VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Adware a nejspíš i malware

https://forum.viry.cz:443/viewtopic.php?t=140695

Stránka 1 z 1

Adware a nejspíš i malware

Napsal: 10 říj 2014 22:40
od RahoVrah
Jak bych to popsal, prostě vyskakovací okna všude, abych to sem napsal, tak jsem musel použít adblock...

Každopádně, tady je FRST log, doufám, že mi někdo pomůže, nechci, aby se mi tam natahaly ještě horší věci, než malware. :?: :?:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
Ran by Rahovart (administrator) on RAHOVART-PC on 10-10-2014 23:38:44
Running from C:\Users\Rahovart\Desktop
Loaded Profile: Rahovart (Available profiles: Rahovart)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
() C:\Users\Rahovart\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Rahovart\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GameRanger Technologies) C:\Users\Rahovart\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\SymcPCCULaunchSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\Rahovart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQ3M1FR8\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-09-03] (Google Inc.)
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-17] (Electronic Arts)
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Rahovart\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Rahovart\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [EPSON2CD522 (Epson Stylus SX235)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [GoogleChromeAutoLaunch_BFE723A461C4787DDC1E159CFEE73307] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-01] (Google Inc.)
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\MountPoints2: {c4160273-3381-11e4-a6d3-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\MountPoints2: {f7002050-40bb-11e4-bd93-74d02b9f3ac1} - E:\setup.exe
Startup: C:\Users\Rahovart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
ShortcutTarget: GameRanger.lnk -> C:\Users\Rahovart\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKCU - {2AE1FDBA-36E8-42A6-8B5D-E6DC7EAF96F0} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKCU - {4277422B-170D-4A4D-8576-701969BD0EAA} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {5332F50C-10AE-462B-B4E9-77564E167BF1} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {78B8C307-7C28-4C3D-8AE6-95A3C2E57519} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {966A8C5D-0028-4F52-8F9F-07C4988EF683} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKCU - {AB523239-8A00-4698-8444-4FFECA86E324} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {B0B3FD55-64F7-4C45-93D5-F0F644CFA2D3} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {C2AC012D-B534-416F-AC5D-E1C9108AD0D1} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKCU - {D4F7ED33-A478-412A-A4DD-03E0B63BFF20} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rahovart\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2014-09-03]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-10-10]

Chrome:
=======
CHR HomePage: Default -> D4F2D4C39DF5D69433F632583783A0E3238E4C4826A306FBADA8DBC4F48F92BC
CHR Profile: C:\Users\Rahovart\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Hitbox Emotes) - C:\Users\Rahovart\AppData\Local\Google\Chrome\User Data\Default\Extensions\afnmabaohnpejlfefcllmiahdgkclckf [2014-10-10]
CHR Extension: (BetterTTV) - C:\Users\Rahovart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-10-10]
CHR Extension: (Stylish) - C:\Users\Rahovart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-10-10]
CHR Extension: (AdBlock) - C:\Users\Rahovart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-10]
CHR Extension: (Twitch Now) - C:\Users\Rahovart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2014-10-10]
CHR Extension: (Peněženka Google) - C:\Users\Rahovart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-09-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\SymcPCCULaunchSvc.exe [123320 2012-08-13] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe [126392 2012-08-13] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20120615.003\BHDrvx64.sys [1377440 2012-06-11] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-20] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20120611.002\IDSVia64.sys [509088 2012-06-11] (Symantec Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\ENG64.SYS [120440 2012-06-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20120616.009\EX64.SYS [2068600 2012-06-16] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-09-04] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 23:38 - 2014-10-10 23:38 - 00019462 _____ () C:\Users\Rahovart\Desktop\FRST.txt
2014-10-10 23:37 - 2014-10-10 23:37 - 00015327 _____ () C:\Users\Rahovart\Desktop\LM.bat
2014-10-10 23:36 - 2014-10-10 23:37 - 00029696 _____ () C:\Users\Rahovart\AppData\Local\MSGBOX.EXE
2014-10-10 23:36 - 2014-10-10 23:36 - 02109952 _____ (Farbar) C:\Users\Rahovart\Downloads\FRST64 (1).exe
2014-10-10 23:35 - 2014-10-10 23:38 - 00000000 ____D () C:\FRST
2014-10-10 23:35 - 2014-10-10 23:35 - 00112640 _____ (forum.viry.cz) C:\Users\Rahovart\Downloads\Nepotvrzeno 519598.crdownload
2014-10-10 23:35 - 2014-10-10 23:35 - 00112640 _____ (forum.viry.cz) C:\Users\Rahovart\Downloads\Nepotvrzeno 434532.crdownload
2014-10-10 23:35 - 2014-10-10 23:35 - 00112640 _____ (forum.viry.cz) C:\Users\Rahovart\Downloads\Nepotvrzeno 261726.crdownload
2014-10-10 23:33 - 2014-10-10 23:33 - 02109952 _____ (Farbar) C:\Users\Rahovart\Desktop\FRST64.exe
2014-10-10 23:25 - 2014-10-10 23:25 - 00000004 _____ () C:\Users\Rahovart\AppData\Roaming\appdataFr2.bin
2014-10-10 23:23 - 2014-10-10 23:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-10 23:23 - 2014-10-10 23:23 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-10 23:23 - 2014-10-10 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-10 23:23 - 2014-10-10 23:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-10 23:23 - 2014-10-10 23:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-10 23:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-10 23:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-10 23:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-10 23:19 - 2014-10-10 23:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rahovart\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-10 23:19 - 2014-10-10 23:19 - 01375089 _____ () C:\Users\Rahovart\Downloads\AdwCleaner (1).exe
2014-10-10 23:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-10 23:15 - 2014-10-10 23:17 - 00000000 ____D () C:\AdwCleaner
2014-10-10 23:14 - 2014-10-10 23:15 - 01375089 _____ () C:\Users\Rahovart\Downloads\AdwCleaner.exe
2014-10-10 23:07 - 2014-10-10 23:08 - 00000000 ____D () C:\Users\Rahovart\Downloads\SpyHunter_4.17.6.4336 - MG
2014-10-10 22:56 - 2014-10-10 22:56 - 00000000 _____ () C:\autoexec.bat
2014-10-10 22:55 - 2014-10-10 23:23 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-10 22:55 - 2014-10-10 22:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-10 22:52 - 2014-10-10 22:52 - 00000000 ____D () C:\Program Files (x86)\ttoppbuyEr
2014-10-10 22:07 - 2014-10-10 23:18 - 00000000 ____D () C:\ProgramData\ttoppbuyEr
2014-10-10 14:39 - 2014-10-10 14:39 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-10 14:39 - 2014-10-10 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-10 14:38 - 2014-10-10 14:38 - 00000000 __SHD () C:\Users\Rahovart\AppData\Local\EmieUserList
2014-10-10 14:38 - 2014-10-10 14:38 - 00000000 __SHD () C:\Users\Rahovart\AppData\Local\EmieSiteList
2014-10-10 14:07 - 2014-10-10 22:52 - 00000000 ____D () C:\ProgramData\27438f5c0c91f9f
2014-10-10 13:27 - 2014-10-10 13:28 - 00000000 ____D () C:\Users\Rahovart\Desktop\plocha
2014-10-08 17:09 - 2014-10-08 17:09 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\SpaceEngineers
2014-10-05 19:19 - 2014-10-05 19:19 - 00093996 _____ () C:\Users\Rahovart\Downloads\injector.zip
2014-10-05 19:19 - 2014-10-05 19:19 - 00093996 _____ () C:\Users\Rahovart\Downloads\injector (1).zip
2014-10-05 19:15 - 2014-10-05 19:15 - 00011842 _____ () C:\Users\Rahovart\Downloads\CounterNoob v1.2_[www.unknowncheats.me]_.rar
2014-10-05 19:05 - 2014-10-05 19:08 - 00000000 ____D () C:\Program Files (x86)\VulkanHaxor
2014-10-05 18:59 - 2014-10-05 19:00 - 11374925 _____ () C:\Users\Rahovart\Downloads\skeletoN 1.2_[www.unknowncheats.me]_.zip
2014-10-03 21:37 - 2014-10-03 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-10-03 21:36 - 2014-10-03 22:09 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-10-03 21:31 - 2014-10-03 21:35 - 74725448 _____ (ppy Pty. Ltd.) C:\Users\Rahovart\Downloads\osu!install.exe
2014-10-01 20:48 - 2014-10-01 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-10-01 20:48 - 2014-10-01 20:48 - 00000000 ____D () C:\ProgramData\EPSON
2014-10-01 20:48 - 2014-10-01 20:48 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-10-01 20:48 - 2009-09-30 18:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBHLE.DLL
2014-10-01 20:48 - 2008-11-11 18:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMHLE.DLL
2014-10-01 20:48 - 2007-04-09 16:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-10-01 16:54 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 16:54 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-27 13:56 - 2014-09-27 13:56 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-09-27 13:56 - 2014-09-27 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-09-27 13:56 - 2014-09-27 13:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-09-27 13:56 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-09-27 13:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-09-27 13:56 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-09-27 13:56 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-09-27 13:56 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-09-27 13:56 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-09-26 15:14 - 2014-09-26 15:16 - 17529133 _____ () C:\Users\Rahovart\Downloads\vagante_r8.zip
2014-09-25 22:35 - 2014-09-26 00:08 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\vlc
2014-09-24 20:00 - 2014-09-24 20:00 - 00000000 ____D () C:\Users\Rahovart\AppData\Local\HowtoSnooker1.1
2014-09-24 20:00 - 2014-09-24 20:00 - 00000000 ____D () C:\afaf
2014-09-24 17:50 - 2014-09-24 17:50 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\Unity
2014-09-24 17:42 - 2014-09-24 17:42 - 01080640 _____ (Unity Technologies ApS) C:\Users\Rahovart\Downloads\UnityWebPlayer.exe
2014-09-24 17:42 - 2014-09-24 17:42 - 00000000 ____D () C:\Users\Rahovart\AppData\Local\Unity
2014-09-24 16:57 - 2014-09-24 17:16 - 30229028 _____ () C:\Users\Rahovart\Downloads\how_to_snooker_1.1_windows.zip
2014-09-24 16:45 - 2014-09-24 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-24 16:45 - 2014-09-24 16:45 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-24 16:42 - 2014-09-24 17:31 - 3745116555 _____ () C:\Users\Rahovart\Downloads\Velká oříšková loupež.2014.HD.720p.CZ.ENG.mkv
2014-09-24 16:39 - 2014-09-24 17:31 - 780260678 _____ () C:\Users\Rahovart\Downloads\Fair Play.mkv
2014-09-24 16:39 - 2014-09-24 17:08 - 1622121721 _____ () C:\Users\Rahovart\Downloads\Sin City A Dame to Kill For 2014 720 WEBRip x264-JYK-CZ Subtitles.mkv
2014-09-24 16:39 - 2014-09-24 16:39 - 24743106 _____ () C:\Users\Rahovart\Downloads\vlc-2.1.5-win32.exe
2014-09-24 16:38 - 2014-09-24 17:31 - 250723458 _____ () C:\Users\Rahovart\Downloads\The.Boy.with.the.Cuckoo-Clock.Heart.2013.720p.BluRay.DTS.x264-FreeHD.mkv
2014-09-24 16:38 - 2014-09-24 16:38 - 00045236 _____ () C:\Users\Rahovart\Downloads\[CzT]Fair_Play_2014_CZ_1080pHD_.torrent
2014-09-24 16:38 - 2014-09-24 16:38 - 00016072 _____ () C:\Users\Rahovart\Downloads\[CzT]Sin_City_Zenska_pro_kterou_bych_vrazdil_Sin_City_A_Dame_to_Kill_For_2014_WebRip_.torrent
2014-09-24 16:37 - 2014-09-24 16:37 - 00022276 _____ () C:\Users\Rahovart\Downloads\[CzT]Jack_a_mechanicke_srdce_Jack_et_la_mecanique_du_coeur_2013_720pHD_.torrent
2014-09-24 16:37 - 2014-09-24 16:37 - 00018545 _____ () C:\Users\Rahovart\Downloads\[CzT]Velka_oriskova_loupez_The_Nut_Job_2014_CZ_EN_720pHD_.torrent
2014-09-24 16:24 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 16:24 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 16:18 - 2014-09-23 16:18 - 00000000 ____D () C:\Users\Rahovart\Documents\Stronghold Crusader 2
2014-09-23 16:11 - 2014-09-23 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold Crusader 2
2014-09-23 16:10 - 2014-09-23 16:11 - 00000000 ____D () C:\Program Files (x86)\Stronghold Crusader 2
2014-09-23 14:17 - 2014-09-23 14:48 - 00000000 ____D () C:\Users\Rahovart\Downloads\Stronghold.Crusader.2-CODEX
2014-09-23 14:15 - 2014-09-23 14:15 - 00016799 _____ () C:\Users\Rahovart\Downloads\[CzT]Stronghold_Crusader_2_2014_.torrent
2014-09-22 17:17 - 2014-09-22 17:17 - 00000000 ____D () C:\ProgramData\Gyazo
2014-09-21 21:24 - 2014-09-21 21:24 - 00020670 _____ () C:\Users\Rahovart\Downloads\[CzT]Heroes_of_Might_and_Magic_V_Tribes_of_the_east_Patch_3_1_2006_CZ_ (1).torrent
2014-09-21 21:16 - 2014-09-21 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic V - Collectors Edition
2014-09-21 21:09 - 2014-09-21 21:09 - 00000000 ____D () C:\Heroes of Might and Magic V - Collectors Edition
2014-09-21 20:16 - 2014-09-21 20:45 - 00000000 ____D () C:\Users\Rahovart\Downloads\hmm5.v3.1.crc.exp
2014-09-21 20:15 - 2014-09-21 20:15 - 00023411 _____ () C:\Users\Rahovart\Downloads\[kickass.to]heroes.of.might.and.magic.5.ultimate.collectors.edition.3in1.torrent
2014-09-21 20:09 - 2014-09-21 20:29 - 00000000 ____D () C:\Users\Rahovart\Downloads\Heroes of Might and Magic V Tribes of the east cz+patch 3,1
2014-09-21 20:09 - 2014-09-21 20:09 - 00000000 ____D () C:\Users\Rahovart\Downloads\HoMaM5
2014-09-21 20:08 - 2014-09-21 20:08 - 00020670 _____ () C:\Users\Rahovart\Downloads\[CzT]Heroes_of_Might_and_Magic_V_Tribes_of_the_east_Patch_3_1_2006_CZ_.torrent
2014-09-21 20:08 - 2014-09-21 20:08 - 00015356 _____ () C:\Users\Rahovart\Downloads\[CzT]Heroes_of_Might_and_Magic_5_Hammers_of_Fate_Tribes_of_the_East.torrent
2014-09-20 23:11 - 2014-09-20 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HoMM3 HD
2014-09-20 23:10 - 2014-09-20 23:10 - 08256139 _____ ( ) C:\Users\Rahovart\Downloads\HoMM3 HD Latest.exe
2014-09-20 23:05 - 2014-09-20 23:05 - 00000000 ____D () C:\Users\Rahovart\Desktop\Homam3
2014-09-20 22:11 - 2014-09-20 22:11 - 00000000 ____D () C:\Users\Rahovart\AppData\Local\SKIDROW
2014-09-20 22:08 - 2014-09-20 22:08 - 00000000 ____D () C:\Program Files (x86)\Seznam.cz
2014-09-20 22:07 - 2014-10-10 23:36 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\Seznam.cz
2014-09-20 22:05 - 2014-09-21 21:08 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\DAEMON Tools Lite
2014-09-20 22:05 - 2014-09-20 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-09-20 22:05 - 2014-09-20 22:05 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-09-20 22:05 - 2014-09-20 22:05 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-09-20 22:04 - 2014-09-21 21:08 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-09-20 22:03 - 2014-09-20 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-20 22:03 - 2014-09-20 22:03 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-20 22:02 - 2014-09-20 22:02 - 01376768 _____ () C:\Users\Rahovart\Downloads\7z920-x64.msi
2014-09-20 22:00 - 2014-09-20 22:22 - 911044243 _____ () C:\Users\Rahovart\Downloads\Homam3.rar
2014-09-20 22:00 - 2014-09-20 22:00 - 00017913 _____ () C:\Users\Rahovart\Downloads\[CzT]Heroes_of_Might_and_Magic_III_Complete_CZ_portable.torrent
2014-09-20 21:35 - 2014-09-20 22:35 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-09-20 21:35 - 2014-09-20 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-09-20 15:09 - 2014-09-20 15:36 - 291737234 _____ () C:\Users\Rahovart\Downloads\Godus2.1.rar
2014-09-20 15:08 - 2014-09-20 15:08 - 00011675 _____ () C:\Users\Rahovart\Downloads\[CzT]Godus_2_1_2014_.torrent
2014-09-19 17:57 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-09-19 17:57 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-09-16 20:15 - 2014-09-16 20:17 - 31912560 _____ (Trion Worlds Inc.) C:\Users\Rahovart\Downloads\GlyphInstall-0-120.exe
2014-09-15 17:06 - 2014-09-15 17:06 - 01055936 _____ (Adobe) C:\Users\Rahovart\Downloads\install_flashplayer15x32_mssd_aaa_aih.exe
2014-09-14 18:48 - 2014-09-16 15:18 - 00000000 ____D () C:\Users\Rahovart\Documents\StarCraft II
2014-09-14 18:48 - 2014-09-14 19:02 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-09-14 18:48 - 2014-09-14 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-09-14 18:47 - 2014-09-14 18:47 - 00000000 ____D () C:\Users\Rahovart\AppData\Local\Blizzard Entertainment
2014-09-14 18:46 - 2014-09-21 03:14 - 00000000 ____D () C:\Users\Rahovart\AppData\Local\Battle.net
2014-09-14 18:46 - 2014-09-14 18:50 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-09-14 18:46 - 2014-09-14 18:47 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\Battle.net
2014-09-14 18:46 - 2014-09-14 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-14 18:46 - 2014-09-14 18:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-14 18:45 - 2014-09-18 21:29 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-14 18:45 - 2014-09-14 18:45 - 02907552 _____ (Blizzard Entertainment) C:\Users\Rahovart\Downloads\Battle.net-Setup-enGB.exe
2014-09-14 12:18 - 2014-09-14 12:18 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-14 12:14 - 2014-09-14 13:16 - 00000000 ____D () C:\Users\Rahovart\Downloads\The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2.The.Witch.King-RELOADED
2014-09-14 12:10 - 2014-09-14 12:11 - 24921361 _____ () C:\Users\Rahovart\Downloads\LotrBfMe2EP1-131073-english.exe
2014-09-14 12:10 - 2014-09-14 12:10 - 03786166 _____ () C:\Users\Rahovart\Downloads\Lord-of-the-Rings-Battle-for-Middle-Earth-2---THe-Witch-King-2.01-Crack.rar
2014-09-14 12:04 - 2014-09-14 12:04 - 00000000 ____D () C:\Program Files (x86)\Warcraft III Frozen Throne eSK
2014-09-14 11:54 - 2014-09-14 11:58 - 00000000 ____D () C:\Users\Rahovart\Downloads\WarCraft III eSK -=[HajrullaH]=-
2014-09-14 11:46 - 2014-09-14 11:46 - 00001021 _____ () C:\Users\Rahovart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2014-09-14 11:46 - 2014-09-14 11:46 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\GameRanger
2014-09-14 11:45 - 2014-09-14 11:46 - 00114352 _____ (GameRanger Technologies) C:\Users\Rahovart\Downloads\GameRangerSetup.exe
2014-09-13 17:09 - 2014-09-13 17:09 - 00016976 _____ () C:\Users\Rahovart\Downloads\[CzT]Jak_vycvicit_draka_2_How_to_Train_Your_Dragon_2_2014_720pLQ_WebRip_ (1).torrent
2014-09-11 21:59 - 2014-09-13 17:11 - 00000000 ____D () C:\Users\Rahovart\Downloads\How.to.Train.Your.Dragon.2.2014.720p.WEB-DL.XviD.AC3.2.0-RARBG
2014-09-11 21:57 - 2014-09-11 21:57 - 00016976 _____ () C:\Users\Rahovart\Downloads\[CzT]Jak_vycvicit_draka_2_How_to_Train_Your_Dragon_2_2014_720pLQ_WebRip_.torrent
2014-09-11 18:18 - 2014-09-11 18:18 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\Gyazo
2014-09-11 18:17 - 2014-09-22 17:17 - 00003764 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2014-09-11 18:17 - 2014-09-22 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-09-11 18:17 - 2014-09-22 17:17 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2014-09-11 18:17 - 2014-09-11 22:42 - 02063714 _____ (Nota Inc. ) C:\Users\Rahovart\Downloads\Nepotvrzeno 49530.crdownload
2014-09-11 14:31 - 2014-10-10 22:48 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\OBS
2014-09-11 14:31 - 2014-09-29 20:25 - 00000000 ____D () C:\Program Files\OBS
2014-09-11 14:31 - 2014-09-11 14:31 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-09-11 14:31 - 2014-09-11 14:31 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-09-11 13:59 - 2014-09-11 13:59 - 07389506 _____ () C:\Users\Rahovart\Downloads\OBS_0_632b_Installer.exe
2014-09-11 13:24 - 2014-09-11 13:38 - 00000000 ____D () C:\Cakewalk Projects
2014-09-11 13:24 - 2014-09-11 13:33 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\Cakewalk
2014-09-11 13:23 - 2014-09-11 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2014-09-11 13:23 - 2006-11-30 14:49 - 00368640 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2014-09-11 13:23 - 2006-02-24 09:00 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-09-11 13:23 - 2006-02-24 09:00 - 01047552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71u.dll
2014-09-11 13:23 - 2006-02-24 09:00 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-09-11 13:23 - 2006-02-24 09:00 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2014-09-11 13:23 - 2006-02-24 09:00 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-09-11 13:23 - 2006-02-24 09:00 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-09-11 13:18 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 13:18 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 13:18 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 13:18 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 13:18 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 13:18 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 13:18 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 13:18 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 13:18 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 13:18 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 13:18 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 13:18 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 13:18 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 13:18 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 13:18 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 13:18 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 13:18 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 13:18 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 13:18 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 13:18 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 13:18 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 13:18 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 13:18 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 13:18 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 13:18 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 13:18 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 13:18 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 13:18 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 13:18 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 13:18 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 13:18 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 13:18 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 13:18 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 13:18 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 13:18 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 13:18 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 13:18 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 13:18 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 13:18 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 13:18 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 13:18 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 13:18 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 13:18 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 13:18 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 13:18 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 13:18 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 13:18 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 13:18 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 13:18 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 13:18 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 13:18 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 13:18 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 13:18 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 13:18 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 13:18 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 13:18 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 13:15 - 2014-09-11 13:18 - 00000000 ____D () C:\Cakewalk Content
2014-09-11 13:13 - 2014-09-11 13:23 - 00000000 ____D () C:\ProgramData\Cakewalk
2014-09-11 13:13 - 2014-09-11 13:23 - 00000000 ____D () C:\Program Files (x86)\Cakewalk
2014-09-11 13:11 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 13:11 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 18:39 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 18:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 18:38 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 18:38 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 18:38 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 18:38 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 18:38 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 18:38 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 18:38 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 18:38 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 18:38 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 23:37 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 23:37 - 2009-07-14 06:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 23:36 - 2011-04-12 10:34 - 00669904 _____ () C:\Windows\system32\perfh005.dat
2014-10-10 23:36 - 2011-04-12 10:34 - 00142062 _____ () C:\Windows\system32\perfc005.dat
2014-10-10 23:36 - 2009-07-14 07:13 - 01587976 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-10 23:34 - 2014-09-03 17:56 - 01120222 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 23:32 - 2014-09-06 15:14 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-10 23:32 - 2014-09-03 20:01 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\Skype
2014-10-10 23:31 - 2014-09-03 18:04 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 23:30 - 2014-09-03 19:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-10 23:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 23:30 - 2009-07-14 06:51 - 00039626 _____ () C:\Windows\setupact.log
2014-10-10 23:29 - 2010-11-21 05:47 - 00096296 _____ () C:\Windows\PFRO.log
2014-10-10 23:19 - 2014-09-06 15:14 - 00000000 ____D () C:\ProgramData\Origin
2014-10-10 23:15 - 2014-09-04 18:18 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\TS3Client
2014-10-10 23:15 - 2014-09-03 20:43 - 00000000 ____D () C:\Users\Rahovart\AppData\Roaming\uTorrent
2014-10-10 23:15 - 2014-09-03 19:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-10 23:14 - 2014-09-03 18:04 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 23:03 - 2014-09-04 18:36 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 22:48 - 2014-09-05 20:49 - 00000000 ____D () C:\Users\Rahovart\AppData\Local\CrashDumps
2014-10-10 18:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-10 14:39 - 2014-09-03 18:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-07 14:17 - 2014-09-03 19:51 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-10-01 17:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-27 13:56 - 2014-09-04 15:15 - 00107942 _____ () C:\Windows\DirectX.log
2014-09-27 13:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-27 13:30 - 2014-09-04 19:08 - 00000000 ____D () C:\Users\Rahovart\Documents\My Games
2014-09-24 17:03 - 2014-09-04 18:37 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 17:03 - 2014-09-04 18:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 17:03 - 2014-09-04 18:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-19 17:57 - 2014-09-03 19:10 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-19 17:54 - 2014-09-03 19:19 - 00000000 ____D () C:\Users\Rahovart\AppData\Local\NVIDIA Corporation
2014-09-19 17:54 - 2014-09-03 19:19 - 00000000 ____D () C:\Users\Rahovart\AppData\Local\NVIDIA
2014-09-17 04:13 - 2014-09-03 19:19 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-09-17 04:13 - 2014-09-03 19:19 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-09-17 04:12 - 2014-09-03 19:19 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-09-17 04:12 - 2014-09-03 19:19 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 12:19 - 2014-09-03 17:58 - 00000000 ____D () C:\Users\Rahovart\AppData\Local\VirtualStore
2014-09-14 11:50 - 2014-09-04 18:34 - 00000000 ____D () C:\Users\Rahovart\AppData\Local\Adobe
2014-09-13 15:53 - 2009-07-14 06:45 - 00266192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-11 22:42 - 2014-09-04 21:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 13:30 - 2014-09-03 18:15 - 00058856 _____ () C:\Users\Rahovart\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-11 13:17 - 2014-09-03 18:15 - 01562690 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Rahovart\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Rahovart\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Rahovart\AppData\Local\Temp\optprosetup.exe
C:\Users\Rahovart\AppData\Local\Temp\Quarantine.exe
C:\Users\Rahovart\AppData\Local\Temp\SHSetup.exe
C:\Users\Rahovart\AppData\Local\Temp\xuninst.exe
C:\Users\Rahovart\AppData\Local\Temp\_isD8D1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-10 17:54

==================== End Of Log ============================

Re: Adware a nejspíš i malware

Napsal: 11 říj 2014 05:53
od vyosek
Zdravim :)

:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Adware a nejspíš i malware

Napsal: 11 říj 2014 12:46
od RahoVrah
Zdravím, tady je ten log


Zoek.exe v5.0.0.0 Updated 11-October-2014
Tool run by Rahovart on so 11.10.2014 at 13:29:46,21.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rahovart\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11.10.2014 13:33:29 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\27438f5c0c91f9f deleted
C:\install.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Rahovart\AppData\Local\CrashRpt deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn" [11.10.2014 13:26]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bejnhdlplbjhffionohbdnpcbobfejcc - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx[29.04.2014 14:31]

Hitbox Emotes - Rahovart\AppData\Local\Google\Chrome\User Data\Default\Extensions\afnmabaohnpejlfefcllmiahdgkclckf
BTTV - Rahovart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
Stylish - Rahovart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe
AdBlock - Rahovart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Twitch Now - Rahovart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk

==== Chromium Startpages ======================

C:\Users\Rahovart\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.seznam.cz/?clid=9973",
"startup_urls": [ "http://www.istartsurf.com/?type=hp&ts=1 ... 9709997099", "http://www.google.com" ],


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{2AE1FDBA-36E8-42A6-8B5D-E6DC7EAF96F0} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q= ... arch_13415"
{4277422B-170D-4A4D-8576-701969BD0EAA} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_13415"
{5332F50C-10AE-462B-B4E9-77564E167BF1} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... UM_csCZ604"
{78B8C307-7C28-4C3D-8AE6-95A3C2E57519} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_13415"
{966A8C5D-0028-4F52-8F9F-07C4988EF683} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchT ... arch_13415"
{AB523239-8A00-4698-8444-4FFECA86E324} Seznam Url="http://search.seznam.cz/?q={searchTerms ... arch_13415"
{B0B3FD55-64F7-4C45-93D5-F0F644CFA2D3} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&so ... arch_13415"
{C2AC012D-B534-416F-AC5D-E1C9108AD0D1} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_13415"
{D4F7ED33-A478-412A-A4DD-03E0B63BFF20} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... arch_13415"

==== Reset Google Chrome ======================

C:\Users\Rahovart\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Rahovart\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rahovart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rahovart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19JNNOJL will be deleted at reboot
C:\Users\Rahovart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8634T5FX will be deleted at reboot
C:\Users\Rahovart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQ3M1FR8 will be deleted at reboot
C:\Users\Rahovart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q02US74A will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Rahovart\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=40 folders=37 30156211 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Rahovart\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Rahovart\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Users\Rahovart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19JNNOJL" not found
"C:\Users\Rahovart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8634T5FX" not found
"C:\Users\Rahovart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQ3M1FR8" not found
"C:\Users\Rahovart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q02US74A" not found

==== EOF on so 11.10.2014 at 13:40:35,72 ======================

Re: Adware a nejspíš i malware

Napsal: 12 říj 2014 16:48
od vyosek
Okna stale skacou?

Re: Adware a nejspíš i malware

Napsal: 12 říj 2014 19:44
od RahoVrah
Už neskáčou. :)

Re: Adware a nejspíš i malware

Napsal: 13 říj 2014 20:42
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-09-03] (Google Inc.)
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-17] (Electronic Arts)
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Rahovart\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Rahovart\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\Run: [GoogleChromeAutoLaunch_BFE723A461C4787DDC1E159CFEE73307] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-01] (Google Inc.)
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\MountPoints2: {c4160273-3381-11e4-a6d3-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-756625837-801181038-1686051597-1000\...\MountPoints2: {f7002050-40bb-11e4-bd93-74d02b9f3ac1} - E:\setup.exe
Startup: C:\Users\Rahovart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

2014-10-10 23:38 - 2014-10-10 23:38 - 00019462 _____ () C:\Users\Rahovart\Desktop\FRST.txt
2014-10-10 23:37 - 2014-10-10 23:37 - 00015327 _____ () C:\Users\Rahovart\Desktop\LM.bat
2014-10-10 23:36 - 2014-10-10 23:37 - 00029696 _____ () C:\Users\Rahovart\AppData\Local\MSGBOX.EXE
2014-10-10 23:35 - 2014-10-10 23:35 - 00112640 _____ (forum.viry.cz) C:\Users\Rahovart\Downloads\Nepotvrzeno 519598.crdownload
2014-10-10 23:35 - 2014-10-10 23:35 - 00112640 _____ (forum.viry.cz) C:\Users\Rahovart\Downloads\Nepotvrzeno 434532.crdownload
2014-10-10 23:35 - 2014-10-10 23:35 - 00112640 _____ (forum.viry.cz) C:\Users\Rahovart\Downloads\Nepotvrzeno 261726.crdownload
2014-10-10 23:19 - 2014-10-10 23:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rahovart\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-10 23:19 - 2014-10-10 23:19 - 01375089 _____ () C:\Users\Rahovart\Downloads\AdwCleaner (1).exe
2014-10-10 23:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-10 23:15 - 2014-10-10 23:17 - 00000000 ____D () C:\AdwCleaner
2014-10-10 23:14 - 2014-10-10 23:15 - 01375089 _____ () C:\Users\Rahovart\Downloads\AdwCleaner.exe
2014-10-10 23:07 - 2014-10-10 23:08 - 00000000 ____D () C:\Users\Rahovart\Downloads\SpyHunter_4.17.6.4336 - MG
2014-10-10 22:55 - 2014-10-10 22:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-10 22:52 - 2014-10-10 22:52 - 00000000 ____D () C:\Program Files (x86)\ttoppbuyEr
2014-10-10 22:07 - 2014-10-10 23:18 - 00000000 ____D () C:\ProgramData\ttoppbuyEr

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz