-03-31 11:44 - 08584848 _____ (Sandboxie Holdings, LLC) C:\Users\Martin\Downloads\SandboxieInstall.exe
2016-03-30 12:58 - 2016-03-30 12:58 - 00000000 ___RD C:\Sandbox
2016-03-29 14:30 - 2016-03-29 14:30 - 00000000 ____D C:\Users\Martin\AppData\Roaming\XMusicUpdate
2016-03-23 13:44 - 2016-03-23 14:15 - 92434117 _____ C:\Users\Martin\Downloads\MOJO - May 2016 (1).pdf
2016-03-23 12:27 - 2016-03-23 12:30 - 40340902 _____ C:\Users\Martin\Downloads\Q Magazine - May 2016.pdf
2016-03-22 16:42 - 2016-03-22 16:51 - 52295296 _____ C:\Users\Martin\Downloads\Uncut - May 2016.pdf
2016-03-15 18:32 - 2016-03-15 18:32 - 00000000 ____D C:\Program Files (x86)\GUM5BCC.tmp
2016-03-10 18:09 - 2016-03-10 18:11 - 00000000 ___SD C:\ComboFix
2016-03-10 12:51 - 2016-03-10 12:51 - 00000000 ____D C:\Program Files (x86)\Avira
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-06 13:21 - 2009-07-14 06:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-06 13:21 - 2009-07-14 06:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-06 13:18 - 2009-07-14 07:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-06 13:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-06 13:14 - 2016-02-15 15:36 - 00001530 _____ C:\Windows\Sandboxie.ini
2016-04-06 13:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-06 13:13 - 2015-12-17 16:52 - 00000532 _____ C:\Users\Martin\Desktop\MotoGP URT 3.lnk
2016-04-06 13:13 - 2015-09-28 18:40 - 00000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-06 13:13 - 2015-09-28 18:40 - 00000982 _____ C:\Users\Public\Desktop\Opera.lnk
2016-04-06 13:13 - 2014-07-28 18:43 - 00001174 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-06 13:13 - 2014-07-28 18:43 - 00000991 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-06 12:52 - 2015-10-04 19:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-31 21:46 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-03-31 12:46 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-31 11:17 - 2015-09-28 18:40 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1443458430
2016-03-31 11:17 - 2014-07-28 18:51 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-30 10:34 - 2014-07-28 18:35 - 00000000 ____D C:\Users\Martin
2016-03-29 14:35 - 2015-10-03 20:28 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\虾米网
2016-03-26 16:33 - 2009-07-14 07:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-25 17:31 - 2014-08-16 20:49 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Spotify
2016-03-24 15:52 - 2015-10-04 19:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-24 15:52 - 2014-07-29 13:15 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-24 15:52 - 2014-07-29 13:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-16 11:28 - 2015-01-27 13:23 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-09 16:34 - 2015-12-04 20:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 16:31 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
==================== Files in the root of some directories =======
2015-07-25 16:15 - 2015-07-25 16:15 - 0007605 _____ () C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
2016-01-13 12:41 - 2016-01-13 12:41 - 0041472 _____ () C:\Users\Martin\AppData\Local\statstrip.dat
2016-01-13 12:41 - 2016-01-13 12:41 - 0000187 _____ () C:\Users\Martin\AppData\Local\statstrip.exe.config
2015-06-16 17:54 - 2015-06-16 17:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat
Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\libeay32.dll
C:\Users\Martin\AppData\Local\Temp\msvcr120.dll
C:\Users\Martin\AppData\Local\Temp\o6fqdTZMOS.exe
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll
C:\Users\Martin\AppData\Local\Temp\Zlolpxzm3i.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-29 12:12
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:107.32 GB) (Free:70.81 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:338.26 GB) NTFS
Available physical RAM: 6940.95 MB
Total physical RAM: 8154.46 MB
Percentage of memory in use: 14%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Martin\Desktop" je 2 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Re: Prosím o kontrolu logu
Proc jste nedoinstaloval aktualizace operacniho systemu? Vlozte jeste prosim obsah logu Addition.txtPokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu logu
Hneď ako bude čas nainštalujem.
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Martin (2016-04-06 13:28:26)
Running from C:\Users\Martin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-28 16:35:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-515885200-768628804-3900138106-500 - Administrator - Disabled)
Guest (S-1-5-21-515885200-768628804-3900138106-501 - Limited - Disabled)
Martin (S-1-5-21-515885200-768628804-3900138106-1000 - Administrator - Enabled) => C:\Users\Martin
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Opera Stable 36.0.2130.46 (HKLM-x32\...\Opera 36.0.2130.46) (Version: 36.0.2130.46 - Opera Software)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version: - )
Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version: - Crystal Dynamics)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {153E60DE-B891-4F9C-90E9-EDB9F37976E0} - \{089BE96F-D0A5-49E1-88C2-9FE40C798689} -> No File <==== ATTENTION
Task: {6DE5EDEB-42D2-4287-8134-89C8A0AC5B24} - System32\Tasks\Opera scheduled Autoupdate 1443458430 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-24] (Opera Software)
Task: {6E86966C-6566-4B68-97C9-37B15DA4CD51} - System32\Tasks\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6 => C:\Users\Martin\AppData\Local\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6.exe <==== ATTENTION
Task: {74FC347C-1BDA-4916-9FA0-84CA926BA809} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-04] (Adobe Systems Incorporated)
Task: {83497BC7-1377-4BDA-8E0B-6A7AA66C781E} - \Ball Video -> No File <==== ATTENTION
Task: {A300431C-3D06-4EE2-92D7-D979BCDFBD8C} - System32\Tasks\AAF6B80D-57C6-4E1B-A87-4797EA17A06D => C:\Users\Martin\AppData\Local\AAF6B80D-57C6-4E1B-A87-4797EA17A06D\AAF6B80D-57C6-4E1B-A87-4797EA17A06D.exe <==== ATTENTION
Task: {A81DF6E5-E8E1-4F79-B256-46CF9F0CCF4D} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> No File <==== ATTENTION
Task: {C0EA700A-9EA1-4722-A17F-150A55E2C990} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {D8044E06-3646-45FB-A080-F58C859785B2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {E0FE3EA5-4712-4F0E-B38F-B2C912AE54CB} - \Ball Video2 -> No File <==== ATTENTION
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-28 22:45 - 2015-07-28 22:45 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-07-28 22:45 - 2015-07-28 22:45 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\hola.org -> hxxp://hola.org
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2016-03-09 16:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{646DCD8D-DF44-49C1-8F8E-C9FF2902413E}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{A2AD1C24-3EE8-4850-8E35-DFBB4C259DAA}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{E5575B45-0733-47F6-958D-0E74A7E5D2BA}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{7067E74E-652C-4023-B71A-FE815B893FF5}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{D7B9C5CE-4AC8-48C1-BD71-B357B8BF3E5F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9A8EE00C-D15B-4081-98BC-A1B3116BD335}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{E15D46E9-0EA6-489E-9917-B27393EA56A1}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{B12F4E68-0197-4558-B750-D4D26A9EAC50}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [TCP Query User{C5EB449F-BED4-49D4-8CE4-ADA02F25B1F3}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [UDP Query User{E20D8B8E-7B76-46C2-9AC2-8FCEA7D0CA8B}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [TCP Query User{916542B8-37B2-4B45-8060-109345C8D7D2}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [UDP Query User{94383437-B0C7-46BF-8400-48F5FAA98512}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
==================== Restore Points =========================
10-03-2016 18:10:31 ComboFix created restore point
18-03-2016 20:42:46 Plánovaný kontrolný bod
26-03-2016 18:41:51 Plánovaný kontrolný bod
03-04-2016 14:28:59 Plánovaný kontrolný bod
==================== Faulty Device Manager Devices =============
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/06/2016 01:18:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/06/2016 01:18:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/06/2016 01:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/06/2016 08:59:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/06/2016 08:59:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/06/2016 08:56:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/05/2016 09:15:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/05/2016 09:15:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/05/2016 09:10:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/05/2016 10:48:02 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
System errors:
=============
Error: (04/06/2016 01:19:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Sandboxie Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (04/06/2016 01:14:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE
Error: (04/06/2016 01:14:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.
Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126
Error: (04/06/2016 01:13:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (04/06/2016 01:13:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (04/06/2016 01:13:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Error: (04/06/2016 01:13:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (04/06/2016 08:55:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Sandboxie Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (04/06/2016 08:54:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE
Error: (04/06/2016 08:54:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.
Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126
CodeIntegrity:
===================================
Date: 2016-03-09 15:30:39.847
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-09 15:30:39.644
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.908
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.846
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.768
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.705
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.697
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.635
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.479
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 14%
Total physical RAM: 8154.46 MB
Available physical RAM: 6940.95 MB
Total Virtual: 16307.11 MB
Available Virtual: 14999.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:107.32 GB) (Free:70.81 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:338.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Martin (2016-04-06 13:28:26)
Running from C:\Users\Martin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-28 16:35:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-515885200-768628804-3900138106-500 - Administrator - Disabled)
Guest (S-1-5-21-515885200-768628804-3900138106-501 - Limited - Disabled)
Martin (S-1-5-21-515885200-768628804-3900138106-1000 - Administrator - Enabled) => C:\Users\Martin
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Opera Stable 36.0.2130.46 (HKLM-x32\...\Opera 36.0.2130.46) (Version: 36.0.2130.46 - Opera Software)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version: - )
Tomb Raider: Legend (HKLM-x32\...\Steam App 7000) (Version: - Crystal Dynamics)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {153E60DE-B891-4F9C-90E9-EDB9F37976E0} - \{089BE96F-D0A5-49E1-88C2-9FE40C798689} -> No File <==== ATTENTION
Task: {6DE5EDEB-42D2-4287-8134-89C8A0AC5B24} - System32\Tasks\Opera scheduled Autoupdate 1443458430 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-24] (Opera Software)
Task: {6E86966C-6566-4B68-97C9-37B15DA4CD51} - System32\Tasks\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6 => C:\Users\Martin\AppData\Local\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6.exe <==== ATTENTION
Task: {74FC347C-1BDA-4916-9FA0-84CA926BA809} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-04] (Adobe Systems Incorporated)
Task: {83497BC7-1377-4BDA-8E0B-6A7AA66C781E} - \Ball Video -> No File <==== ATTENTION
Task: {A300431C-3D06-4EE2-92D7-D979BCDFBD8C} - System32\Tasks\AAF6B80D-57C6-4E1B-A87-4797EA17A06D => C:\Users\Martin\AppData\Local\AAF6B80D-57C6-4E1B-A87-4797EA17A06D\AAF6B80D-57C6-4E1B-A87-4797EA17A06D.exe <==== ATTENTION
Task: {A81DF6E5-E8E1-4F79-B256-46CF9F0CCF4D} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> No File <==== ATTENTION
Task: {C0EA700A-9EA1-4722-A17F-150A55E2C990} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {D8044E06-3646-45FB-A080-F58C859785B2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {E0FE3EA5-4712-4F0E-B38F-B2C912AE54CB} - \Ball Video2 -> No File <==== ATTENTION
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-28 22:45 - 2015-07-28 22:45 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-07-28 22:45 - 2015-07-28 22:45 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\hola.org -> hxxp://hola.org
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2016-03-09 16:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{646DCD8D-DF44-49C1-8F8E-C9FF2902413E}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{A2AD1C24-3EE8-4850-8E35-DFBB4C259DAA}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{E5575B45-0733-47F6-958D-0E74A7E5D2BA}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{7067E74E-652C-4023-B71A-FE815B893FF5}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{D7B9C5CE-4AC8-48C1-BD71-B357B8BF3E5F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9A8EE00C-D15B-4081-98BC-A1B3116BD335}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{E15D46E9-0EA6-489E-9917-B27393EA56A1}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{B12F4E68-0197-4558-B750-D4D26A9EAC50}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [TCP Query User{C5EB449F-BED4-49D4-8CE4-ADA02F25B1F3}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [UDP Query User{E20D8B8E-7B76-46C2-9AC2-8FCEA7D0CA8B}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [TCP Query User{916542B8-37B2-4B45-8060-109345C8D7D2}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [UDP Query User{94383437-B0C7-46BF-8400-48F5FAA98512}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
==================== Restore Points =========================
10-03-2016 18:10:31 ComboFix created restore point
18-03-2016 20:42:46 Plánovaný kontrolný bod
26-03-2016 18:41:51 Plánovaný kontrolný bod
03-04-2016 14:28:59 Plánovaný kontrolný bod
==================== Faulty Device Manager Devices =============
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/06/2016 01:18:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/06/2016 01:18:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/06/2016 01:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/06/2016 08:59:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/06/2016 08:59:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/06/2016 08:56:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/05/2016 09:15:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/05/2016 09:15:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Error: (04/05/2016 09:10:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/05/2016 10:48:02 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
System errors:
=============
Error: (04/06/2016 01:19:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Sandboxie Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (04/06/2016 01:14:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE
Error: (04/06/2016 01:14:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.
Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126
Error: (04/06/2016 01:13:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (04/06/2016 01:13:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (04/06/2016 01:13:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Error: (04/06/2016 01:13:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (04/06/2016 08:55:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Sandboxie Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (04/06/2016 08:54:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE
Error: (04/06/2016 08:54:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.
Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126
CodeIntegrity:
===================================
Date: 2016-03-09 15:30:39.847
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-09 15:30:39.644
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.908
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.846
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.768
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:32:57.705
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.697
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.635
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-18 15:29:08.479
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 14%
Total physical RAM: 8154.46 MB
Available physical RAM: 6940.95 MB
Total Virtual: 16307.11 MB
Available Virtual: 14999.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:107.32 GB) (Free:70.81 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:338.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Re: Prosím o kontrolu logu
Nainstalujte nejaky antivir - muzete si vybrat ze srovnavacich testu pripadne se ptejte http://forum.viry.cz/viewtopic.php?f=14 ... &start=165- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Kód: Vybrat vše
Start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [SandboxieControl] => D:\PROGRAMY\sandboxie\SbieCtrl.exe [797328 2016-02-26] (Sandboxie Holdings, LLC) HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-515885200-768628804-3900138106-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Cash Kitten -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll => No File C:\Program Files (x86)\Cash Kitten FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] C:\Program Files\Enigma Software Group 2016-04-06 13:27 - 2016-04-06 13:28 - 00007487 _____ C:\Users\Martin\Desktop\FRST.txt 2016-04-06 13:12 - 2016-04-06 13:13 - 00000000 ____D C:\AdwCleaner 2016-04-06 13:12 - 2016-04-06 13:12 - 03119168 _____ C:\Users\Martin\Downloads\adwcleaner_5.109.exe 2016-04-06 13:07 - 2016-04-06 13:08 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Martin\Downloads\SpyHunter-Installer.exe 2016-04-06 12:32 - 2016-04-06 12:32 - 01222144 _____ C:\Users\Martin\Downloads\RSITx64.exe 2016-04-06 12:32 - 2016-04-06 12:32 - 00000000 ____D C:\rsit 2016-04-06 12:32 - 2016-04-06 12:32 - 00000000 ____D C:\Program Files\trend micro CMD: del "C:\Program Files (x86)\GU*.tmp" File: C:\Windows\Setup\SCRIPTS\Windows7Loader.exe 2015-06-16 17:54 - 2015-06-16 17:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat Task: {153E60DE-B891-4F9C-90E9-EDB9F37976E0} - \{089BE96F-D0A5-49E1-88C2-9FE40C798689} -> No File <==== ATTENTION Task: {6E86966C-6566-4B68-97C9-37B15DA4CD51} - System32\Tasks\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6 => C:\Users\Martin\AppData\Local\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6.exe <==== ATTENTION C:\Users\Martin\AppData\Local\D781AE73-5D32-4233-AC1A-C1ED8B7BAB6 Task: {83497BC7-1377-4BDA-8E0B-6A7AA66C781E} - \Ball Video -> No File <==== ATTENTION Task: {A300431C-3D06-4EE2-92D7-D979BCDFBD8C} - System32\Tasks\AAF6B80D-57C6-4E1B-A87-4797EA17A06D => C:\Users\Martin\AppData\Local\AAF6B80D-57C6-4E1B-A87-4797EA17A06D\AAF6B80D-57C6-4E1B-A87-4797EA17A06D.exe <==== ATTENTION Task: {A81DF6E5-E8E1-4F79-B256-46CF9F0CCF4D} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> No File <==== ATTENTION C:\Users\Martin\AppData\Local\AAF6B80D-57C6-4E1B-A87-4797EA17A06D Task: {D8044E06-3646-45FB-A080-F58C859785B2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe Task: {E0FE3EA5-4712-4F0E-B38F-B2C912AE54CB} - \Ball Video2 -> No File <==== ATTENTION Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu" CMD: dir "C:\PROGRA~1" CMD: dir "C:\PROGRA~2" CMD: dir "C:\PROGRA~3" CMD: dir "%localappdata%" CMD: dir "%appdata%" EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?