Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Royksopp
Návštěvník
Návštěvník
Příspěvky: 209
Registrován: 02 čer 2008 19:53
Kontaktovat uživatele:

Prosím o kontrolu

#1 Příspěvek od Royksopp »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Adam at 2015-03-01 18:59:40
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 29 GB (57%) free of 51 GB
Total RAM: 1023 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:59:54, on 1. 3. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\Adam\Desktop\RSIT.exe
C:\Program Files\trend micro\Adam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 3563 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.sk"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-30 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-30 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-10-01 5088456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirDroid 3]
C:\Program Files\AirDroid\AirDroid.exe /start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner.exe [2015-02-19 5503768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2014-08-19 1795872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Plex Media Server]
C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Adam\AppData\Roaming\uTorrent\uTorrent.exe [2015-01-23 1677904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TVMOBiLiArtworkManager.lnk]
C:\PROGRA~1\TVMOBiLi\bin\ITUNES~1.EXE /path:C:\ProgramData\TVMOBiLi\cache []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Universal Media Server.lnk]
C:\PROGRA~1\UNIVER~1\UMS.exe [2015-02-15 603865]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Adam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ConnectAir.lnk]
C:\Program Files\ConnectAir\ConnectAir.exe -hide []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMPCHelper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tvnserver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-03-01 18:59:40 ----D---- C:\rsit
2015-02-27 17:26:43 ----D---- C:\Program Files\Mozilla Firefox
2015-02-26 21:11:18 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-02-26 21:10:10 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-02-26 21:10:10 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-02-26 21:10:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-02-26 21:10:08 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2015-02-26 11:02:26 ----D---- C:\ProgramData\UMS
2015-02-26 11:01:48 ----D---- C:\Program Files\AviSynth
2015-02-26 11:01:37 ----D---- C:\Program Files\Universal Media Server
2015-02-26 01:23:49 ----D---- C:\ProgramData\PMS
2015-02-26 01:23:16 ----D---- C:\Program Files\PS3 Media Server
2015-02-25 17:33:21 ----D---- C:\Users\Adam\AppData\Roaming\J River
2015-02-25 16:59:54 ----A---- C:\Windows\system32\drivers\JRiverWDMDriver.sys
2015-02-25 16:58:11 ----N---- C:\Windows\system32\AudDevicePlugin.dll
2015-02-25 16:58:09 ----N---- C:\Windows\system32\AReadyLB.dll
2015-02-25 16:57:54 ----A---- C:\Windows\system32\D3DX9_43.dll
2015-02-25 16:55:33 ----D---- C:\Program Files\J River
2015-02-25 15:32:26 ----D---- C:\Program Files\Plex
2015-02-25 15:00:32 ----D---- C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}
2015-02-25 13:57:28 ----D---- C:\Users\Adam\AppData\Roaming\MiniGet
2015-02-25 13:57:27 ----D---- C:\Program Files\MiniGet
2015-02-25 13:55:37 ----D---- C:\Program Files\globalUpdate
2015-02-25 13:41:37 ----A---- C:\Windows\system32\nvStreaming.exe
2015-02-20 00:44:28 ----A---- C:\Windows\system32\nvopencl.dll
2015-02-20 00:44:26 ----A---- C:\Windows\system32\nvoglv32.dll
2015-02-20 00:44:26 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-02-20 00:44:24 ----A---- C:\Windows\system32\NvIFR.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\NvFBC.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\nvdispgenco3234144.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\nvdispco3234144.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\nvd3dum.dll
2015-02-20 00:44:18 ----A---- C:\Windows\system32\nvcuvid.dll
2015-02-20 00:44:18 ----A---- C:\Windows\system32\nvcuda.dll
2015-02-20 00:43:58 ----A---- C:\Windows\system32\nvcompiler.dll
2015-02-19 15:08:08 ----D---- C:\Program Files\Super Ovladac
2015-02-18 21:05:29 ----D---- C:\Program Files\ShowMyPCService
2015-02-18 20:47:16 ----D---- C:\Program Files\TeamViewer
2015-02-12 22:20:41 ----A---- C:\Windows\system32\wdi.dll
2015-02-12 22:20:41 ----A---- C:\Windows\system32\powertracker.dll
2015-02-12 22:20:41 ----A---- C:\Windows\system32\perftrack.dll
2015-02-11 11:54:17 ----A---- C:\Windows\system32\jscript9diag.dll
2015-02-11 11:54:17 ----A---- C:\Windows\system32\jscript9.dll
2015-02-10 20:46:29 ----A---- C:\Windows\system32\win32k.sys
2015-02-10 20:46:12 ----A---- C:\Windows\system32\lsasrv.dll
2015-02-10 20:46:12 ----A---- C:\Windows\system32\drivers\cng.sys
2015-02-10 20:46:12 ----A---- C:\Windows\system32\adtschema.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\sspisrv.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\sspicli.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\secur32.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\msobjs.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\msaudite.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\lsass.exe
2015-02-10 20:46:11 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-02-10 20:46:11 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-02-10 20:46:11 ----A---- C:\Windows\system32\auditpol.exe
2015-02-10 20:45:05 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 20:45:04 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-02-10 20:45:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-02-10 20:45:03 ----A---- C:\Windows\system32\iernonce.dll
2015-02-10 20:45:03 ----A---- C:\Windows\system32\ie4uinit.exe
2015-02-10 20:45:02 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 20:45:01 ----A---- C:\Windows\system32\urlmon.dll
2015-02-10 20:45:01 ----A---- C:\Windows\system32\jsproxy.dll
2015-02-10 20:45:01 ----A---- C:\Windows\system32\ieUnatt.exe
2015-02-10 20:45:01 ----A---- C:\Windows\system32\iedkcs32.dll
2015-02-10 20:45:00 ----A---- C:\Windows\system32\ieapfltr.dll
2015-02-10 20:45:00 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-10 20:44:59 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-10 20:44:54 ----A---- C:\Windows\system32\msrating.dll
2015-02-10 20:44:53 ----A---- C:\Windows\system32\iesetup.dll
2015-02-10 20:44:52 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 20:44:51 ----A---- C:\Windows\system32\wininet.dll
2015-02-10 20:44:48 ----A---- C:\Windows\system32\dxtrans.dll
2015-02-10 20:44:46 ----A---- C:\Windows\system32\ieui.dll
2015-02-10 20:44:45 ----A---- C:\Windows\system32\ieframe.dll
2015-02-10 20:44:39 ----A---- C:\Windows\system32\mshtmled.dll
2015-02-10 20:44:35 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-02-10 20:44:32 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-02-10 20:44:30 ----A---- C:\Windows\system32\iertutil.dll
2015-02-10 20:44:27 ----A---- C:\Windows\system32\mshtml.dll
2015-02-10 20:44:25 ----A---- C:\Windows\system32\vbscript.dll
2015-02-10 20:43:39 ----A---- C:\Windows\system32\scesrv.dll
2015-02-10 20:43:37 ----A---- C:\Windows\system32\oleaut32.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\invagent.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\generaltel.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\devinv.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\appraiser.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\aitstatic.exe
2015-02-10 20:43:32 ----A---- C:\Windows\system32\aeinv.dll
2015-02-10 20:43:31 ----A---- C:\Windows\system32\aepic.dll
2015-02-10 20:43:31 ----A---- C:\Windows\system32\aepdu.dll
2015-02-10 20:41:37 ----A---- C:\Windows\system32\schannel.dll
2015-02-10 20:41:37 ----A---- C:\Windows\system32\msv1_0.dll
2015-02-10 20:41:37 ----A---- C:\Windows\system32\kerberos.dll
2015-02-10 20:41:36 ----A---- C:\Windows\system32\wdigest.dll
2015-02-10 20:41:36 ----A---- C:\Windows\system32\TSpkg.dll
2015-02-10 20:41:36 ----A---- C:\Windows\system32\ncrypt.dll
2015-02-10 20:41:35 ----A---- C:\Windows\system32\credssp.dll
2015-02-10 20:40:52 ----A---- C:\Windows\system32\wintrust.dll
2015-02-10 20:40:52 ----A---- C:\Windows\system32\cryptsvc.dll
2015-02-10 20:40:52 ----A---- C:\Windows\system32\crypt32.dll
2015-02-10 20:39:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-02-10 20:39:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2015-02-10 20:38:30 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-10 19:29:23 ----D---- C:\Windows\pss
2015-02-08 22:58:24 ----D---- C:\ProgramData\Auslogics
2015-02-08 22:19:00 ----D---- C:\Program Files\Microsoft Silverlight
2015-02-08 13:08:29 ----D---- C:\Users\Adam\AppData\Roaming\Remote Control Server
2015-02-07 17:18:10 ----D---- C:\Program Files\Google
2015-02-05 22:17:19 ----A---- C:\Windows\system32\drivers\4A406237.sys
2015-02-05 21:56:55 ----D---- C:\ProgramData\Malwarebytes

======List of files/folders modified in the last 1 month======

2015-03-01 18:59:53 ----D---- C:\Windows\Prefetch
2015-03-01 18:59:44 ----D---- C:\Program Files\trend micro
2015-03-01 18:59:38 ----D---- C:\Windows\Temp
2015-03-01 18:21:03 ----RD---- C:\Program Files
2015-03-01 18:21:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-03-01 15:17:40 ----D---- C:\Windows\system32\config
2015-03-01 15:05:48 ----SHD---- C:\System Volume Information
2015-03-01 14:29:41 ----D---- C:\Windows\inf
2015-03-01 14:28:06 ----D---- C:\ProgramData\NVIDIA
2015-02-27 15:22:03 ----D---- C:\Windows
2015-02-26 23:50:22 ----D---- C:\Windows\debug
2015-02-26 23:47:59 ----D---- C:\Users\Adam\AppData\Roaming\uTorrent
2015-02-26 23:47:58 ----D---- C:\Windows\Logs
2015-02-26 23:46:37 ----D---- C:\Program Files\CCleaner
2015-02-26 23:40:35 ----D---- C:\Windows\system32\drivers
2015-02-26 23:40:35 ----D---- C:\Windows\L2Schemas
2015-02-26 23:39:39 ----HD---- C:\ProgramData
2015-02-26 23:39:27 ----D---- C:\Windows\Tasks
2015-02-26 23:39:27 ----D---- C:\Windows\system32\Tasks
2015-02-26 21:06:59 ----D---- C:\Windows\system32\DriverStore
2015-02-26 11:09:25 ----SHD---- C:\Windows\Installer
2015-02-26 11:09:16 ----D---- C:\Windows\System32
2015-02-26 00:40:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-02-25 14:45:40 ----D---- C:\Windows\winsxs
2015-02-25 13:41:47 ----D---- C:\Program Files\NVIDIA Corporation
2015-02-24 00:31:44 ----RSD---- C:\Windows\Fonts
2015-02-24 00:30:44 ----D---- C:\Users\Adam\AppData\Roaming\vlc
2015-02-20 11:30:42 ----D---- C:\Windows\rescache
2015-02-20 00:44:38 ----A---- C:\Windows\system32\OpenCL.dll
2015-02-20 00:44:34 ----A---- C:\Windows\system32\nvwgf2um.dll
2015-02-20 00:43:56 ----A---- C:\Windows\system32\nvapi.dll
2015-02-20 00:15:43 ----D---- C:\Program Files\Windows Sidebar
2015-02-13 00:37:13 ----D---- C:\Windows\tracing
2015-02-12 22:17:02 ----D---- C:\Windows\system32\catroot2
2015-02-11 17:23:36 ----D---- C:\Windows\system32\en-US
2015-02-10 23:40:58 ----SD---- C:\Windows\system32\CompatTel
2015-02-10 23:40:58 ----D---- C:\Windows\system32\appraiser
2015-02-10 23:40:55 ----D---- C:\Windows\system32\sk-SK
2015-02-10 23:40:54 ----D---- C:\Program Files\Internet Explorer
2015-02-10 21:07:05 ----D---- C:\Windows\system32\MRT
2015-02-10 20:57:14 ----A---- C:\Windows\system32\MRT.exe
2015-02-10 20:38:21 ----D---- C:\Windows\system32\catroot
2015-02-09 00:16:46 ----D---- C:\Windows\Microsoft.NET
2015-02-08 22:20:22 ----SD---- C:\ProgramData\Microsoft
2015-02-08 15:57:42 ----SD---- C:\Windows\system32\Microsoft
2015-02-08 13:09:37 ----D---- C:\Program Files\Winamp
2015-02-08 13:09:33 ----D---- C:\Users\Adam\AppData\Roaming\Winamp
2015-02-07 23:30:11 ----SD---- C:\Users\Adam\AppData\Roaming\Microsoft
2015-02-07 22:41:46 ----D---- C:\Program Files\Common Files\microsoft shared
2015-02-07 12:38:26 ----D---- C:\Windows\Offline Web Pages
2015-02-05 22:14:03 ----D---- C:\Windows\Resources
2015-02-05 16:58:25 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 03:06:18 ----A---- C:\Windows\system32\nvcpl.dll
2015-02-04 03:06:17 ----A---- C:\Windows\system32\nvsvc.dll
2015-02-04 03:05:53 ----A---- C:\Windows\system32\nvvsvc.exe
2015-02-04 03:05:52 ----A---- C:\Windows\system32\nvsvcr.dll
2015-02-04 03:05:52 ----A---- C:\Windows\system32\nvshext.dll
2015-02-04 03:05:49 ----A---- C:\Windows\system32\nvmctray.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2014-10-10 51288]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2014-10-10 191928]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2014-10-10 135296]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2014-10-10 37928]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2014-10-10 176448]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2014-08-19 162592]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 btaudio;Bluetooth Audio Device; C:\Windows\system32\drivers\btaudio.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\Windows\system32\DRIVERS\btwdndis.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 jrvad_service;JRiver Media Center 20 (service); C:\Windows\system32\drivers\JRiverWDMDriver.sys [2015-01-26 30168]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2014-10-01 1349576]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-02-04 670536]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-04 409800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-02-27 148080]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu

#2 Příspěvek od altrok »

Zdravim :bye:

:arrow: ESET Smart Security je radne zakoupeny?

:arrow: S MiniGet jste si tam natahal plno haveti... doporucju si projit http://forum.viry.cz/viewtopic.php?f=24 ... 2#p1374442

:arrow: 26.2. jste instaloval MBAM... skenoval jste jim pocitac? Pokud ano, dejte log s nalezy.

:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Cleaning
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Royksopp
Návštěvník
Návštěvník
Příspěvky: 209
Registrován: 02 čer 2008 19:53
Kontaktovat uživatele:

Re: Prosím o kontrolu

#3 Příspěvek od Royksopp »

1. áno, mám tam licenciu do 11.5.2015
2. nechcelo mi stiahnuť ten program, pretože ESS to nedovoil
3. log MBAM:

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 26. 2. 2015
Scan Time: 21:20:44
Logfile: mam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.26.04
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Adam

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 396770
Time Elapsed: 1 hr, 44 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, 2156, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c]

Modules: 1
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],

Registry Keys: 51
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.SupTab.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\CLSID\{aa2fac44-d24d-4fed-9e32-397d138365f1}, Quarantined, [a468948f484261d5ad86d03e5da6c937],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4b030cae-5396-4e8d-b29f-0bc3213ab606}, Quarantined, [a468948f484261d5ad86d03e5da6c937],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A30B13F5-3743-428A-A1FA-6F001D36CC4A}, Quarantined, [a468948f484261d5ad86d03e5da6c937],
PUP.Optional.IEMultiBHO.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10E1725C-7237-41A9-954A-04DCCB1FD16C}, Quarantined, [e92371b24446270f768ae12ca65d956b],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\IHProtect, Quarantined, [b85422016d1d0234d974901304ff46ba],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [4ebeef34c5c501352f79f7f1f80bf20e],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\mystartsearchSoftware, Quarantined, [8c80879c19712b0b50d2a308000315eb],
PUP.Optional.SavePass.A, HKLM\SOFTWARE\SavePass 1.1, Quarantined, [2ddf869d107af5419cd2932830d3f808],
PUP.Optional.SavePass.A, HKLM\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [63a964bfaedca49275f98635ae555ca4],
PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, Quarantined, [0dff47dcfb8f340272e822fb6e9713ed],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WajIntEnhance, Quarantined, [9874a182addd91a58ba06b34c53e14ec],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [29e3cb588307e650549de4dc699a59a7],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [8587ad76226876c029727e5d847ff50b],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [1fed92910783e155ce1ff4a7ba493cc4],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [e329e93a246660d6915b1b8062a124dc],
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [ab612ef5fe8c38fe8910416a71926898],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [ee1e0f14a7e3270f12d8d9c25ea543bd],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [a3696eb5d1b9d4620514ba66887de21e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [c24a64bf0f7b7fb7e03a25fb0bfa6799],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, Quarantined, [39d3df447515201608078039649f06fa],
PUP.Optional.IHProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Quarantined, [f61671b2f49680b665e72c77dc27cc34],
PUP.Optional.CytiWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Cyti Web, Quarantined, [808cfb280c7e24120ed23372fb0810f0],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarantined, [8686d94a4f3b62d4ae55bfe8847fd828],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [13f98d9694f644f28fba19956b98cd33],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [f11b8a99474357df9c4dbb4346be0af6],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HomeTab, Quarantined, [ef1d5bc842486dc92f8e3794f211956b],
PUP.Optional.SavePass.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [16f6b76c34561f17cca3912a649f11ef],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SearchProtectWS, Quarantined, [53b927fcd4b60c2a20d0e8b3788b7c84],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WajIntEnhance, Quarantined, [1bf145de93f767cf1814326d48bb4bb5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [fc10cd56d0ba75c1c7f6957c44c1fa06],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [cb41eb38c5c575c134fa5b5a2cd726da],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\OB, Quarantined, [7c90180bf89245f18158efb1739020e0],
PUP.Optional.FastStart.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [cd3f4cd7cfbb8ea853d5476f04ffed13],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Quarantined, [bc5058cbc8c2b185eb00b9e2d72c966a],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],

Registry Values: 5
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [29e3cb588307e650549de4dc699a59a7]
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\extensions\searchengine@gmail.com, Quarantined, [10fc29faa2e866d0f5062dfc778e1de3]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\extensions\faststartff@gmail.com, Quarantined, [66a665bebad088ae8dee2bf143c2a858]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, amt, Quarantined, [39d3df447515201608078039649f06fa]
PUP.Optional.FastStart.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [cd3f4cd7cfbb8ea853d5476f04ffed13]

Registry Data: 10
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G, Good: (firefox.exe), Bad: (C:\Program Files\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G),Replaced,[9e6e52d123670c2ab42daf16ff060af6]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G),Replaced,[64a86fb42c5eaf87b72ba3222adb728e]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[848880a3305ad1655ad21aac3acbf30d]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[27e53de6d4b67cba1c0fc7ffc93c8878]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[1fedac772b5f37ff2b8807ccca3b4bb5]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[0606180bb8d2ab8bfa33fec8e81d46ba]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[fd0f190a97f3181e88a82b9b9b6a54ac]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[f31937ec95f50630ebc607ccd43101ff]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[020ad053eaa06acc7eb08b3bd13434cc]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[83895dc65634d4625ad5a71fa85d768a]

Folders: 40
PUP.Optional.XTab.A, C:\Program Files\XTab, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\image, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [ad5f47dc6129979fab30df97c043926e],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [ad5f47dc6129979fab30df97c043926e],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{1EDCBE78-A1F4-4B77-88CB-18961BFA41B1}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1, Quarantined, [dd2f62c16e1c181ee80fea94659e9e62],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [1cf043e02b5fc57179f9e3b0a360b24e],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [1cf043e02b5fc57179f9e3b0a360b24e],
PUP.Optional.CytiWeb.A, C:\Users\Adam\AppData\Local\Temp\Cyti Web, Quarantined, [8b8179aa3753b77fab29266fbe45cb35],

Files: 114
PUP.Optional.SkyTech.A, C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EC8UIV4N\1[1].zip, Quarantined, [0efe1b085733c86e20eb12ed4bb65ca4],
PUP.Optional.XTabs.A, C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0LRNQOH\2[1].zip, Quarantined, [ab6148db9dedb086b69343c8ab5b9868],
Trojan.MSIL.Injector, C:\Users\Adam\AppData\Local\Temp\Runner2.exe, Quarantined, [52ba170c0486f3439406c7fc44c109f7],
PUP.Optional.XTab.A, C:\Program Files\XTab\uninstall.exe, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\conf, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\install.data, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\searchProvider.xml, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about_bk.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn_apply.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\close.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf.xml, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf_back.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\input_bk.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\logo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\main.xml, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_1.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_2.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\rigth_arrow.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\settings.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\data.html, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE.html, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE8.html, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\main.css, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\ver.txt, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\arrow.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo_hover.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_logo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo2.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\google_trends.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon128.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon16.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon48.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\loading.gif, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\logo32.ico, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather\0.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\common.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ga.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ie8.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery-1.11.0.min.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery.autocomplete.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\js.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\library.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit-ie8.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit2.0.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.MyStartSearch.A, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\searchplugins\mystartsearch.xml, Quarantined, [a26a6bb868220a2ca081b4f76f9450b0],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-6, Quarantined, [22ea081beb9fe1552fbd13add52e20e0],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-7, Quarantined, [a06c071c791172c42cc0665a3ac90ef2],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-10_user, Quarantined, [6ca0061dcfbb16205e8e3090af54cb35],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-4, Quarantined, [1fed1112b7d3fd39f5f7e8d8d72c738d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5, Quarantined, [b15b1d063654280e96561ea21fe454ac],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5_user, Quarantined, [000ca47fc9c1191d1ad2e2de1ee58f71],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-6.job, Quarantined, [30dc41e2a0eaef47846e0a13e12406fa],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-7.job, Quarantined, [38d434ef39512214ad45d6471aeb2bd5],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-10_user.job, Quarantined, [cd3fd44f7e0c92a4e01269b4c2431de3],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-4.job, Quarantined, [57b561c28bffdf5718da9984be47f50b],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5.job, Quarantined, [e527081b98f247eff4fec756a75e3fc1],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5_user.job, Quarantined, [59b31b08acde8bab4ba7e736da2b47b9],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [3ad2ad76266462d41be671adf70edd23],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [c84438eb820846f08c76fb237a8be917],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [49c3fe25256570c69a69ce50aa5b3ec2],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [35d74bd80882330340c4b866ec196c94],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [ad5f47dc6129979fab30df97c043926e],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleCrashHandler.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdate.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdateBroker.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdateHelper.msi, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdateOnDemand.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\goopdate.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\goopdateres_en.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\npGoogleUpdate4.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\psmachine.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\psuser.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\bgNova.html, Quarantined, [dd2f62c16e1c181ee80fea94659e9e62],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, Quarantined, [1cf043e02b5fc57179f9e3b0a360b24e],
PUP.Optional.QuickStart.A, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Replaced,[c5474fd46129fc3a6b5726e71ee81ce4]
PUP.Optional.CrossRider.A, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14bc0d1821a641958dcb0dc7ac182c5f");), Replaced,[c4483ee56a20b680d01b0fff64a2fc04]

Physical Sectors: 0
(No malicious items detected)


(end)

Royksopp
Návštěvník
Návštěvník
Příspěvky: 209
Registrován: 02 čer 2008 19:53
Kontaktovat uživatele:

Re: Prosím o kontrolu

#4 Příspěvek od Royksopp »

4. log AdwCleaner:

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 18:04:42
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Adam - ADAM-PC
# Running from : C:\Users\Adam\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\ShowMyPCService
Folder Deleted : C:\Users\Adam\AppData\Local\cool_mirage
Folder Deleted : C:\Users\Adam\AppData\Local\globalUpdate
File Deleted : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0 (x86 sk)

[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "mystartsearch");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "mystartsearch");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "mystartsearch");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R1].txt - [5329 bytes] - [02/03/2015 18:00:54]
AdwCleaner[S1].txt - [5429 bytes] - [02/03/2015 18:04:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5488 bytes] ##########

altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu

#5 Příspěvek od altrok »

:arrow: Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Royksopp
Návštěvník
Návštěvník
Příspěvky: 209
Registrován: 02 čer 2008 19:53
Kontaktovat uživatele:

Re: Prosím o kontrolu

#6 Příspěvek od Royksopp »

ten FRSTLauncher nejde stiahnuť z tej stránky...že neexistuje stránka

altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu

#7 Příspěvek od altrok »

Diky za upozorneni, pokracujte tedy bez FRSTLauncheru - samotnym FRST.exe/FRST64.exe
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Royksopp
Návštěvník
Návštěvník
Příspěvky: 209
Registrován: 02 čer 2008 19:53
Kontaktovat uživatele:

Re: Prosím o kontrolu

#8 Příspěvek od Royksopp »

V prílohe...
Přílohy
Addition.rar
(10.22 KiB) Staženo 54 x

altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu

#9 Příspěvek od altrok »

:arrow: Vypnete trvale Windows Defender - http://windows.microsoft.com/cs-cz/wind ... =windows-7

  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
    CloseProcesses:
    Task: {0D05524D-0596-4C8D-9C65-7B19E0B7E194} - System32\Tasks\{AC567165-06FA-4A99-83A3-18D17CE08B87} => pcalua.exe -a C:\Users\Adam\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=amt
    C:\Users\Adam\AppData\Roaming\mystartsearch
    HKU\S-1-5-21-3409903947-2537725115-4003705135-1000\...\MountPoints2: {dd17fc43-7898-11e4-9acb-806e6f6e6963} - E:\Setup.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    
    2015-03-02 18:00 - 2015-03-02 18:04 - 00000000 ____D () C:\AdwCleaner
    2015-03-02 17:59 - 2015-03-02 17:59 - 02126848 _____ () C:\Users\Adam\Desktop\adwcleaner_4.111.exe
    2015-03-01 18:59 - 2015-03-01 18:59 - 00000000 ____D () C:\rsit
    C:\Program Files\XTab
    C:\Program Files\globalUpdate
    C:\ProgramData\IHProtectUpDate
    Folder: C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}
    Hosts:
    EmptyTemp:
    End
    
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Royksopp
Návštěvník
Návštěvník
Příspěvky: 209
Registrován: 02 čer 2008 19:53
Kontaktovat uživatele:

Re: Prosím o kontrolu

#10 Příspěvek od Royksopp »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2015
Ran by Adam at 2015-03-02 19:19:10 Run:1
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam (Available profiles: Adam)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
Task: {0D05524D-0596-4C8D-9C65-7B19E0B7E194} - System32\Tasks\{AC567165-06FA-4A99-83A3-18D17CE08B87} => pcalua.exe -a C:\Users\Adam\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
C:\Users\Adam\AppData\Roaming\mystartsearch
HKU\S-1-5-21-3409903947-2537725115-4003705135-1000\...\MountPoints2: {dd17fc43-7898-11e4-9acb-806e6f6e6963} - E:\Setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

2015-03-02 18:00 - 2015-03-02 18:04 - 00000000 ____D () C:\AdwCleaner
2015-03-02 17:59 - 2015-03-02 17:59 - 02126848 _____ () C:\Users\Adam\Desktop\adwcleaner_4.111.exe
2015-03-01 18:59 - 2015-03-01 18:59 - 00000000 ____D () C:\rsit
C:\Program Files\XTab
C:\Program Files\globalUpdate
C:\ProgramData\IHProtectUpDate
Folder: C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D05524D-0596-4C8D-9C65-7B19E0B7E194}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D05524D-0596-4C8D-9C65-7B19E0B7E194}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AC567165-06FA-4A99-83A3-18D17CE08B87} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AC567165-06FA-4A99-83A3-18D17CE08B87}" => Key deleted successfully.
"C:\Users\Adam\AppData\Roaming\mystartsearch" => File/Directory not found.
"HKU\S-1-5-21-3409903947-2537725115-4003705135-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd17fc43-7898-11e4-9acb-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{dd17fc43-7898-11e4-9acb-806e6f6e6963} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Adam\Desktop\adwcleaner_4.111.exe => Moved successfully.
C:\rsit => Moved successfully.
"C:\Program Files\XTab" => File/Directory not found.
"C:\Program Files\globalUpdate" => File/Directory not found.
"C:\ProgramData\IHProtectUpDate" => File/Directory not found.

========================= Folder: C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d} ========================

2015-02-25 15:00 - 2015-02-25 15:00 - 0000892 _____ () C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}\TVMOBiLi crack.dat

====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 231 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:19:35 ====

altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu

#11 Příspěvek od altrok »

Toto tam mate predpokladam schvalne C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}\TVMOBiLi crack.dat

Zbytek logu je cisty, takze jak se chova PC? Zacneme uklizet?
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Royksopp
Návštěvník
Návštěvník
Příspěvky: 209
Registrován: 02 čer 2008 19:53
Kontaktovat uživatele:

Re: Prosím o kontrolu

#12 Příspěvek od Royksopp »

Áno, ten program už nemám. Dá sa to odstrániť ?
Áno, môžeme. Zdá sa byť lepší.

altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu

#13 Příspěvek od altrok »

Smazte slozku
C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}

Jeste uklidime.
A pokud nejsou dotazy ci jine problemy, je to ode mne vse.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Royksopp
Návštěvník
Návštěvník
Příspěvky: 209
Registrován: 02 čer 2008 19:53
Kontaktovat uživatele:

Re: Prosím o kontrolu

#14 Příspěvek od Royksopp »

Ďakujem pekne a prajem ešte pekný zvyšok týždňa :)

altrok
Moderátor
Moderátor
Příspěvky: 7317
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o kontrolu

#15 Příspěvek od altrok »

Nemate zac, rad jsem pomohl :worship:


Mejte se krasne a treba zase nekdy :bye:
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Zamčeno