problém s webssearch - reklamy v chrome
Napsal: 08 zář 2014 20:57
Dobrý večer,
problém s PC od dneška 8.9. 2014 - viz předmět...
Prosím o kontrolu logu - děkuji pěkně.
Log dle výše uvedeného návodu:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Honza (administrator) on PC on 08-09-2014 21:51:28
Running from C:\Users\Honza\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files (x86)\Adanak\updateAdanak.exe
() C:\Support\couponsupport.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Adanak\bin\utilAdanak.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
() C:\Program Files (x86)\Winamp\winampa.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\PopupTV\ExpressTV.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.PurBrowse64.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter64.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher (2).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [33792 2004-12-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [POPUPTV] => C:\Program Files (x86)\ASUS\PopupTV\ExpressTV.exe [692224 2010-03-19] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-3963186340-321105966-596798330-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3963186340-321105966-596798330-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3963186340-321105966-596798330-1000\...\MountPoints2: {7ad84044-b1aa-11e3-a608-001fd0a38c90} - G:\Setup.exe
HKU\S-1-5-21-3963186340-321105966-596798330-1000\...\MountPoints2: {b597cfd9-43df-11e3-baf7-001fd0a38c90} - F:\autorun.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX9QM7JVLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX9QM7JVLX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... XX9QM7JVLX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX9QM7JVLX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... XX9QM7JVLX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... earchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc ... XX9QM7JVLX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
BHO-x32: Movies Toolbar (Dist. by Somoto Ltd.) -> {3444c3c5-6c56-4a16-a453-832b05bf6ea4} -> C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Adanak -> {ef05f09c-9b2a-43a0-8155-fab1d641215a} -> C:\Program Files (x86)\Adanak\Adanakbho.dll (Adanak)
Toolbar: HKLM-x32 - Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll No File
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1410189376&from=exp&uid=ST3500320AS_9QM7JVLXXXXX9QM7JVLX
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-27]
CHR Extension: (Disk Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-27]
CHR Extension: (YouTube) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-27]
CHR Extension: (Vyhledávání Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-27]
CHR Extension: (cosstminn) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\delbdagggdpnmdkklphjbegnjkknffkl [2014-09-08]
CHR Extension: (Peněženka Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]
CHR Extension: (Quick start) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-09-08]
CHR Extension: (Gmail) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-27]
CHR Extension: (cosstminn) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\delbdagggdpnmdkklphjbegnjkknffkl\2.0 [2014-09-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Honza\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2013-11-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaimdcedbpbcjjbbnfcbbjcngmomic] - C:\Users\Honza\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx [2013-08-19]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc ... XX9QM7JVLX
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-08] (Cherished Technololgy LIMITED)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Update Adanak; C:\Program Files (x86)\Adanak\updateAdanak.exe [323352 2014-09-08] ()
R2 Util Adanak; C:\Program Files (x86)\Adanak\bin\utilAdanak.exe [323352 2014-09-08] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AF9035BDA; C:\Windows\System32\Drivers\AF9035BDA.sys [492008 2009-07-16] (AfaTech )
R3 ASUSVRC64; C:\Windows\System32\DRIVERS\AsusVRC64.sys [23424 2008-10-13] (ASUSTeK COMPUTER INC.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-11-02] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 {2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64; C:\Windows\System32\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys [61112 2014-09-07] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 21:51 - 2014-09-08 21:51 - 00015871 _____ () C:\Users\Honza\Desktop\FRST.txt
2014-09-08 21:50 - 2014-09-08 21:51 - 00000000 ____D () C:\FRST
2014-09-08 21:49 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher (2).exe
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\Nepotvrzeno 725166.crdownload
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\Nepotvrzeno 170006.crdownload
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\FRSTLauncher (2).exe
2014-09-08 21:46 - 2014-09-08 21:46 - 02105344 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe
2014-09-08 18:33 - 2014-09-08 18:33 - 00000000 _____ () C:\autoexec.bat
2014-09-08 18:32 - 2014-09-08 18:32 - 00003314 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-09-08 18:32 - 2014-09-08 18:32 - 00002254 _____ () C:\Users\Honza\Desktop\SpyHunter.lnk
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\sh4ldr
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-08 18:32 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-09-08 18:30 - 2014-09-08 18:31 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Honza\Downloads\SpyHunter-Installer.exe
2014-09-08 17:48 - 2014-09-08 17:48 - 00000691 _____ () C:\Users\Honza\Documents\trail.txt.2
2014-09-08 17:48 - 2014-09-08 17:48 - 00000559 _____ () C:\Users\Honza\Documents\trail.txt.1
2014-09-08 17:48 - 2014-09-08 17:48 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\PTC
2014-09-08 17:47 - 2014-09-08 17:48 - 00010139 _____ () C:\Users\Honza\Documents\std.out
2014-09-08 17:29 - 2014-09-08 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProductView Express
2014-09-08 17:29 - 2014-09-08 17:29 - 00000000 ____D () C:\Program Files (x86)\PTC
2014-09-08 17:28 - 2014-09-08 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC
2014-09-08 17:23 - 2014-09-08 17:28 - 00000000 ____D () C:\Program Files\proeWildfire 5.0
2014-09-08 17:23 - 2014-09-08 17:22 - 00027221 _____ () C:\Users\Honza\Desktop\license.dat
2014-09-08 17:22 - 2014-09-08 17:22 - 00027221 _____ () C:\Users\Public\Documents\license.dat
2014-09-08 17:19 - 2014-09-08 17:19 - 00003138 _____ () C:\Windows\System32\Tasks\{CC22995B-369B-41CB-A038-72655B184AD8}
2014-09-08 17:18 - 2014-09-07 21:03 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys
2014-09-08 17:16 - 2014-09-08 17:59 - 00000356 ____H () C:\Windows\Tasks\couponsupport-S-649636217.job
2014-09-08 17:16 - 2014-09-08 17:59 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-09-08 17:16 - 2014-09-08 17:57 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-08 17:16 - 2014-09-08 17:50 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\337Games
2014-09-08 17:16 - 2014-09-08 17:18 - 00000000 ____D () C:\Support
2014-09-08 17:16 - 2014-09-08 17:17 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-08 17:16 - 2014-09-08 17:17 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-08 17:16 - 2014-09-08 17:16 - 00002602 _____ () C:\Windows\System32\Tasks\couponsupport-S-649636217
2014-09-08 17:15 - 2014-09-08 17:59 - 00000000 ____D () C:\ProgramData\cosstminn
2014-09-08 17:15 - 2014-09-08 17:17 - 00000000 ____D () C:\ProgramData\df9bb1687f24b2ad
2014-09-08 17:15 - 2014-09-08 17:17 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-09-08 17:15 - 2014-09-08 17:15 - 00003128 _____ () C:\Windows\System32\Tasks\Update Service YourFileDownloader
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator
2014-09-08 17:14 - 2014-09-08 17:14 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-08 17:13 - 2014-09-08 17:13 - 02593296 _____ (http://yourfiledownloader.net) C:\Users\Honza\Downloads\Pro_Engineer_Wildfire_5_0_Crack_Download_downloader.exe
2014-09-08 16:56 - 2014-09-08 17:47 - 00870170 _____ () C:\Users\Honza\Documents\ptcsetup.log
2014-09-08 16:56 - 2014-09-08 17:07 - 00862712 _____ () C:\Users\Honza\Documents\ptcsetup.bak
2014-09-06 19:12 - 2014-09-06 19:13 - 00000000 ____D () C:\Users\Honza\Desktop\Německo_Holandsko_8_2014
2014-09-06 19:11 - 2014-09-06 20:04 - 00000000 ____D () C:\Users\Honza\Desktop\Chuchel 6_9_2014
2014-08-31 21:56 - 2014-08-31 22:33 - 358249937 _____ () C:\Users\Honza\Downloads\Alle-Farben---Synesthesia-----2014,-FLAC.rar
2014-08-23 16:37 - 2014-08-23 16:37 - 00002161 _____ () C:\Users\Public\Desktop\Colin McRae Rally 2005.lnk
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade
2014-08-23 16:28 - 2014-08-23 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2014-08-23 16:28 - 2014-08-23 16:28 - 00000000 ____D () C:\Program Files (x86)\Codemasters
2014-08-10 19:01 - 2014-08-10 19:01 - 00000000 ____D () C:\Users\Honza\Desktop\foto foun
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 21:51 - 2014-09-08 21:51 - 00015871 _____ () C:\Users\Honza\Desktop\FRST.txt
2014-09-08 21:51 - 2014-09-08 21:50 - 00000000 ____D () C:\FRST
2014-09-08 21:48 - 2014-09-08 21:49 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher (2).exe
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\Nepotvrzeno 725166.crdownload
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\Nepotvrzeno 170006.crdownload
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\FRSTLauncher (2).exe
2014-09-08 21:46 - 2014-09-08 21:46 - 02105344 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe
2014-09-08 21:46 - 2013-10-27 16:07 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 19:46 - 2013-10-27 16:07 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 18:33 - 2014-09-08 18:33 - 00000000 _____ () C:\autoexec.bat
2014-09-08 18:33 - 2013-10-27 15:48 - 01051467 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 18:32 - 2014-09-08 18:32 - 00003314 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-09-08 18:32 - 2014-09-08 18:32 - 00002254 _____ () C:\Users\Honza\Desktop\SpyHunter.lnk
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\sh4ldr
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-08 18:31 - 2014-09-08 18:30 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Honza\Downloads\SpyHunter-Installer.exe
2014-09-08 18:07 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 18:07 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 18:04 - 2010-11-21 11:27 - 00622422 _____ () C:\Windows\system32\perfh005.dat
2014-09-08 18:04 - 2010-11-21 11:27 - 00118604 _____ () C:\Windows\system32\perfc005.dat
2014-09-08 18:04 - 2009-07-14 07:13 - 01445734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 18:00 - 2013-10-27 16:06 - 00138896 _____ () C:\Users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 18:00 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-09-08 17:59 - 2014-09-08 17:16 - 00000356 ____H () C:\Windows\Tasks\couponsupport-S-649636217.job
2014-09-08 17:59 - 2014-09-08 17:16 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-09-08 17:59 - 2014-09-08 17:15 - 00000000 ____D () C:\ProgramData\cosstminn
2014-09-08 17:59 - 2010-11-21 05:47 - 00008032 _____ () C:\Windows\PFRO.log
2014-09-08 17:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 17:59 - 2009-07-14 06:51 - 00012005 _____ () C:\Windows\setupact.log
2014-09-08 17:59 - 2009-07-14 06:45 - 05107576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 17:57 - 2014-09-08 17:16 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-08 17:50 - 2014-09-08 17:16 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\337Games
2014-09-08 17:48 - 2014-09-08 17:48 - 00000691 _____ () C:\Users\Honza\Documents\trail.txt.2
2014-09-08 17:48 - 2014-09-08 17:48 - 00000559 _____ () C:\Users\Honza\Documents\trail.txt.1
2014-09-08 17:48 - 2014-09-08 17:48 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\PTC
2014-09-08 17:48 - 2014-09-08 17:47 - 00010139 _____ () C:\Users\Honza\Documents\std.out
2014-09-08 17:47 - 2014-09-08 16:56 - 00870170 _____ () C:\Users\Honza\Documents\ptcsetup.log
2014-09-08 17:29 - 2014-09-08 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProductView Express
2014-09-08 17:29 - 2014-09-08 17:29 - 00000000 ____D () C:\Program Files (x86)\PTC
2014-09-08 17:28 - 2014-09-08 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC
2014-09-08 17:28 - 2014-09-08 17:23 - 00000000 ____D () C:\Program Files\proeWildfire 5.0
2014-09-08 17:22 - 2014-09-08 17:23 - 00027221 _____ () C:\Users\Honza\Desktop\license.dat
2014-09-08 17:22 - 2014-09-08 17:22 - 00027221 _____ () C:\Users\Public\Documents\license.dat
2014-09-08 17:19 - 2014-09-08 17:19 - 00003138 _____ () C:\Windows\System32\Tasks\{CC22995B-369B-41CB-A038-72655B184AD8}
2014-09-08 17:18 - 2014-09-08 17:16 - 00000000 ____D () C:\Support
2014-09-08 17:17 - 2014-09-08 17:16 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-08 17:17 - 2014-09-08 17:16 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-08 17:17 - 2014-09-08 17:15 - 00000000 ____D () C:\ProgramData\df9bb1687f24b2ad
2014-09-08 17:17 - 2014-09-08 17:15 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-09-08 17:16 - 2014-09-08 17:16 - 00002602 _____ () C:\Windows\System32\Tasks\couponsupport-S-649636217
2014-09-08 17:16 - 2013-10-27 16:08 - 00002383 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-08 17:16 - 2013-10-27 15:55 - 00001643 _____ () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-08 17:16 - 2013-10-27 15:55 - 00001621 _____ () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-08 17:15 - 2014-09-08 17:15 - 00003128 _____ () C:\Windows\System32\Tasks\Update Service YourFileDownloader
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator
2014-09-08 17:15 - 2014-02-23 08:03 - 00000592 __RSH () C:\ProgramData\ntuser.pol
2014-09-08 17:15 - 2013-10-27 16:06 - 00000000 ____D () C:\Users\Honza\AppData\Local\Google
2014-09-08 17:15 - 2013-10-27 16:06 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-08 17:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-08 17:14 - 2014-09-08 17:14 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-08 17:13 - 2014-09-08 17:13 - 02593296 _____ (http://yourfiledownloader.net) C:\Users\Honza\Downloads\Pro_Engineer_Wildfire_5_0_Crack_Download_downloader.exe
2014-09-08 17:07 - 2014-09-08 16:56 - 00862712 _____ () C:\Users\Honza\Documents\ptcsetup.bak
2014-09-07 21:03 - 2014-09-08 17:18 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys
2014-09-06 20:04 - 2014-09-06 19:11 - 00000000 ____D () C:\Users\Honza\Desktop\Chuchel 6_9_2014
2014-09-06 19:13 - 2014-09-06 19:12 - 00000000 ____D () C:\Users\Honza\Desktop\Německo_Holandsko_8_2014
2014-08-31 22:33 - 2014-08-31 21:56 - 358249937 _____ () C:\Users\Honza\Downloads\Alle-Farben---Synesthesia-----2014,-FLAC.rar
2014-08-25 23:05 - 2013-12-14 12:46 - 00000000 ____D () C:\Users\Honza\Documents\Traktor3
2014-08-23 16:37 - 2014-08-23 16:37 - 00002161 _____ () C:\Users\Public\Desktop\Colin McRae Rally 2005.lnk
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade
2014-08-23 16:28 - 2014-08-23 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2014-08-23 16:28 - 2014-08-23 16:28 - 00000000 ____D () C:\Program Files (x86)\Codemasters
2014-08-23 16:28 - 2013-10-27 16:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-10 19:03 - 2014-06-30 20:12 - 00001110 _____ () C:\Users\Honza\Desktop\Adobe Premiere Pro CS6.lnk
2014-08-10 19:01 - 2014-08-10 19:01 - 00000000 ____D () C:\Users\Honza\Desktop\foto foun
2014-08-10 18:42 - 2014-07-21 19:23 - 00000000 ____D () C:\Users\Honza\Desktop\Chorvatsko 2014
Some content of TEMP:
====================
C:\Users\Honza\AppData\Local\Temp\18be6784_.exe
C:\Users\Honza\AppData\Local\Temp\294823_.exe
C:\Users\Honza\AppData\Local\Temp\4ae13d6c_.exe
C:\Users\Honza\AppData\Local\Temp\7NzNI1u1AZ.exe
C:\Users\Honza\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Honza\AppData\Local\Temp\bitool.dll
C:\Users\Honza\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Honza\AppData\Local\Temp\comver.dll
C:\Users\Honza\AppData\Local\Temp\Delta.exe
C:\Users\Honza\AppData\Local\Temp\DeltaTB.exe
C:\Users\Honza\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Honza\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Honza\AppData\Local\Temp\irsetup.exe
C:\Users\Honza\AppData\Local\Temp\j5xdmgziHA.exe
C:\Users\Honza\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Honza\AppData\Local\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe
C:\Users\Honza\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Honza\AppData\Local\Temp\ose00000.exe
C:\Users\Honza\AppData\Local\Temp\propsys.dll
C:\Users\Honza\AppData\Local\Temp\SHSetup.exe
C:\Users\Honza\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Honza\AppData\Local\Temp\WDy0qqHK9E.exe
C:\Users\Honza\AppData\Local\Temp\WSSetup.exe
C:\Users\Honza\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\couponsupport-S-649636217.job => c:\support\couponsupport.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Honza\Desktop" je 6160 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv
C:\Windows\inf\ntvdm.vbe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
problém s PC od dneška 8.9. 2014 - viz předmět...
Prosím o kontrolu logu - děkuji pěkně.
Log dle výše uvedeného návodu:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Honza (administrator) on PC on 08-09-2014 21:51:28
Running from C:\Users\Honza\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files (x86)\Adanak\updateAdanak.exe
() C:\Support\couponsupport.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Adanak\bin\utilAdanak.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
() C:\Program Files (x86)\Winamp\winampa.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\PopupTV\ExpressTV.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.PurBrowse64.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter64.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher (2).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [33792 2004-12-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [POPUPTV] => C:\Program Files (x86)\ASUS\PopupTV\ExpressTV.exe [692224 2010-03-19] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-3963186340-321105966-596798330-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3963186340-321105966-596798330-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3963186340-321105966-596798330-1000\...\MountPoints2: {7ad84044-b1aa-11e3-a608-001fd0a38c90} - G:\Setup.exe
HKU\S-1-5-21-3963186340-321105966-596798330-1000\...\MountPoints2: {b597cfd9-43df-11e3-baf7-001fd0a38c90} - F:\autorun.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX9QM7JVLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX9QM7JVLX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... XX9QM7JVLX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX9QM7JVLX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... XX9QM7JVLX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... earchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc ... XX9QM7JVLX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?typ ... earchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
BHO-x32: Movies Toolbar (Dist. by Somoto Ltd.) -> {3444c3c5-6c56-4a16-a453-832b05bf6ea4} -> C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Adanak -> {ef05f09c-9b2a-43a0-8155-fab1d641215a} -> C:\Program Files (x86)\Adanak\Adanakbho.dll (Adanak)
Toolbar: HKLM-x32 - Movies Toolbar (Dist. by Somoto Ltd.) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - C:\PROGRA~2\MOVIES~1\SAFETY~1\SRTOOL~1\IE\searchresultsDx.dll No File
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @ptc.com/ProductViewLite -> C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1410189376&from=exp&uid=ST3500320AS_9QM7JVLXXXXX9QM7JVLX
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-27]
CHR Extension: (Disk Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-27]
CHR Extension: (YouTube) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-27]
CHR Extension: (Vyhledávání Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-27]
CHR Extension: (cosstminn) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\delbdagggdpnmdkklphjbegnjkknffkl [2014-09-08]
CHR Extension: (Peněženka Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]
CHR Extension: (Quick start) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-09-08]
CHR Extension: (Gmail) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-27]
CHR Extension: (cosstminn) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\delbdagggdpnmdkklphjbegnjkknffkl\2.0 [2014-09-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Honza\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2013-11-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaimdcedbpbcjjbbnfcbbjcngmomic] - C:\Users\Honza\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx [2013-08-19]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc ... XX9QM7JVLX
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-08] (Cherished Technololgy LIMITED)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Update Adanak; C:\Program Files (x86)\Adanak\updateAdanak.exe [323352 2014-09-08] ()
R2 Util Adanak; C:\Program Files (x86)\Adanak\bin\utilAdanak.exe [323352 2014-09-08] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AF9035BDA; C:\Windows\System32\Drivers\AF9035BDA.sys [492008 2009-07-16] (AfaTech )
R3 ASUSVRC64; C:\Windows\System32\DRIVERS\AsusVRC64.sys [23424 2008-10-13] (ASUSTeK COMPUTER INC.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-11-02] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 {2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64; C:\Windows\System32\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys [61112 2014-09-07] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 21:51 - 2014-09-08 21:51 - 00015871 _____ () C:\Users\Honza\Desktop\FRST.txt
2014-09-08 21:50 - 2014-09-08 21:51 - 00000000 ____D () C:\FRST
2014-09-08 21:49 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher (2).exe
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\Nepotvrzeno 725166.crdownload
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\Nepotvrzeno 170006.crdownload
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\FRSTLauncher (2).exe
2014-09-08 21:46 - 2014-09-08 21:46 - 02105344 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe
2014-09-08 18:33 - 2014-09-08 18:33 - 00000000 _____ () C:\autoexec.bat
2014-09-08 18:32 - 2014-09-08 18:32 - 00003314 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-09-08 18:32 - 2014-09-08 18:32 - 00002254 _____ () C:\Users\Honza\Desktop\SpyHunter.lnk
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\sh4ldr
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-08 18:32 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-09-08 18:30 - 2014-09-08 18:31 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Honza\Downloads\SpyHunter-Installer.exe
2014-09-08 17:48 - 2014-09-08 17:48 - 00000691 _____ () C:\Users\Honza\Documents\trail.txt.2
2014-09-08 17:48 - 2014-09-08 17:48 - 00000559 _____ () C:\Users\Honza\Documents\trail.txt.1
2014-09-08 17:48 - 2014-09-08 17:48 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\PTC
2014-09-08 17:47 - 2014-09-08 17:48 - 00010139 _____ () C:\Users\Honza\Documents\std.out
2014-09-08 17:29 - 2014-09-08 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProductView Express
2014-09-08 17:29 - 2014-09-08 17:29 - 00000000 ____D () C:\Program Files (x86)\PTC
2014-09-08 17:28 - 2014-09-08 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC
2014-09-08 17:23 - 2014-09-08 17:28 - 00000000 ____D () C:\Program Files\proeWildfire 5.0
2014-09-08 17:23 - 2014-09-08 17:22 - 00027221 _____ () C:\Users\Honza\Desktop\license.dat
2014-09-08 17:22 - 2014-09-08 17:22 - 00027221 _____ () C:\Users\Public\Documents\license.dat
2014-09-08 17:19 - 2014-09-08 17:19 - 00003138 _____ () C:\Windows\System32\Tasks\{CC22995B-369B-41CB-A038-72655B184AD8}
2014-09-08 17:18 - 2014-09-07 21:03 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys
2014-09-08 17:16 - 2014-09-08 17:59 - 00000356 ____H () C:\Windows\Tasks\couponsupport-S-649636217.job
2014-09-08 17:16 - 2014-09-08 17:59 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-09-08 17:16 - 2014-09-08 17:57 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-08 17:16 - 2014-09-08 17:50 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\337Games
2014-09-08 17:16 - 2014-09-08 17:18 - 00000000 ____D () C:\Support
2014-09-08 17:16 - 2014-09-08 17:17 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-08 17:16 - 2014-09-08 17:17 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-08 17:16 - 2014-09-08 17:16 - 00002602 _____ () C:\Windows\System32\Tasks\couponsupport-S-649636217
2014-09-08 17:15 - 2014-09-08 17:59 - 00000000 ____D () C:\ProgramData\cosstminn
2014-09-08 17:15 - 2014-09-08 17:17 - 00000000 ____D () C:\ProgramData\df9bb1687f24b2ad
2014-09-08 17:15 - 2014-09-08 17:17 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-09-08 17:15 - 2014-09-08 17:15 - 00003128 _____ () C:\Windows\System32\Tasks\Update Service YourFileDownloader
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator
2014-09-08 17:14 - 2014-09-08 17:14 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-08 17:13 - 2014-09-08 17:13 - 02593296 _____ (http://yourfiledownloader.net) C:\Users\Honza\Downloads\Pro_Engineer_Wildfire_5_0_Crack_Download_downloader.exe
2014-09-08 16:56 - 2014-09-08 17:47 - 00870170 _____ () C:\Users\Honza\Documents\ptcsetup.log
2014-09-08 16:56 - 2014-09-08 17:07 - 00862712 _____ () C:\Users\Honza\Documents\ptcsetup.bak
2014-09-06 19:12 - 2014-09-06 19:13 - 00000000 ____D () C:\Users\Honza\Desktop\Německo_Holandsko_8_2014
2014-09-06 19:11 - 2014-09-06 20:04 - 00000000 ____D () C:\Users\Honza\Desktop\Chuchel 6_9_2014
2014-08-31 21:56 - 2014-08-31 22:33 - 358249937 _____ () C:\Users\Honza\Downloads\Alle-Farben---Synesthesia-----2014,-FLAC.rar
2014-08-23 16:37 - 2014-08-23 16:37 - 00002161 _____ () C:\Users\Public\Desktop\Colin McRae Rally 2005.lnk
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade
2014-08-23 16:28 - 2014-08-23 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2014-08-23 16:28 - 2014-08-23 16:28 - 00000000 ____D () C:\Program Files (x86)\Codemasters
2014-08-10 19:01 - 2014-08-10 19:01 - 00000000 ____D () C:\Users\Honza\Desktop\foto foun
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 21:51 - 2014-09-08 21:51 - 00015871 _____ () C:\Users\Honza\Desktop\FRST.txt
2014-09-08 21:51 - 2014-09-08 21:50 - 00000000 ____D () C:\FRST
2014-09-08 21:48 - 2014-09-08 21:49 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Desktop\FRSTLauncher (2).exe
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\Nepotvrzeno 725166.crdownload
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\Nepotvrzeno 170006.crdownload
2014-09-08 21:48 - 2014-09-08 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\Honza\Downloads\FRSTLauncher (2).exe
2014-09-08 21:46 - 2014-09-08 21:46 - 02105344 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe
2014-09-08 21:46 - 2013-10-27 16:07 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 19:46 - 2013-10-27 16:07 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 18:33 - 2014-09-08 18:33 - 00000000 _____ () C:\autoexec.bat
2014-09-08 18:33 - 2013-10-27 15:48 - 01051467 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 18:32 - 2014-09-08 18:32 - 00003314 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-09-08 18:32 - 2014-09-08 18:32 - 00002254 _____ () C:\Users\Honza\Desktop\SpyHunter.lnk
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\sh4ldr
2014-09-08 18:32 - 2014-09-08 18:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-08 18:31 - 2014-09-08 18:30 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Honza\Downloads\SpyHunter-Installer.exe
2014-09-08 18:07 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 18:07 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 18:04 - 2010-11-21 11:27 - 00622422 _____ () C:\Windows\system32\perfh005.dat
2014-09-08 18:04 - 2010-11-21 11:27 - 00118604 _____ () C:\Windows\system32\perfc005.dat
2014-09-08 18:04 - 2009-07-14 07:13 - 01445734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 18:00 - 2013-10-27 16:06 - 00138896 _____ () C:\Users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 18:00 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-09-08 17:59 - 2014-09-08 17:16 - 00000356 ____H () C:\Windows\Tasks\couponsupport-S-649636217.job
2014-09-08 17:59 - 2014-09-08 17:16 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-09-08 17:59 - 2014-09-08 17:15 - 00000000 ____D () C:\ProgramData\cosstminn
2014-09-08 17:59 - 2010-11-21 05:47 - 00008032 _____ () C:\Windows\PFRO.log
2014-09-08 17:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 17:59 - 2009-07-14 06:51 - 00012005 _____ () C:\Windows\setupact.log
2014-09-08 17:59 - 2009-07-14 06:45 - 05107576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 17:57 - 2014-09-08 17:16 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-08 17:50 - 2014-09-08 17:16 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\337Games
2014-09-08 17:48 - 2014-09-08 17:48 - 00000691 _____ () C:\Users\Honza\Documents\trail.txt.2
2014-09-08 17:48 - 2014-09-08 17:48 - 00000559 _____ () C:\Users\Honza\Documents\trail.txt.1
2014-09-08 17:48 - 2014-09-08 17:48 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\PTC
2014-09-08 17:48 - 2014-09-08 17:47 - 00010139 _____ () C:\Users\Honza\Documents\std.out
2014-09-08 17:47 - 2014-09-08 16:56 - 00870170 _____ () C:\Users\Honza\Documents\ptcsetup.log
2014-09-08 17:29 - 2014-09-08 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProductView Express
2014-09-08 17:29 - 2014-09-08 17:29 - 00000000 ____D () C:\Program Files (x86)\PTC
2014-09-08 17:28 - 2014-09-08 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC
2014-09-08 17:28 - 2014-09-08 17:23 - 00000000 ____D () C:\Program Files\proeWildfire 5.0
2014-09-08 17:22 - 2014-09-08 17:23 - 00027221 _____ () C:\Users\Honza\Desktop\license.dat
2014-09-08 17:22 - 2014-09-08 17:22 - 00027221 _____ () C:\Users\Public\Documents\license.dat
2014-09-08 17:19 - 2014-09-08 17:19 - 00003138 _____ () C:\Windows\System32\Tasks\{CC22995B-369B-41CB-A038-72655B184AD8}
2014-09-08 17:18 - 2014-09-08 17:16 - 00000000 ____D () C:\Support
2014-09-08 17:17 - 2014-09-08 17:16 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-08 17:17 - 2014-09-08 17:16 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-08 17:17 - 2014-09-08 17:15 - 00000000 ____D () C:\ProgramData\df9bb1687f24b2ad
2014-09-08 17:17 - 2014-09-08 17:15 - 00000000 ____D () C:\Program Files (x86)\cosstminn
2014-09-08 17:16 - 2014-09-08 17:16 - 00002602 _____ () C:\Windows\System32\Tasks\couponsupport-S-649636217
2014-09-08 17:16 - 2013-10-27 16:08 - 00002383 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-08 17:16 - 2013-10-27 15:55 - 00001643 _____ () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-08 17:16 - 2013-10-27 15:55 - 00001621 _____ () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-08 17:15 - 2014-09-08 17:15 - 00003128 _____ () C:\Windows\System32\Tasks\Update Service YourFileDownloader
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Honza\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Guest
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-08 17:15 - 2014-09-08 17:15 - 00000000 ____D () C:\Users\Administrator
2014-09-08 17:15 - 2014-02-23 08:03 - 00000592 __RSH () C:\ProgramData\ntuser.pol
2014-09-08 17:15 - 2013-10-27 16:06 - 00000000 ____D () C:\Users\Honza\AppData\Local\Google
2014-09-08 17:15 - 2013-10-27 16:06 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-08 17:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-08 17:14 - 2014-09-08 17:14 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-08 17:13 - 2014-09-08 17:13 - 02593296 _____ (http://yourfiledownloader.net) C:\Users\Honza\Downloads\Pro_Engineer_Wildfire_5_0_Crack_Download_downloader.exe
2014-09-08 17:07 - 2014-09-08 16:56 - 00862712 _____ () C:\Users\Honza\Documents\ptcsetup.bak
2014-09-07 21:03 - 2014-09-08 17:18 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys
2014-09-06 20:04 - 2014-09-06 19:11 - 00000000 ____D () C:\Users\Honza\Desktop\Chuchel 6_9_2014
2014-09-06 19:13 - 2014-09-06 19:12 - 00000000 ____D () C:\Users\Honza\Desktop\Německo_Holandsko_8_2014
2014-08-31 22:33 - 2014-08-31 21:56 - 358249937 _____ () C:\Users\Honza\Downloads\Alle-Farben---Synesthesia-----2014,-FLAC.rar
2014-08-25 23:05 - 2013-12-14 12:46 - 00000000 ____D () C:\Users\Honza\Documents\Traktor3
2014-08-23 16:37 - 2014-08-23 16:37 - 00002161 _____ () C:\Users\Public\Desktop\Colin McRae Rally 2005.lnk
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-08-23 16:37 - 2014-08-23 16:37 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade
2014-08-23 16:28 - 2014-08-23 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2014-08-23 16:28 - 2014-08-23 16:28 - 00000000 ____D () C:\Program Files (x86)\Codemasters
2014-08-23 16:28 - 2013-10-27 16:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-10 19:03 - 2014-06-30 20:12 - 00001110 _____ () C:\Users\Honza\Desktop\Adobe Premiere Pro CS6.lnk
2014-08-10 19:01 - 2014-08-10 19:01 - 00000000 ____D () C:\Users\Honza\Desktop\foto foun
2014-08-10 18:42 - 2014-07-21 19:23 - 00000000 ____D () C:\Users\Honza\Desktop\Chorvatsko 2014
Some content of TEMP:
====================
C:\Users\Honza\AppData\Local\Temp\18be6784_.exe
C:\Users\Honza\AppData\Local\Temp\294823_.exe
C:\Users\Honza\AppData\Local\Temp\4ae13d6c_.exe
C:\Users\Honza\AppData\Local\Temp\7NzNI1u1AZ.exe
C:\Users\Honza\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Honza\AppData\Local\Temp\bitool.dll
C:\Users\Honza\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Honza\AppData\Local\Temp\comver.dll
C:\Users\Honza\AppData\Local\Temp\Delta.exe
C:\Users\Honza\AppData\Local\Temp\DeltaTB.exe
C:\Users\Honza\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Honza\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Honza\AppData\Local\Temp\irsetup.exe
C:\Users\Honza\AppData\Local\Temp\j5xdmgziHA.exe
C:\Users\Honza\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Honza\AppData\Local\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe
C:\Users\Honza\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Honza\AppData\Local\Temp\ose00000.exe
C:\Users\Honza\AppData\Local\Temp\propsys.dll
C:\Users\Honza\AppData\Local\Temp\SHSetup.exe
C:\Users\Honza\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Honza\AppData\Local\Temp\WDy0qqHK9E.exe
C:\Users\Honza\AppData\Local\Temp\WSSetup.exe
C:\Users\Honza\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\couponsupport-S-649636217.job => c:\support\couponsupport.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Honza\Desktop" je 6160 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv
C:\Windows\inf\ntvdm.vbe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================