VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=144879

Stránka 2 z 3

Re: Prosím o kontrolu logu

Napsal: 17 čer 2015 17:41
od Peelie
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Martin at 2015-06-17 18:40:12
Running from C:\Users\Martin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-515885200-768628804-3900138106-500 - Administrator - Disabled)
Guest (S-1-5-21-515885200-768628804-3900138106-501 - Limited - Disabled)
Martin (S-1-5-21-515885200-768628804-3900138106-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
Spotify (HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version: - )
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

24-01-2015 19:06:44 Plánovaný kontrolný bod
01-02-2015 15:20:08 Plánovaný kontrolný bod
07-02-2015 14:27:03 Installed DirectX
14-02-2015 18:14:20 Plánovaný kontrolný bod
18-02-2015 17:02:31 avast! antivirus system restore point
18-02-2015 18:15:59 avast! antivirus system restore point
26-02-2015 17:34:09 Plánovaný kontrolný bod
05-03-2015 19:28:22 Plánovaný kontrolný bod
13-03-2015 19:20:35 Plánovaný kontrolný bod
20-03-2015 20:20:51 Inštalácia balíka ovládačov zariadenia: TAP-Win32 Provider V9 Sieťové adaptéry
22-03-2015 17:34:24 Installed Ad-Aware Antivirus.
31-03-2015 18:48:46 Plánovaný kontrolný bod
07-04-2015 19:51:17 Plánovaný kontrolný bod
15-04-2015 18:34:15 Plánovaný kontrolný bod
22-04-2015 18:40:30 Plánovaný kontrolný bod
29-04-2015 19:59:07 Plánovaný kontrolný bod
09-05-2015 16:57:32 Plánovaný kontrolný bod
16-05-2015 18:23:12 Plánovaný kontrolný bod
20-05-2015 21:37:21 Removed Skype™ 7.4
29-05-2015 14:55:25 Plánovaný kontrolný bod
05-06-2015 17:57:02 Plánovaný kontrolný bod
13-06-2015 18:15:42 Plánovaný kontrolný bod
16-06-2015 16:37:53 Installed Isoplex
16-06-2015 16:43:49 Removed Isoplex
16-06-2015 18:35:54 Installed Ad-Aware Antivirus.
17-06-2015 17:28:03 zoek.exe restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-06-17 17:28 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {153E60DE-B891-4F9C-90E9-EDB9F37976E0} - System32\Tasks\{089BE96F-D0A5-49E1-88C2-9FE40C798689} => pcalua.exe -a C:\Users\Martin\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=amt
Task: {324F034F-D4D6-4D69-A2DE-995E2E31AAF3} - System32\Tasks\Opera scheduled Autoupdate 1406566310 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
Task: {40A4F701-8402-4908-AFB2-B2F37661DC43} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => D:\NOVSLO~1\AdAwareLauncher.exe
Task: {8D15F4E5-AFD5-41EC-ABCF-6338FDE37F24} - \Bidaily Synchronize Task[973b] No Task File <==== ATTENTION
Task: {A81DF6E5-E8E1-4F79-B256-46CF9F0CCF4D} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files (x86)\Rising\RAV\rsdelaylauncher.exe
Task: {AF6F4E7D-FEFD-466D-952F-05925AEC0916} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-06] (Adobe Systems Incorporated)
Task: {F783080C-6BA3-4589-9055-781E295ECAEF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{634e2d5b-2ed3-75ac-634e-e2d5b2edb56c}\download.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-11-20 22:23 - 2014-11-20 22:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-06-16 17:56 - 2015-06-08 08:02 - 00404360 _____ () C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BDMCommon.dll
2015-06-16 17:56 - 2015-06-08 08:03 - 00412552 _____ () C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\Plugins\OssToolPlugin\OssToolPlugin.dll
2015-02-15 02:40 - 2015-02-15 02:40 - 00381440 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515885200-768628804-3900138106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{646DCD8D-DF44-49C1-8F8E-C9FF2902413E}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{A2AD1C24-3EE8-4850-8E35-DFBB4C259DAA}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{E5575B45-0733-47F6-958D-0E74A7E5D2BA}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{7067E74E-652C-4023-B71A-FE815B893FF5}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{D7B9C5CE-4AC8-48C1-BD71-B357B8BF3E5F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9A8EE00C-D15B-4081-98BC-A1B3116BD335}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{DE27C0AC-997A-46DD-B5CD-6C66017326EC}] => (Allow) C:\Users\Martin\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{F6020A01-4427-47C9-80AD-423AD122033A}] => (Allow) C:\Users\Martin\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{49DC982C-E38A-441E-A5E6-F53A631FE08E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{376D4F32-6FDA-4312-B34F-9562D9ED474C}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{2B54D523-19FB-4F04-B17F-B62B325A5FFC}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{166B7CED-F6C0-4A8E-98E9-CF74101ECAFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{A46D046D-99EB-4FF0-B439-BB756BDD3264}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{760097D3-3D79-4C8A-B07B-8BA6BEDD73CF}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{7CEA1A13-43E7-4B95-AD25-C90D40509D0A}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{C336541B-D25C-4078-9A67-A362F3CD53F4}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{DA48DA5A-0549-41DB-8A06-9C1A447EEDD3}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{0F0D052B-4C88-4C52-9D21-D02DCDC735B2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{ABAA44F2-51DF-4956-B75A-6E8DC4C75B6A}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{855DD7E5-E282-47BF-A1DF-34E1665BCCDA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{2C3AD9F3-06DF-4502-B6AE-B01B3857B159}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{854C1F56-250E-44C2-9484-C7DBE7535658}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{6EAB2BF4-E22F-4BA3-AAEF-EB2FF6B7D5A8}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{7EB7ABFE-AE74-4DF7-96C7-8531E76872F5}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{632B4C79-1D8B-48CC-8D39-F7D3E99BC681}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{AC064B91-FF4F-4A48-8124-FE0B31520EFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{2BAE0C83-639B-4822-8494-55F4A748BA07}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{BA30F7CD-B900-4F52-ACB7-58E5D867D2E1}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{D3B4CE56-CABD-45E8-8CCF-488FDAE2C165}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{0939615D-EC8A-44BE-B4DF-B7B728AF42F2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{DB0D9ABF-AD02-4551-8EA8-9D040973D8A6}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{84394125-B6E8-4723-AC8F-B539327841F9}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{B5F70536-42CD-4AF4-94EE-80691EE1E32F}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{8F3708BD-D693-41AA-BF30-FD5014AA2F7E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{882480B0-60F6-4259-BEB2-1A2E0AED1BDC}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{0E23F181-F3ED-4939-9386-DD5B86136744}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{10AC0C4F-E6D8-4A30-AECC-C0294A795801}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{C90CD7C3-6F16-4A63-AD3C-AB1CEF2AAC90}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{A405BDBB-1573-499C-9B03-4788005415C8}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{FFC819CC-309E-4A9B-B09B-C6EFE0EB5338}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{87ED2D1D-E312-4CA0-9913-BDD7B351DAFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{20F73DAF-86DC-455F-B88D-66CF8357C662}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{2962A076-4880-440F-86D5-EC50CCBC6698}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{4C42509C-53F3-4EFD-84D4-399FE3E30BBE}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{D75AE33D-EFDA-4805-959F-E0BC9C347F35}] => (Allow) C:\program files (x86)\common files\baidu\bddownload\109\bddownloader.exe
FirewallRules: [{9C685005-41EB-4778-A81F-A1FA60841C52}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{7A530681-163C-49DA-BA49-94344CADFB55}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{1B0D2B51-C3F2-4CD8-8B4F-0FECF0DFB1E8}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{B79436D4-624F-4D3F-A20D-A6B72D6FCED6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{20B81BFD-DC2B-4454-8043-3EDD0C083723}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{36B2FDB5-37C4-4D50-85D4-A1E1BFA16370}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2015 05:48:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 05:48:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 05:43:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 04:03:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 04:03:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 03:58:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 03:53:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 03:53:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 03:48:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 02:30:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/17/2015 05:43:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Rýchle načítanie bola ukončená s nasledujúcou chybou:
%%2

Error: (06/17/2015 05:42:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE

Error: (06/17/2015 05:42:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126

Error: (06/17/2015 05:37:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (06/17/2015 05:37:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (06/17/2015 05:37:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (06/17/2015 05:37:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (06/17/2015 05:37:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (06/17/2015 03:57:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Rýchle načítanie bola ukončená s nasledujúcou chybou:
%%2

Error: (06/17/2015 03:57:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE


Microsoft Office:
=========================
Error: (06/17/2015 05:48:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B8020000002D010000

Error: (06/17/2015 05:48:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B120200000000000000AF000000

Error: (06/17/2015 05:43:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 04:03:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B8020000002D010000

Error: (06/17/2015 04:03:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B120200000000000000AF000000

Error: (06/17/2015 03:58:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 03:53:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B8020000002D010000

Error: (06/17/2015 03:53:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B120200000000000000AF000000

Error: (06/17/2015 03:48:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 02:30:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 16%
Total physical RAM: 8154.46 MB
Available physical RAM: 6796.46 MB
Total Pagefile: 16307.11 MB
Available Pagefile: 14763.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.32 GB) (Free:29.36 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:346.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)

==================== End of log ============================

Re: Prosím o kontrolu logu

Napsal: 17 čer 2015 17:46
od vyosek
Jeste dejte FRST.txt

Re: Prosím o kontrolu logu

Napsal: 17 čer 2015 17:50
od Peelie
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Martin at 2015-06-17 18:40:12
Running from C:\Users\Martin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-515885200-768628804-3900138106-500 - Administrator - Disabled)
Guest (S-1-5-21-515885200-768628804-3900138106-501 - Limited - Disabled)
Martin (S-1-5-21-515885200-768628804-3900138106-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
Spotify (HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version: - )
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

24-01-2015 19:06:44 Plánovaný kontrolný bod
01-02-2015 15:20:08 Plánovaný kontrolný bod
07-02-2015 14:27:03 Installed DirectX
14-02-2015 18:14:20 Plánovaný kontrolný bod
18-02-2015 17:02:31 avast! antivirus system restore point
18-02-2015 18:15:59 avast! antivirus system restore point
26-02-2015 17:34:09 Plánovaný kontrolný bod
05-03-2015 19:28:22 Plánovaný kontrolný bod
13-03-2015 19:20:35 Plánovaný kontrolný bod
20-03-2015 20:20:51 Inštalácia balíka ovládačov zariadenia: TAP-Win32 Provider V9 Sieťové adaptéry
22-03-2015 17:34:24 Installed Ad-Aware Antivirus.
31-03-2015 18:48:46 Plánovaný kontrolný bod
07-04-2015 19:51:17 Plánovaný kontrolný bod
15-04-2015 18:34:15 Plánovaný kontrolný bod
22-04-2015 18:40:30 Plánovaný kontrolný bod
29-04-2015 19:59:07 Plánovaný kontrolný bod
09-05-2015 16:57:32 Plánovaný kontrolný bod
16-05-2015 18:23:12 Plánovaný kontrolný bod
20-05-2015 21:37:21 Removed Skype™ 7.4
29-05-2015 14:55:25 Plánovaný kontrolný bod
05-06-2015 17:57:02 Plánovaný kontrolný bod
13-06-2015 18:15:42 Plánovaný kontrolný bod
16-06-2015 16:37:53 Installed Isoplex
16-06-2015 16:43:49 Removed Isoplex
16-06-2015 18:35:54 Installed Ad-Aware Antivirus.
17-06-2015 17:28:03 zoek.exe restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-06-17 17:28 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {153E60DE-B891-4F9C-90E9-EDB9F37976E0} - System32\Tasks\{089BE96F-D0A5-49E1-88C2-9FE40C798689} => pcalua.exe -a C:\Users\Martin\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=amt
Task: {324F034F-D4D6-4D69-A2DE-995E2E31AAF3} - System32\Tasks\Opera scheduled Autoupdate 1406566310 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
Task: {40A4F701-8402-4908-AFB2-B2F37661DC43} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => D:\NOVSLO~1\AdAwareLauncher.exe
Task: {8D15F4E5-AFD5-41EC-ABCF-6338FDE37F24} - \Bidaily Synchronize Task[973b] No Task File <==== ATTENTION
Task: {A81DF6E5-E8E1-4F79-B256-46CF9F0CCF4D} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files (x86)\Rising\RAV\rsdelaylauncher.exe
Task: {AF6F4E7D-FEFD-466D-952F-05925AEC0916} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-06] (Adobe Systems Incorporated)
Task: {F783080C-6BA3-4589-9055-781E295ECAEF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{634e2d5b-2ed3-75ac-634e-e2d5b2edb56c}\download.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-11-20 22:23 - 2014-11-20 22:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-06-16 17:56 - 2015-06-08 08:02 - 00404360 _____ () C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BDMCommon.dll
2015-06-16 17:56 - 2015-06-08 08:03 - 00412552 _____ () C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\Plugins\OssToolPlugin\OssToolPlugin.dll
2015-02-15 02:40 - 2015-02-15 02:40 - 00381440 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515885200-768628804-3900138106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{646DCD8D-DF44-49C1-8F8E-C9FF2902413E}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{A2AD1C24-3EE8-4850-8E35-DFBB4C259DAA}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{E5575B45-0733-47F6-958D-0E74A7E5D2BA}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{7067E74E-652C-4023-B71A-FE815B893FF5}] => (Allow) D:\PROGRAMY\Steam\bin\steamwebhelper.exe
FirewallRules: [{D7B9C5CE-4AC8-48C1-BD71-B357B8BF3E5F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9A8EE00C-D15B-4081-98BC-A1B3116BD335}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{DE27C0AC-997A-46DD-B5CD-6C66017326EC}] => (Allow) C:\Users\Martin\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{F6020A01-4427-47C9-80AD-423AD122033A}] => (Allow) C:\Users\Martin\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{49DC982C-E38A-441E-A5E6-F53A631FE08E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{376D4F32-6FDA-4312-B34F-9562D9ED474C}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{2B54D523-19FB-4F04-B17F-B62B325A5FFC}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{166B7CED-F6C0-4A8E-98E9-CF74101ECAFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{A46D046D-99EB-4FF0-B439-BB756BDD3264}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{760097D3-3D79-4C8A-B07B-8BA6BEDD73CF}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{7CEA1A13-43E7-4B95-AD25-C90D40509D0A}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{C336541B-D25C-4078-9A67-A362F3CD53F4}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{DA48DA5A-0549-41DB-8A06-9C1A447EEDD3}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{0F0D052B-4C88-4C52-9D21-D02DCDC735B2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{ABAA44F2-51DF-4956-B75A-6E8DC4C75B6A}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{855DD7E5-E282-47BF-A1DF-34E1665BCCDA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{2C3AD9F3-06DF-4502-B6AE-B01B3857B159}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{854C1F56-250E-44C2-9484-C7DBE7535658}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{6EAB2BF4-E22F-4BA3-AAEF-EB2FF6B7D5A8}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{7EB7ABFE-AE74-4DF7-96C7-8531E76872F5}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{632B4C79-1D8B-48CC-8D39-F7D3E99BC681}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{AC064B91-FF4F-4A48-8124-FE0B31520EFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{2BAE0C83-639B-4822-8494-55F4A748BA07}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{BA30F7CD-B900-4F52-ACB7-58E5D867D2E1}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{D3B4CE56-CABD-45E8-8CCF-488FDAE2C165}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{0939615D-EC8A-44BE-B4DF-B7B728AF42F2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{DB0D9ABF-AD02-4551-8EA8-9D040973D8A6}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{84394125-B6E8-4723-AC8F-B539327841F9}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{B5F70536-42CD-4AF4-94EE-80691EE1E32F}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{8F3708BD-D693-41AA-BF30-FD5014AA2F7E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{882480B0-60F6-4259-BEB2-1A2E0AED1BDC}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{0E23F181-F3ED-4939-9386-DD5B86136744}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{10AC0C4F-E6D8-4A30-AECC-C0294A795801}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{C90CD7C3-6F16-4A63-AD3C-AB1CEF2AAC90}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{A405BDBB-1573-499C-9B03-4788005415C8}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{FFC819CC-309E-4A9B-B09B-C6EFE0EB5338}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{87ED2D1D-E312-4CA0-9913-BDD7B351DAFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{20F73DAF-86DC-455F-B88D-66CF8357C662}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{2962A076-4880-440F-86D5-EC50CCBC6698}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{4C42509C-53F3-4EFD-84D4-399FE3E30BBE}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{D75AE33D-EFDA-4805-959F-E0BC9C347F35}] => (Allow) C:\program files (x86)\common files\baidu\bddownload\109\bddownloader.exe
FirewallRules: [{9C685005-41EB-4778-A81F-A1FA60841C52}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{7A530681-163C-49DA-BA49-94344CADFB55}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{1B0D2B51-C3F2-4CD8-8B4F-0FECF0DFB1E8}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{B79436D4-624F-4D3F-A20D-A6B72D6FCED6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{20B81BFD-DC2B-4454-8043-3EDD0C083723}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{36B2FDB5-37C4-4D50-85D4-A1E1BFA16370}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2015 05:48:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 05:48:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 05:43:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 04:03:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 04:03:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 03:58:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 03:53:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 03:53:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 03:48:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 02:30:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/17/2015 05:43:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Rýchle načítanie bola ukončená s nasledujúcou chybou:
%%2

Error: (06/17/2015 05:42:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE

Error: (06/17/2015 05:42:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126

Error: (06/17/2015 05:37:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (06/17/2015 05:37:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (06/17/2015 05:37:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (06/17/2015 05:37:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (06/17/2015 05:37:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.

Error: (06/17/2015 03:57:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Rýchle načítanie bola ukončená s nasledujúcou chybou:
%%2

Error: (06/17/2015 03:57:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE


Microsoft Office:
=========================
Error: (06/17/2015 05:48:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B8020000002D010000

Error: (06/17/2015 05:48:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B120200000000000000AF000000

Error: (06/17/2015 05:43:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 04:03:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B8020000002D010000

Error: (06/17/2015 04:03:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B120200000000000000AF000000

Error: (06/17/2015 03:58:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 03:53:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B8020000002D010000

Error: (06/17/2015 03:53:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 01B120200000000000000AF000000

Error: (06/17/2015 03:48:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2015 02:30:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 16%
Total physical RAM: 8154.46 MB
Available physical RAM: 6796.46 MB
Total Pagefile: 16307.11 MB
Available Pagefile: 14763.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.32 GB) (Free:29.36 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:346.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)

==================== End of log ============================

Re: Prosím o kontrolu logu

Napsal: 17 čer 2015 17:51
od vyosek
Je tu 2x Addition, ale potrebuju jeste FRST.txt

Re: Prosím o kontrolu logu

Napsal: 17 čer 2015 17:52
od Peelie
Tu je ešte tento

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Martin (administrator) on MARTIN-PC on 17-06-2015 18:39:39
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Spotify Ltd) C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Farbar) C:\Users\Martin\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe [2526216 2015-06-08] (百度在线网络技术(北京)有限公司)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [Spotify Web Helper] => C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-06-10] (Spotify Ltd)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q_Magazine_-_June_2015.pdf.lnk [2015-04-29]
ShortcutTarget: Q_Magazine_-_June_2015.pdf.lnk -> C:\ProgramData\{15368ad3-cd1b-67a2-1536-68ad3cd12b4f}\Q_Magazine_-_June_2015.pdf.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [FpPop] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => No File
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO-x32: WebGuardBHO -> {1B2639A9-EE25-4AE7-A2E3-B308F08125C4} -> C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\WebGuardBHO.dll [2015-06-16] (百度在线网络技术(北京)有限公司)
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default
FF NewTab: about:newtab
FF Homepage: about:home
FF NetworkProxy: "autoconfig_url", "resource://jid1-zv8ehywtdnutwq-at-jetpack/unblock-youku/data/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\explugin\npBaiduSDDetectPlug.dll [2015-06-08] (百度在线网络技术(北京)有限公司)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Unblock Youku - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\jid1-zV8eHYwTDNUtwQ@jetpack.xpi [2015-03-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-29]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-29]
CHR Extension: (Hola Better Internet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-05-24]
CHR Extension: (Bookmark Manager) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]
CHR Extension: (Google Wallet) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-29]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-29]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-07-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-08] (百度在线网络技术(北京)有限公司)
R2 BDKVRTP; C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [805896 2015-06-08] (百度在线网络技术(北京)有限公司)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [202704 2015-06-08] (Baidu)
R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [198600 2015-06-08] (Baidu)
R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [69448 2015-06-08] (Baidu)
R4 BDArKit; C:\Windows\System32\Drivers\BDArKit.SYS [152392 2015-06-08] (Baidu Technology)
R1 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103752 2015-06-08] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [62280 2015-06-08] (Baidu)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-16] (电脑管家)
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 18:39 - 2015-06-17 18:39 - 00009203 _____ C:\Users\Martin\Downloads\FRST.txt
2015-06-17 18:39 - 2015-06-17 18:39 - 00000000 ____D C:\FRST
2015-06-17 18:12 - 2015-06-17 18:12 - 00001157 _____ C:\Users\Martin\Desktop\FRST64 (1) - odkaz.lnk
2015-06-17 18:11 - 2015-06-17 18:11 - 02109952 _____ (Farbar) C:\Users\Martin\Downloads\FRST64 (1).exe
2015-06-17 18:08 - 2015-06-17 18:15 - 00029696 _____ C:\Users\Martin\AppData\Local\MSGBOX.EXE
2015-06-17 18:05 - 2015-06-17 18:05 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Downloads\FRSTLauncher.exe
2015-06-17 18:02 - 2015-06-17 18:02 - 02109952 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2015-06-17 17:39 - 2015-06-17 17:26 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-17 17:27 - 2015-06-17 17:42 - 00012339 _____ C:\zoek-results.log
2015-06-17 17:26 - 2015-06-17 17:37 - 00000000 ____D C:\zoek_backup
2015-06-17 17:25 - 2015-06-17 17:26 - 00001416 _____ C:\Users\Martin\Desktop\zoek - odkaz.lnk
2015-06-17 17:24 - 2015-06-17 17:24 - 01308672 _____ C:\Users\Martin\Downloads\zoek.exe
2015-06-17 17:15 - 2015-06-17 17:20 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2015-06-17 17:15 - 2015-06-17 17:17 - 00000000 ____D C:\Users\Martin\Documents\RegRun2
2015-06-17 17:15 - 2015-06-17 17:15 - 00000002 RSHOT C:\Windows\winstart.bat
2015-06-17 17:15 - 2015-06-17 17:15 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2015-06-17 17:15 - 2015-06-17 17:15 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2015-06-17 16:45 - 2015-06-17 16:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 16:43 - 2015-06-17 17:08 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-17 16:43 - 2015-06-17 17:07 - 00000000 ____D C:\Users\Martin\Desktop\mbar
2015-06-17 16:42 - 2015-06-17 16:42 - 00001528 _____ C:\Users\Martin\Desktop\mbar-1.09.1.1004 - odkaz.lnk
2015-06-17 15:57 - 2015-06-17 17:42 - 00000112 _____ C:\Windows\setupact.log
2015-06-17 15:57 - 2015-06-17 15:57 - 00000000 _____ C:\Windows\setuperr.log
2015-06-17 15:56 - 2015-06-17 17:42 - 00001252 _____ C:\Windows\PFRO.log
2015-06-17 15:20 - 2015-06-17 15:20 - 00000000 ____D C:\ProgramData\Kaspersky SDK
2015-06-17 15:10 - 2015-06-17 15:10 - 00015538 _____ C:\Users\Martin\Downloads\Sťahovanie.htm
2015-06-17 14:49 - 2015-06-17 14:50 - 00000000 ____D C:\rsit
2015-06-17 14:29 - 2015-06-17 14:29 - 00003318 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-06-16 19:41 - 2015-06-16 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-16 19:31 - 2015-06-17 15:45 - 00000000 ___RD C:\RavBin
2015-06-16 19:31 - 2015-06-16 19:30 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-06-16 18:39 - 2015-06-17 14:29 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-16 18:20 - 2015-06-16 18:20 - 00003152 _____ C:\Windows\System32\Tasks\{089BE96F-D0A5-49E1-88C2-9FE40C798689}
2015-06-16 18:20 - 2015-06-16 17:58 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-16 18:02 - 2015-06-16 17:58 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-16 18:02 - 2015-06-16 17:58 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-16 18:02 - 2015-06-16 17:58 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\tfsfltX64.sys
2015-06-16 17:59 - 2015-06-16 17:59 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-16 17:56 - 2015-06-16 17:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Baidu
2015-06-16 17:56 - 2015-06-16 17:56 - 00000000 ____D C:\ProgramData\Baidu
2015-06-16 17:56 - 2015-06-16 17:56 - 00000000 ____D C:\Program Files (x86)\Baidu
2015-06-16 17:56 - 2015-06-08 08:03 - 00198600 _____ (Baidu) C:\Windows\system32\Drivers\bd0002.sys
2015-06-16 17:56 - 2015-06-08 08:03 - 00152392 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.SYS
2015-06-16 17:56 - 2015-06-08 08:03 - 00103752 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
2015-06-16 17:56 - 2015-06-08 08:03 - 00069448 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys
2015-06-16 17:56 - 2015-06-08 08:03 - 00062280 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
2015-06-16 17:54 - 2015-06-16 17:54 - 00000000 ____D C:\ProgramData\Rising
2015-06-16 17:54 - 2015-06-16 17:54 - 00000000 _____ C:\Users\Martin\AppData\Local\Temp.dat
2015-06-16 17:53 - 2015-06-16 17:53 - 00000000 _____ C:\Windows\prleth.sys
2015-06-16 17:53 - 2015-06-16 17:53 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-16 17:52 - 2015-06-17 17:52 - 00000332 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job
2015-06-16 16:38 - 2015-06-16 16:42 - 00000000 ____D C:\Users\Martin\AppData\Local\Isoplex
2015-06-16 16:38 - 2015-06-16 16:38 - 00000000 ____D C:\Users\Martin\AppData\Local\Caphyon
2015-06-16 16:37 - 2015-06-16 16:37 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Isoplex
2015-06-10 19:14 - 2015-06-10 19:14 - 00001772 _____ C:\Users\Martin\Desktop\Spotify.lnk
2015-06-10 19:14 - 2015-06-10 19:14 - 00001758 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-06-07 11:16 - 2015-06-15 20:17 - 00000000 ____D C:\Users\Martin\AppData\Local\Spotify
2015-05-20 21:36 - 2015-05-20 21:37 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2015-05-20 21:36 - 2015-05-20 21:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\AMD
2015-05-20 21:36 - 2015-05-20 21:36 - 00000000 ____D C:\Users\Martin\AppData\Local\Skype
2015-05-20 21:35 - 2015-05-20 21:37 - 00000000 ____D C:\ProgramData\Skype
2015-05-20 21:34 - 2015-05-20 23:03 - 00000000 ____D C:\Users\Martin\AppData\Roaming\DivX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-17 17:49 - 2009-07-14 06:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-17 17:49 - 2009-07-14 06:45 - 00021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-17 17:48 - 2009-07-14 07:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-17 17:46 - 2014-07-29 13:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-17 17:45 - 2014-09-23 12:23 - 01259054 _____ C:\Windows\WindowsUpdate.log
2015-06-17 17:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 16:46 - 2015-01-17 18:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-16 18:43 - 2014-07-28 18:51 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-16 18:43 - 2014-07-28 18:51 - 00001111 _____ C:\Users\Public\Desktop\Opera.lnk
2015-06-16 18:43 - 2014-07-28 18:43 - 00001443 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-16 18:43 - 2014-07-28 18:43 - 00001409 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-06-16 18:38 - 2009-07-14 06:45 - 00412504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 18:16 - 2014-07-28 18:35 - 00107608 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-15 20:22 - 2014-08-16 20:49 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Spotify
2015-06-11 11:27 - 2014-07-28 18:51 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1406566310
2015-06-11 11:27 - 2014-07-28 18:51 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-10 19:46 - 2014-07-29 13:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 19:46 - 2014-07-29 13:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 19:46 - 2014-07-29 13:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-08 08:03 - 2014-12-24 20:58 - 00202704 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys
2015-06-02 18:21 - 2015-01-21 12:55 - 00001652 _____ C:\Windows\Sandboxie.ini
2015-06-02 11:40 - 2009-07-14 07:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-31 10:48 - 2014-11-20 20:21 - 00000193 _____ C:\Windows\WORDPAD.INI
2015-05-30 18:52 - 2014-09-13 17:11 - 00000000 ____D C:\Users\Martin\Documents\mjhu
2015-05-26 16:49 - 2014-07-28 18:45 - 00000000 ____D C:\Windows\Options
2015-05-25 11:23 - 2015-01-27 13:23 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-19 21:05 - 2014-08-23 21:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2015-06-17 18:08 - 2015-06-17 18:15 - 0029696 _____ () C:\Users\Martin\AppData\Local\MSGBOX.EXE
2015-06-16 17:54 - 2015-06-16 17:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 14:49

==================== End of log ============================

Re: Prosím o kontrolu logu

Napsal: 17 čer 2015 17:57
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe [2526216 2015-06-08] (百度在线网络技术(北京)有限公司)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [Spotify Web Helper] => C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-06-10] (Spotify Ltd)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q_Magazine_-_June_2015.pdf.lnk [2015-04-29]
ShortcutTarget: Q_Magazine_-_June_2015.pdf.lnk -> C:\ProgramData\{15368ad3-cd1b-67a2-1536-68ad3cd12b4f}\Q_Magazine_-_June_2015.pdf.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [FpPop] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => No File
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => No File

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: WebGuardBHO -> {1B2639A9-EE25-4AE7-A2E3-B308F08125C4} -> C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\WebGuardBHO.dll [2015-06-16] (百度在线网络技术(北京)有限公司)
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - No File

FF NetworkProxy: "autoconfig_url", "resource://jid1-zv8ehywtdnutwq-at-jetpack/unblock-youku/data/proxy.pac"
FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\explugin\npBaiduSDDetectPlug.dll [2015-06-08] (百度在线网络技术(北京)有限公司)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\npQMExtensionsMozilla.dll No File
FF Extension: Unblock Youku - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\jid1-zV8eHYwTDNUtwQ@jetpack.xpi [2015-03-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-08] (百度在线网络技术(北京)有限公司)
R2 BDKVRTP; C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [805896 2015-06-08] (百度在线网络技术(北京)有限公司)
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [202704 2015-06-08] (Baidu)
R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [198600 2015-06-08] (Baidu)
R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [69448 2015-06-08] (Baidu)
R4 BDArKit; C:\Windows\System32\Drivers\BDArKit.SYS [152392 2015-06-08] (Baidu Technology)
R1 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103752 2015-06-08] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [62280 2015-06-08] (Baidu)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-16] (电脑管家)
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

C:\Program Files (x86)\Tencent
C:\program files (x86)\common files\tencent
C:\Program Files (x86)\Baidu
C:\Program Files (x86)\Common Files\Baidu
c:\programdata\{634e2d5b-2ed3-75ac-634e-e2d5b2edb56c}
2015-06-17 18:39 - 2015-06-17 18:39 - 00009203 _____ C:\Users\Martin\Downloads\FRST.txt
2015-06-17 18:08 - 2015-06-17 18:15 - 00029696 _____ C:\Users\Martin\AppData\Local\MSGBOX.EXE
2015-06-17 18:05 - 2015-06-17 18:05 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Downloads\FRSTLauncher.exe
2015-06-17 18:12 - 2015-06-17 18:12 - 00001157 _____ C:\Users\Martin\Desktop\FRST64 (1) - odkaz.lnk
2015-06-17 17:39 - 2015-06-17 17:26 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-17 17:27 - 2015-06-17 17:42 - 00012339 _____ C:\zoek-results.log
2015-06-17 17:26 - 2015-06-17 17:37 - 00000000 ____D C:\zoek_backup
2015-06-17 17:25 - 2015-06-17 17:26 - 00001416 _____ C:\Users\Martin\Desktop\zoek - odkaz.lnk
2015-06-17 17:24 - 2015-06-17 17:24 - 01308672 _____ C:\Users\Martin\Downloads\zoek.exe
2015-06-17 17:15 - 2015-06-17 17:20 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2015-06-17 17:15 - 2015-06-17 17:17 - 00000000 ____D C:\Users\Martin\Documents\RegRun2
2015-06-17 17:15 - 2015-06-17 17:15 - 00000002 RSHOT C:\Windows\winstart.bat
2015-06-17 16:45 - 2015-06-17 16:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 16:43 - 2015-06-17 17:08 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-17 16:43 - 2015-06-17 17:07 - 00000000 ____D C:\Users\Martin\Desktop\mbar
2015-06-17 16:42 - 2015-06-17 16:42 - 00001528 _____ C:\Users\Martin\Desktop\mbar-1.09.1.1004 - odkaz.lnk
2015-06-17 15:57 - 2015-06-17 17:42 - 00000112 _____ C:\Windows\setupact.log
2015-06-17 15:57 - 2015-06-17 15:57 - 00000000 _____ C:\Windows\setuperr.log
2015-06-17 15:56 - 2015-06-17 17:42 - 00001252 _____ C:\Windows\PFRO.log
2015-06-17 14:29 - 2015-06-17 14:29 - 00003318 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-06-16 19:41 - 2015-06-16 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-16 18:39 - 2015-06-17 14:29 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-16 18:20 - 2015-06-16 18:20 - 00003152 _____ C:\Windows\System32\Tasks\{089BE96F-D0A5-49E1-88C2-9FE40C798689}
2015-06-16 18:20 - 2015-06-16 17:58 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-16 18:02 - 2015-06-16 17:58 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-16 18:02 - 2015-06-16 17:58 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-16 18:02 - 2015-06-16 17:58 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\tfsfltX64.sys
2015-06-16 17:59 - 2015-06-16 17:59 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-16 17:56 - 2015-06-16 17:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Baidu
2015-06-16 17:56 - 2015-06-16 17:56 - 00000000 ____D C:\ProgramData\Baidu
2015-06-16 17:56 - 2015-06-16 17:56 - 00000000 ____D C:\Program Files (x86)\Baidu
2015-06-16 17:56 - 2015-06-08 08:03 - 00198600 _____ (Baidu) C:\Windows\system32\Drivers\bd0002.sys
2015-06-16 17:56 - 2015-06-08 08:03 - 00152392 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.SYS
2015-06-16 17:56 - 2015-06-08 08:03 - 00103752 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
2015-06-16 17:56 - 2015-06-08 08:03 - 00069448 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys
2015-06-16 17:56 - 2015-06-08 08:03 - 00062280 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
2015-06-16 17:52 - 2015-06-17 17:52 - 00000332 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job

Task: {8D15F4E5-AFD5-41EC-ABCF-6338FDE37F24} - \Bidaily Synchronize Task[973b] No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{634e2d5b-2ed3-75ac-634e-e2d5b2edb56c}\download.exe <==== ATTENTION

FirewallRules: [{49DC982C-E38A-441E-A5E6-F53A631FE08E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{376D4F32-6FDA-4312-B34F-9562D9ED474C}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{2B54D523-19FB-4F04-B17F-B62B325A5FFC}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{166B7CED-F6C0-4A8E-98E9-CF74101ECAFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{A46D046D-99EB-4FF0-B439-BB756BDD3264}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{760097D3-3D79-4C8A-B07B-8BA6BEDD73CF}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{7CEA1A13-43E7-4B95-AD25-C90D40509D0A}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{C336541B-D25C-4078-9A67-A362F3CD53F4}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{DA48DA5A-0549-41DB-8A06-9C1A447EEDD3}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{0F0D052B-4C88-4C52-9D21-D02DCDC735B2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{ABAA44F2-51DF-4956-B75A-6E8DC4C75B6A}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{855DD7E5-E282-47BF-A1DF-34E1665BCCDA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{2C3AD9F3-06DF-4502-B6AE-B01B3857B159}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{854C1F56-250E-44C2-9484-C7DBE7535658}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{6EAB2BF4-E22F-4BA3-AAEF-EB2FF6B7D5A8}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{7EB7ABFE-AE74-4DF7-96C7-8531E76872F5}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{632B4C79-1D8B-48CC-8D39-F7D3E99BC681}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{AC064B91-FF4F-4A48-8124-FE0B31520EFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{2BAE0C83-639B-4822-8494-55F4A748BA07}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{BA30F7CD-B900-4F52-ACB7-58E5D867D2E1}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{D3B4CE56-CABD-45E8-8CCF-488FDAE2C165}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{0939615D-EC8A-44BE-B4DF-B7B728AF42F2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{DB0D9ABF-AD02-4551-8EA8-9D040973D8A6}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{84394125-B6E8-4723-AC8F-B539327841F9}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{B5F70536-42CD-4AF4-94EE-80691EE1E32F}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{8F3708BD-D693-41AA-BF30-FD5014AA2F7E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{882480B0-60F6-4259-BEB2-1A2E0AED1BDC}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{0E23F181-F3ED-4939-9386-DD5B86136744}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{10AC0C4F-E6D8-4A30-AECC-C0294A795801}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{C90CD7C3-6F16-4A63-AD3C-AB1CEF2AAC90}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{A405BDBB-1573-499C-9B03-4788005415C8}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{FFC819CC-309E-4A9B-B09B-C6EFE0EB5338}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{87ED2D1D-E312-4CA0-9913-BDD7B351DAFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{20F73DAF-86DC-455F-B88D-66CF8357C662}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{2962A076-4880-440F-86D5-EC50CCBC6698}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{4C42509C-53F3-4EFD-84D4-399FE3E30BBE}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{D75AE33D-EFDA-4805-959F-E0BC9C347F35}] => (Allow) C:\program files (x86)\common files\baidu\bddownload\109\bddownloader.exe
FirewallRules: [{9C685005-41EB-4778-A81F-A1FA60841C52}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{7A530681-163C-49DA-BA49-94344CADFB55}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{1B0D2B51-C3F2-4CD8-8B4F-0FECF0DFB1E8}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{B79436D4-624F-4D3F-A20D-A6B72D6FCED6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{20B81BFD-DC2B-4454-8043-3EDD0C083723}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{36B2FDB5-37C4-4D50-85D4-A1E1BFA16370}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: Prosím o kontrolu logu

Napsal: 17 čer 2015 18:17
od Peelie
Urobil som tieto kroky:

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustil som FRST,ale napísalo mi,že no fixlist is found. It must be in the same folder than....

Re: Prosím o kontrolu logu

Napsal: 17 čer 2015 18:20
od vyosek
FRST jste spoustel odsud
Running from C:\Users\Martin\Downloads
Takze i tam ulozte fixlist, nebo si FRST presunte na plochu - bacha, at si na plose neudelate jen zastupce

Re: Prosím o kontrolu logu

Napsal: 17 čer 2015 18:30
od Peelie
Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Martin at 2015-06-17 19:23:21 Run:1
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe [2526216 2015-06-08] (百度在线网络技术(北京)有限公司)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [Spotify Web Helper] => C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-06-10] (Spotify Ltd)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q_Magazine_-_June_2015.pdf.lnk [2015-04-29]
ShortcutTarget: Q_Magazine_-_June_2015.pdf.lnk -> C:\ProgramData\{15368ad3-cd1b-67a2-1536-68ad3cd12b4f}\Q_Magazine_-_June_2015.pdf.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [FpPop] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => No File
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => No File

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: WebGuardBHO -> {1B2639A9-EE25-4AE7-A2E3-B308F08125C4} -> C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\WebGuardBHO.dll [2015-06-16] (百度在线网络技术(北京)有限公司)
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - No File

FF NetworkProxy: "autoconfig_url", "resource://jid1-zv8ehywtdnutwq-at-jetpack/unblock-youku/data/proxy.pac"
FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\explugin\npBaiduSDDetectPlug.dll [2015-06-08] (百度在线网络技术(北京)有限公司)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\npQMExtensionsMozilla.dll No File
FF Extension: Unblock Youku - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\jid1-zV8eHYwTDNUtwQ@jetpack.xpi [2015-03-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-08] (百度在线网络技术(北京)有限公司)
R2 BDKVRTP; C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [805896 2015-06-08] (百度在线网络技术(北京)有限公司)
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [202704 2015-06-08] (Baidu)
R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [198600 2015-06-08] (Baidu)
R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [69448 2015-06-08] (Baidu)
R4 BDArKit; C:\Windows\System32\Drivers\BDArKit.SYS [152392 2015-06-08] (Baidu Technology)
R1 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103752 2015-06-08] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [62280 2015-06-08] (Baidu)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-16] (电脑管家)
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

C:\Program Files (x86)\Tencent
C:\program files (x86)\common files\tencent
C:\Program Files (x86)\Baidu
C:\Program Files (x86)\Common Files\Baidu
c:\programdata\{634e2d5b-2ed3-75ac-634e-e2d5b2edb56c}
2015-06-17 18:39 - 2015-06-17 18:39 - 00009203 _____ C:\Users\Martin\Downloads\FRST.txt
2015-06-17 18:08 - 2015-06-17 18:15 - 00029696 _____ C:\Users\Martin\AppData\Local\MSGBOX.EXE
2015-06-17 18:05 - 2015-06-17 18:05 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Downloads\FRSTLauncher.exe
2015-06-17 18:12 - 2015-06-17 18:12 - 00001157 _____ C:\Users\Martin\Desktop\FRST64 (1) - odkaz.lnk
2015-06-17 17:39 - 2015-06-17 17:26 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-17 17:27 - 2015-06-17 17:42 - 00012339 _____ C:\zoek-results.log
2015-06-17 17:26 - 2015-06-17 17:37 - 00000000 ____D C:\zoek_backup
2015-06-17 17:25 - 2015-06-17 17:26 - 00001416 _____ C:\Users\Martin\Desktop\zoek - odkaz.lnk
2015-06-17 17:24 - 2015-06-17 17:24 - 01308672 _____ C:\Users\Martin\Downloads\zoek.exe
2015-06-17 17:15 - 2015-06-17 17:20 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2015-06-17 17:15 - 2015-06-17 17:17 - 00000000 ____D C:\Users\Martin\Documents\RegRun2
2015-06-17 17:15 - 2015-06-17 17:15 - 00000002 RSHOT C:\Windows\winstart.bat
2015-06-17 16:45 - 2015-06-17 16:45 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-17 16:43 - 2015-06-17 17:08 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-17 16:43 - 2015-06-17 17:07 - 00000000 ____D C:\Users\Martin\Desktop\mbar
2015-06-17 16:42 - 2015-06-17 16:42 - 00001528 _____ C:\Users\Martin\Desktop\mbar-1.09.1.1004 - odkaz.lnk
2015-06-17 15:57 - 2015-06-17 17:42 - 00000112 _____ C:\Windows\setupact.log
2015-06-17 15:57 - 2015-06-17 15:57 - 00000000 _____ C:\Windows\setuperr.log
2015-06-17 15:56 - 2015-06-17 17:42 - 00001252 _____ C:\Windows\PFRO.log
2015-06-17 14:29 - 2015-06-17 14:29 - 00003318 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-06-16 19:41 - 2015-06-16 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-16 18:39 - 2015-06-17 14:29 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-16 18:20 - 2015-06-16 18:20 - 00003152 _____ C:\Windows\System32\Tasks\{089BE96F-D0A5-49E1-88C2-9FE40C798689}
2015-06-16 18:20 - 2015-06-16 17:58 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-16 18:02 - 2015-06-16 17:58 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-16 18:02 - 2015-06-16 17:58 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-16 18:02 - 2015-06-16 17:58 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\tfsfltX64.sys
2015-06-16 17:59 - 2015-06-16 17:59 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-16 17:56 - 2015-06-16 17:57 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Baidu
2015-06-16 17:56 - 2015-06-16 17:56 - 00000000 ____D C:\ProgramData\Baidu
2015-06-16 17:56 - 2015-06-16 17:56 - 00000000 ____D C:\Program Files (x86)\Baidu
2015-06-16 17:56 - 2015-06-08 08:03 - 00198600 _____ (Baidu) C:\Windows\system32\Drivers\bd0002.sys
2015-06-16 17:56 - 2015-06-08 08:03 - 00152392 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.SYS
2015-06-16 17:56 - 2015-06-08 08:03 - 00103752 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
2015-06-16 17:56 - 2015-06-08 08:03 - 00069448 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys
2015-06-16 17:56 - 2015-06-08 08:03 - 00062280 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
2015-06-16 17:52 - 2015-06-17 17:52 - 00000332 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job

Task: {8D15F4E5-AFD5-41EC-ABCF-6338FDE37F24} - \Bidaily Synchronize Task[973b] No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{634e2d5b-2ed3-75ac-634e-e2d5b2edb56c}\download.exe <==== ATTENTION

FirewallRules: [{49DC982C-E38A-441E-A5E6-F53A631FE08E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{376D4F32-6FDA-4312-B34F-9562D9ED474C}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{2B54D523-19FB-4F04-B17F-B62B325A5FFC}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{166B7CED-F6C0-4A8E-98E9-CF74101ECAFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{A46D046D-99EB-4FF0-B439-BB756BDD3264}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{760097D3-3D79-4C8A-B07B-8BA6BEDD73CF}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
FirewallRules: [{7CEA1A13-43E7-4B95-AD25-C90D40509D0A}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{C336541B-D25C-4078-9A67-A362F3CD53F4}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{DA48DA5A-0549-41DB-8A06-9C1A447EEDD3}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{0F0D052B-4C88-4C52-9D21-D02DCDC735B2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{ABAA44F2-51DF-4956-B75A-6E8DC4C75B6A}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{855DD7E5-E282-47BF-A1DF-34E1665BCCDA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSd.exe
FirewallRules: [{2C3AD9F3-06DF-4502-B6AE-B01B3857B159}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{854C1F56-250E-44C2-9484-C7DBE7535658}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{6EAB2BF4-E22F-4BA3-AAEF-EB2FF6B7D5A8}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{7EB7ABFE-AE74-4DF7-96C7-8531E76872F5}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{632B4C79-1D8B-48CC-8D39-F7D3E99BC681}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{AC064B91-FF4F-4A48-8124-FE0B31520EFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
FirewallRules: [{2BAE0C83-639B-4822-8494-55F4A748BA07}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{BA30F7CD-B900-4F52-ACB7-58E5D867D2E1}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{D3B4CE56-CABD-45E8-8CCF-488FDAE2C165}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{0939615D-EC8A-44BE-B4DF-B7B728AF42F2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{DB0D9ABF-AD02-4551-8EA8-9D040973D8A6}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{84394125-B6E8-4723-AC8F-B539327841F9}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
FirewallRules: [{B5F70536-42CD-4AF4-94EE-80691EE1E32F}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{8F3708BD-D693-41AA-BF30-FD5014AA2F7E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{882480B0-60F6-4259-BEB2-1A2E0AED1BDC}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{0E23F181-F3ED-4939-9386-DD5B86136744}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{10AC0C4F-E6D8-4A30-AECC-C0294A795801}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{C90CD7C3-6F16-4A63-AD3C-AB1CEF2AAC90}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdBugRpt.exe
FirewallRules: [{A405BDBB-1573-499C-9B03-4788005415C8}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{FFC819CC-309E-4A9B-B09B-C6EFE0EB5338}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{87ED2D1D-E312-4CA0-9913-BDD7B351DAFA}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{20F73DAF-86DC-455F-B88D-66CF8357C662}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{2962A076-4880-440F-86D5-EC50CCBC6698}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{4C42509C-53F3-4EFD-84D4-399FE3E30BBE}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
FirewallRules: [{D75AE33D-EFDA-4805-959F-E0BC9C347F35}] => (Allow) C:\program files (x86)\common files\baidu\bddownload\109\bddownloader.exe
FirewallRules: [{9C685005-41EB-4778-A81F-A1FA60841C52}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{7A530681-163C-49DA-BA49-94344CADFB55}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{1B0D2B51-C3F2-4CD8-8B4F-0FECF0DFB1E8}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{B79436D4-624F-4D3F-A20D-A6B72D6FCED6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{20B81BFD-DC2B-4454-8043-3EDD0C083723}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{36B2FDB5-37C4-4D50-85D4-A1E1BFA16370}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\baidusdTray => value could not remove.
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper => value removed successfully
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Q_Magazine_-_June_2015.pdf.lnk => moved successfully.
C:\ProgramData\{15368ad3-cd1b-67a2-1536-68ad3cd12b4f}\Q_Magazine_-_June_2015.pdf.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\FpPop" => key removed successfully
HKCR\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\FunOverlay" => key removed successfully
HKCR\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B2639A9-EE25-4AE7-A2E3-B308F08125C4}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{1B2639A9-EE25-4AE7-A2E3-B308F08125C4}" => key removed successfully
"HKCR\PROTOCOLS\Handler\kuwo" => key removed successfully
HKCR\CLSID\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} => key not found.
Firefox Proxy settings were reset.
"HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin" => key removed successfully
Could not move "C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\explugin\npBaiduSDDetectPlug.dll" => Scheduled to move on reboot.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr" => key removed successfully
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\jid1-zV8eHYwTDNUtwQ@jetpack.xpi => moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
BaiduHips => Unable to stop service.
BaiduHips => Service could not remove
BDKVRTP => Unable to stop service.
BDKVRTP => Service could not remove
bd0001 => Unable to stop service.
bd0001 => Service could not remove
bd0002 => Unable to stop service.
bd0002 => Service could not remove
bd0003 => Unable to stop service.
bd0003 => Service could not remove
BDArKit => Unable to stop service.
BDArKit => Service could not remove
BDDefense => Unable to stop service.
BDDefense => Service could not remove
BDMWrench_x64 => Unable to stop service.
BDMWrench_x64 => Service could not remove
TSSKX64 => Service removed successfully
Partizan => Service removed successfully
SBRE => Service removed successfully
"C:\Program Files (x86)\Tencent" => File/Folder not found.
"C:\program files (x86)\common files\tencent" => File/Folder not found.

"C:\Program Files (x86)\Baidu" folder move:

Could not move "C:\Program Files (x86)\Baidu" folder => Scheduled to move on reboot.

C:\Program Files (x86)\Common Files\Baidu => moved successfully.
"c:\programdata\{634e2d5b-2ed3-75ac-634e-e2d5b2edb56c}" => File/Folder not found.
"C:\Users\Martin\Downloads\FRST.txt" => File/Folder not found.
C:\Users\Martin\AppData\Local\MSGBOX.EXE => moved successfully.
"C:\Users\Martin\Downloads\FRSTLauncher.exe" => File/Folder not found.
C:\Users\Martin\Desktop\FRST64 (1) - odkaz.lnk => moved successfully.
C:\Windows\zoek-delete.exe => moved successfully.
C:\zoek-results.log => moved successfully.
C:\zoek_backup => moved successfully.
C:\Users\Martin\Desktop\zoek - odkaz.lnk => moved successfully.
C:\Users\Martin\Downloads\zoek.exe => moved successfully.
"C:\Program Files (x86)\UnHackMe" => File/Folder not found.
C:\Users\Martin\Documents\RegRun2 => moved successfully.
C:\Windows\winstart.bat => moved successfully.
C:\Windows\system32\Drivers\MBAMSwissArmy.sys => moved successfully.
C:\Windows\system32\Drivers\mbamchameleon.sys => moved successfully.
C:\Users\Martin\Desktop\mbar => moved successfully.
C:\Users\Martin\Desktop\mbar-1.09.1.1004 - odkaz.lnk => moved successfully.
C:\Windows\setupact.log => moved successfully.
C:\Windows\setuperr.log => moved successfully.
C:\Windows\PFRO.log => moved successfully.
C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 => moved successfully.
C:\Windows\SysWOW64\Drivers\TS888x64.sys => moved successfully.
C:\Windows\System32\Tasks\{089BE96F-D0A5-49E1-88C2-9FE40C798689} => moved successfully.
C:\Windows\system32\Drivers\TSSKX64.sys => moved successfully.
C:\Windows\system32\Drivers\TAOKernel64.sys => moved successfully.
C:\Windows\system32\Drivers\TAOAccelerator64.sys => moved successfully.
C:\Windows\system32\Drivers\tfsfltX64.sys => moved successfully.
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 => moved successfully.
C:\Users\Martin\AppData\Roaming\Baidu => moved successfully.

"C:\ProgramData\Baidu" folder move:

Could not move "C:\ProgramData\Baidu" folder => Scheduled to move on reboot.


"C:\Program Files (x86)\Baidu" folder move:

Could not move "C:\Program Files (x86)\Baidu" folder => Scheduled to move on reboot.

Could not move "C:\Windows\system32\Drivers\bd0002.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\BDArKit.SYS" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\BDDefense.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\bd0003.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\BDMWrench_x64.sys" => Scheduled to move on reboot.
C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D15F4E5-AFD5-41EC-ABCF-6338FDE37F24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D15F4E5-AFD5-41EC-ABCF-6338FDE37F24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[973b]" => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully.
C:\Windows\Tasks\Bidaily Synchronize Task[973b].job not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49DC982C-E38A-441E-A5E6-F53A631FE08E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{376D4F32-6FDA-4312-B34F-9562D9ED474C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B54D523-19FB-4F04-B17F-B62B325A5FFC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{166B7CED-F6C0-4A8E-98E9-CF74101ECAFA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A46D046D-99EB-4FF0-B439-BB756BDD3264} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{760097D3-3D79-4C8A-B07B-8BA6BEDD73CF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CEA1A13-43E7-4B95-AD25-C90D40509D0A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C336541B-D25C-4078-9A67-A362F3CD53F4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA48DA5A-0549-41DB-8A06-9C1A447EEDD3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F0D052B-4C88-4C52-9D21-D02DCDC735B2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ABAA44F2-51DF-4956-B75A-6E8DC4C75B6A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{855DD7E5-E282-47BF-A1DF-34E1665BCCDA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C3AD9F3-06DF-4502-B6AE-B01B3857B159} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{854C1F56-250E-44C2-9484-C7DBE7535658} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6EAB2BF4-E22F-4BA3-AAEF-EB2FF6B7D5A8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7EB7ABFE-AE74-4DF7-96C7-8531E76872F5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{632B4C79-1D8B-48CC-8D39-F7D3E99BC681} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC064B91-FF4F-4A48-8124-FE0B31520EFA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2BAE0C83-639B-4822-8494-55F4A748BA07} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA30F7CD-B900-4F52-ACB7-58E5D867D2E1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3B4CE56-CABD-45E8-8CCF-488FDAE2C165} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0939615D-EC8A-44BE-B4DF-B7B728AF42F2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB0D9ABF-AD02-4551-8EA8-9D040973D8A6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84394125-B6E8-4723-AC8F-B539327841F9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5F70536-42CD-4AF4-94EE-80691EE1E32F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F3708BD-D693-41AA-BF30-FD5014AA2F7E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{882480B0-60F6-4259-BEB2-1A2E0AED1BDC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E23F181-F3ED-4939-9386-DD5B86136744} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10AC0C4F-E6D8-4A30-AECC-C0294A795801} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C90CD7C3-6F16-4A63-AD3C-AB1CEF2AAC90} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A405BDBB-1573-499C-9B03-4788005415C8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFC819CC-309E-4A9B-B09B-C6EFE0EB5338} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{87ED2D1D-E312-4CA0-9913-BDD7B351DAFA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20F73DAF-86DC-455F-B88D-66CF8357C662} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2962A076-4880-440F-86D5-EC50CCBC6698} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C42509C-53F3-4EFD-84D4-399FE3E30BBE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D75AE33D-EFDA-4805-959F-E0BC9C347F35} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C685005-41EB-4778-A81F-A1FA60841C52} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7A530681-163C-49DA-BA49-94344CADFB55} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B0D2B51-C3F2-4CD8-8B4F-0FECF0DFB1E8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B79436D4-624F-4D3F-A20D-A6B72D6FCED6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{20B81BFD-DC2B-4454-8043-3EDD0C083723} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36B2FDB5-37C4-4D50-85D4-A1E1BFA16370} => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 141.8 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-17 19:27:40)<=

"C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\explugin\npBaiduSDDetectPlug.dll" => Could not move
"C:\Program Files (x86)\Baidu" => Could not move
"C:\ProgramData\Baidu" => Could not move
"C:\Program Files (x86)\Baidu" => Could not move
"C:\Windows\system32\Drivers\bd0002.sys" => Could not move
"C:\Windows\system32\Drivers\BDArKit.SYS" => Could not move
"C:\Windows\system32\Drivers\BDDefense.sys" => Could not move
"C:\Windows\system32\Drivers\bd0003.sys" => Could not move
"C:\Windows\system32\Drivers\BDMWrench_x64.sys" => Could not move

==== End of Fixlog 19:27:48 ====

Re: Prosím o kontrolu logu

Napsal: 17 čer 2015 19:36
od vyosek
:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Prosím o kontrolu logu

Napsal: 18 čer 2015 11:19
od Peelie
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/18/2015 12:17:07 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 06/18/2015 12:17:53 PM
Execution time: 0 hours(s), 0 minute(s), and 45 seconds(s)

Re: Prosím o kontrolu logu

Napsal: 18 čer 2015 11:20
od vyosek
Pokracujte ComboFixem

Re: Prosím o kontrolu logu

Napsal: 18 čer 2015 11:53
od Peelie
ComboFix 15-06-18.01 - Martin . 06. 2015 12:42:03.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8154.6748 [GMT 2:00]
Running from: c:\users\Martin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\KwYlx.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
-------\Service_bd0002
.
.
((((((((((((((((((((((((( Files Created from 2015-05-18 to 2015-06-18 )))))))))))))))))))))))))))))))
.
.
2015-06-18 10:45 . 2015-06-18 10:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-17 17:29 . 2015-06-17 17:32 -------- d-----w- c:\users\Martin\AppData\Roaming\Baidu
2015-06-17 17:27 . 2015-06-17 17:27 103752 ----a-w- c:\windows\system32\drivers\BDDefense.sys
2015-06-17 17:27 . 2015-06-17 17:27 198600 ----a-w- c:\windows\system32\drivers\bd0002.sys
2015-06-17 17:27 . 2015-06-17 17:27 -------- d-----w- c:\program files (x86)\Common Files\Baidu
2015-06-17 17:26 . 2015-06-08 06:03 62280 ----a-w- c:\windows\system32\drivers\BDMWrench_x64.sys
2015-06-17 17:26 . 2015-06-08 06:03 152392 ----a-w- c:\windows\system32\drivers\BDArKit.SYS
2015-06-17 17:26 . 2015-06-08 06:03 69448 ----a-w- c:\windows\system32\drivers\bd0003.sys
2015-06-17 17:26 . 2015-06-17 17:32 -------- d-----w- c:\programdata\Baidu
2015-06-17 16:39 . 2015-06-17 17:27 -------- d-----w- C:\FRST
2015-06-17 15:39 . 2015-06-18 10:48 -------- d-----w- c:\users\Martin\AppData\Local\Temp
2015-06-17 13:20 . 2015-06-17 13:20 -------- d-----w- c:\programdata\Kaspersky SDK
2015-06-17 12:49 . 2015-06-17 12:50 -------- d-----w- C:\rsit
2015-06-16 17:31 . 2015-06-16 17:30 91928 ------w- c:\windows\SysWow64\vpatch.dll
2015-06-16 17:31 . 2015-06-17 13:45 -------- d-----r- C:\RavBin
2015-06-16 15:56 . 2015-06-16 15:56 -------- d-----w- c:\program files (x86)\Baidu
2015-06-16 15:54 . 2015-06-16 15:54 -------- d-----w- c:\programdata\Rising
2015-06-16 15:53 . 2015-06-16 15:53 0 ----a-w- c:\windows\prleth.sys
2015-06-16 15:53 . 2015-06-16 15:53 0 ----a-w- c:\windows\hgfs.sys
2015-06-16 14:38 . 2015-06-16 14:42 -------- d-----w- c:\users\Martin\AppData\Local\Isoplex
2015-06-16 14:38 . 2015-06-16 14:38 -------- d-----w- c:\users\Martin\AppData\Local\Caphyon
2015-06-16 14:37 . 2015-06-16 14:37 -------- d-----w- c:\users\Martin\AppData\Roaming\Isoplex
2015-06-07 09:16 . 2015-06-15 18:17 -------- d-----w- c:\users\Martin\AppData\Local\Spotify
2015-05-20 19:36 . 2015-05-20 19:36 -------- d-----w- c:\users\Martin\AppData\Roaming\AMD
2015-05-20 19:36 . 2015-05-20 19:36 -------- d-----w- c:\users\Martin\AppData\Local\Skype
2015-05-20 19:36 . 2015-05-20 19:37 -------- d-----w- c:\users\Martin\AppData\Roaming\Skype
2015-05-20 19:35 . 2015-05-20 19:37 -------- d-----w- c:\programdata\Skype
2015-05-20 19:34 . 2015-05-20 21:03 -------- d-----w- c:\users\Martin\AppData\Roaming\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-17 17:27 . 2014-12-24 18:58 202704 ----a-w- c:\windows\system32\drivers\bd0001.sys
2015-06-10 17:46 . 2014-07-29 11:15 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-10 17:46 . 2014-07-29 11:15 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 11:12 . 2015-04-15 11:12 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2015-04-15 11:12 . 2015-04-15 11:12 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2015-04-15 11:12 . 2015-04-15 11:12 138056 ----a-w- c:\windows\SysWow64\atl100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"baidusdTray"="c:\program files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe" [2015-06-08 2526216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 bd0001;bd0001;c:\windows\system32\DRIVERS\bd0001.sys;c:\windows\SYSNATIVE\DRIVERS\bd0001.sys [x]
S1 bd0002;bd0002;c:\windows\system32\DRIVERS\bd0002.sys;c:\windows\SYSNATIVE\DRIVERS\bd0002.sys [x]
S1 bd0003;bd0003;c:\windows\system32\DRIVERS\bd0003.sys;c:\windows\SYSNATIVE\DRIVERS\bd0003.sys [x]
S1 BDDefense;BDDefense;c:\windows\system32\drivers\BDDefense.sys;c:\windows\SYSNATIVE\drivers\BDDefense.sys [x]
S1 BDMWrench_x64;BDMWrench_x64;c:\windows\system32\DRIVERS\BDMWrench_x64.sys;c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BaiduHips;BaiduHips;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [x]
S2 BDArKit;BAIDU Ark Kit Service;c:\windows\System32\Drivers\BDArKit.SYS;c:\windows\SYSNATIVE\Drivers\BDArKit.SYS [x]
S2 BDKVRTP;BDKVRTP Service;c:\program files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe;c:\program files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BD0001
*NewlyCreated* - BD0002
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Tomb Raider III - d:\thomb raider 3\Uninst.isu
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2015-06-18 12:51:04 - machine was rebooted
ComboFix-quarantined-files.txt 2015-06-18 10:51
.
Pre-Run: 30 365 569 024 bytes free
Post-Run: 30 035 787 776 bytes free
.
- - End Of File - - 54358E902A758C9A49EE91290B062E87
A36C5E4F47E84449FF07ED3517B43A31

Re: Prosím o kontrolu logu

Napsal: 18 čer 2015 13:34
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
c:\users\Martin\AppData\Roaming\Baidu
c:\program files (x86)\Common Files\Baidu
c:\programdata\Baidu
c:\program files (x86)\Baidu

File::
c:\windows\system32\drivers\BDDefense.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\BDMWrench_x64.sys
c:\windows\system32\drivers\BDArKit.SYS
c:\windows\system32\drivers\bd0003.sys
c:\windows\SYSNATIVE\DRIVERS\bd0001.sys
c:\windows\SYSNATIVE\DRIVERS\bd0002.sys
c:\windows\SYSNATIVE\DRIVERS\bd0003.sys
c:\windows\SYSNATIVE\drivers\BDDefense.sys
c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray"=-

Driver::
bd0001
bd0002
bd0003
BDDefense
BDMWrench_x64
BaiduHips
BDArKit
BDKVRTP

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Prosím o kontrolu logu

Napsal: 18 čer 2015 14:02
od Peelie
ComboFix 15-06-18.01 - Martin . 06. 2015 14:52:54.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8154.6812 [GMT 2:00]
Running from: c:\users\Martin\Desktop\ComboFix.exe
Command switches used :: c:\users\Martin\Desktop\CFScript - odkaz.lnk
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
-------\Service_bd0002
.
.
((((((((((((((((((((((((( Files Created from 2015-05-18 to 2015-06-18 )))))))))))))))))))))))))))))))
.
.
2015-06-17 17:29 . 2015-06-18 10:53 -------- d-----w- c:\users\Martin\AppData\Roaming\Baidu
2015-06-17 17:27 . 2015-06-17 17:27 103752 ----a-w- c:\windows\system32\drivers\BDDefense.sys
2015-06-17 17:27 . 2015-06-17 17:27 198600 ----a-w- c:\windows\system32\drivers\bd0002.sys
2015-06-17 17:27 . 2015-06-17 17:27 -------- d-----w- c:\program files (x86)\Common Files\Baidu
2015-06-17 17:26 . 2015-06-08 06:03 62280 ----a-w- c:\windows\system32\drivers\BDMWrench_x64.sys
2015-06-17 17:26 . 2015-06-08 06:03 152392 ----a-w- c:\windows\system32\drivers\BDArKit.SYS
2015-06-17 17:26 . 2015-06-08 06:03 69448 ----a-w- c:\windows\system32\drivers\bd0003.sys
2015-06-17 17:26 . 2015-06-18 10:53 -------- d-----w- c:\programdata\Baidu
2015-06-17 16:39 . 2015-06-17 17:27 -------- d-----w- C:\FRST
2015-06-17 15:39 . 2015-06-18 12:58 -------- d-----w- c:\users\Martin\AppData\Local\Temp
2015-06-17 13:20 . 2015-06-17 13:20 -------- d-----w- c:\programdata\Kaspersky SDK
2015-06-17 12:49 . 2015-06-17 12:50 -------- d-----w- C:\rsit
2015-06-16 17:31 . 2015-06-16 17:30 91928 ------w- c:\windows\SysWow64\vpatch.dll
2015-06-16 17:31 . 2015-06-17 13:45 -------- d-----r- C:\RavBin
2015-06-16 15:56 . 2015-06-16 15:56 -------- d-----w- c:\program files (x86)\Baidu
2015-06-16 15:54 . 2015-06-16 15:54 -------- d-----w- c:\programdata\Rising
2015-06-16 15:53 . 2015-06-16 15:53 0 ----a-w- c:\windows\prleth.sys
2015-06-16 15:53 . 2015-06-16 15:53 0 ----a-w- c:\windows\hgfs.sys
2015-06-16 14:38 . 2015-06-16 14:42 -------- d-----w- c:\users\Martin\AppData\Local\Isoplex
2015-06-16 14:38 . 2015-06-16 14:38 -------- d-----w- c:\users\Martin\AppData\Local\Caphyon
2015-06-16 14:37 . 2015-06-16 14:37 -------- d-----w- c:\users\Martin\AppData\Roaming\Isoplex
2015-06-07 09:16 . 2015-06-18 11:03 -------- d-----w- c:\users\Martin\AppData\Local\Spotify
2015-05-20 19:36 . 2015-05-20 19:36 -------- d-----w- c:\users\Martin\AppData\Roaming\AMD
2015-05-20 19:36 . 2015-05-20 19:36 -------- d-----w- c:\users\Martin\AppData\Local\Skype
2015-05-20 19:36 . 2015-05-20 19:37 -------- d-----w- c:\users\Martin\AppData\Roaming\Skype
2015-05-20 19:35 . 2015-05-20 19:37 -------- d-----w- c:\programdata\Skype
2015-05-20 19:34 . 2015-05-20 21:03 -------- d-----w- c:\users\Martin\AppData\Roaming\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-17 17:27 . 2014-12-24 18:58 202704 ----a-w- c:\windows\system32\drivers\bd0001.sys
2015-06-10 17:46 . 2014-07-29 11:15 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-10 17:46 . 2014-07-29 11:15 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-15 11:12 . 2015-04-15 11:12 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2015-04-15 11:12 . 2015-04-15 11:12 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2015-04-15 11:12 . 2015-04-15 11:12 138056 ----a-w- c:\windows\SysWow64\atl100.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-06-10 2020920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"baidusdTray"="c:\program files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe" [2015-06-08 2526216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 bd0001;bd0001;c:\windows\system32\DRIVERS\bd0001.sys;c:\windows\SYSNATIVE\DRIVERS\bd0001.sys [x]
S1 bd0002;bd0002;c:\windows\system32\DRIVERS\bd0002.sys;c:\windows\SYSNATIVE\DRIVERS\bd0002.sys [x]
S1 bd0003;bd0003;c:\windows\system32\DRIVERS\bd0003.sys;c:\windows\SYSNATIVE\DRIVERS\bd0003.sys [x]
S1 BDDefense;BDDefense;c:\windows\system32\drivers\BDDefense.sys;c:\windows\SYSNATIVE\drivers\BDDefense.sys [x]
S1 BDMWrench_x64;BDMWrench_x64;c:\windows\system32\DRIVERS\BDMWrench_x64.sys;c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BaiduHips;BaiduHips;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [x]
S2 BDKVRTP;BDKVRTP Service;c:\program files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe;c:\program files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S4 BDArKit;BAIDU Ark Kit Service;c:\windows\System32\Drivers\BDArKit.SYS;c:\windows\SYSNATIVE\Drivers\BDArKit.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BD0001
*NewlyCreated* - BD0002
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Tomb Raider III - d:\thomb raider 3\Uninst.isu
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUpdate.exe
.
**************************************************************************
.
Completion time: 2015-06-18 15:01:03 - machine was rebooted
ComboFix-quarantined-files.txt 2015-06-18 13:01
ComboFix2.txt 2015-06-18 10:51
.
Pre-Run: 29 965 516 800 bytes free
Post-Run: 29 914 050 560 bytes free
.
- - End Of File - - AE1D429CCC0C17D19324010483CE069D
A36C5E4F47E84449FF07ED3517B43A31
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz