Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
conduit
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
conduit
Dobrý deň.Pri kontrole PC sw adwcleaner sa mi často stáva, že v registroch nájde HKCU\Software\Conduit. Tento odinštaľujem a po nejakom čase PC opäť kontroľujem tým istým sw a opäť nájde v registroch uvedenú infiltráciu. Poraďte prosím, ako sa toho zbaviť. Ďakujem
-
Rudy
- Site Admin
- Příspěvky: 119675
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: conduit
Zdravím!
Conduit je AdWare, které si lze stáhnout jen návštěvou určitých webů. Bude třeba se podívat, co všechno v PC běží. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Conduit je AdWare, které si lze stáhnout jen návštěvou určitých webů. Bude třeba se podívat, co všechno v PC běží. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: conduit
Prikladám log z FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by ab021 (administrator) on AB021-PC on 08-06-2015 22:12:08
Running from E:\
Loaded Profiles: ab021 (Available Profiles: ab021)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(CrossLoop) C:\Users\ab021\AppData\Local\CrossLoop\CrossLoopService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\ntvdm.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5078504 2013-03-21] (ESET)
HKU\S-1-5-21-2968783570-2792829094-2834685135-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\ab021\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kalendár.lnk [2015-01-29]
ShortcutTarget: Kalendár.lnk -> C:\Windows\MENINY.EXE ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2968783570-2792829094-2834685135-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-28] (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default
FF Homepage: hxxp://www.google.sk/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-14] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> D:\Program Files\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-05-19]
FF Extension: Nepi Jano! - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\jid1-ujYo9WP31heSeQ@jetpack.xpi [2015-05-19]
FF Extension: ImTranslator - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2015-05-19]
FF Extension: Downloads Window - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\{a7213cf2-fa1e-4373-88ff-255d0abd3020}.xpi [2015-05-19]
FF Extension: Video DownloadHelper - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-19]
FF Extension: Adblock Plus - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-19]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2015-01-29]
FF HKU\S-1-5-21-2968783570-2792829094-2834685135-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2015-01-29]
Chrome:
=======
CHR Profile: C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-31]
CHR Extension: (YouTube) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-31]
CHR Extension: (Adblock Plus) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-31]
CHR Extension: (Google Search) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-31]
CHR Extension: (Bookmark Manager) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-31]
CHR Extension: (Google Wallet) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-31]
CHR Extension: (ImTranslator: Google Translate) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2015-05-31]
CHR Extension: (Gmail) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CrossLoopService; C:\Users\ab021\AppData\Local\CrossLoop\CrossLoopService.exe [569072 2012-01-06] (CrossLoop)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1341664 2013-03-21] (ESET)
S4 MBAMScheduler; D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 tvnserver; C:\Users\ab021\AppData\Local\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [150080 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46056 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47568 2013-02-14] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
R3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2015-01-29] (VSO Software) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 22:11 - 2015-06-08 22:12 - 00000000 ____D C:\FRST
2015-06-07 21:37 - 2015-06-08 21:53 - 00000336 _____ C:\Windows\setupact.log
2015-06-07 21:37 - 2015-06-07 21:37 - 00000000 _____ C:\Windows\setuperr.log
2015-05-31 08:01 - 2015-05-31 08:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-31 08:01 - 2015-05-31 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-31 08:00 - 2015-05-31 08:01 - 00000000 ____D C:\Users\ab021\AppData\Local\Google
2015-05-31 08:00 - 2015-05-31 08:01 - 00000000 ____D C:\Program Files\Google
2015-05-30 16:23 - 2015-05-30 16:45 - 00000000 ____D C:\Users\ab021\dwhelper
2015-05-22 15:38 - 2015-05-22 15:38 - 00000000 ____D C:\Users\ab021\AppData\Roaming\EPSON
2015-05-22 15:36 - 2015-05-22 16:14 - 00000940 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-05-22 15:36 - 2015-05-22 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2015-05-22 15:36 - 2006-10-13 00:00 - 00061952 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escwiad.dll
2015-05-22 15:23 - 2015-05-22 15:25 - 00000000 ____D C:\ProgramData\EPSON
2015-05-22 15:23 - 2007-12-07 02:08 - 00086528 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLBBEE.DLL
2015-05-22 15:23 - 2007-12-07 02:01 - 00078848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BBEE.DLL
2015-05-22 15:23 - 2004-09-10 20:12 - 00049152 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2015-05-19 16:48 - 2015-05-19 16:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-19 16:15 - 2015-05-19 16:15 - 00000000 ____D C:\Users\ab021\AppData\Roaming\Mozilla
2015-05-19 16:15 - 2015-05-19 16:15 - 00000000 ____D C:\Users\ab021\AppData\Local\Mozilla
2015-05-19 16:14 - 2015-05-19 17:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-05-19 16:14 - 2015-05-19 16:14 - 00001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-19 16:14 - 2015-05-19 16:14 - 00001075 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-19 16:14 - 2015-05-19 16:14 - 00000000 ____D C:\ProgramData\Mozilla
2015-05-14 08:58 - 2015-05-14 08:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-05-13 07:31 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 07:04 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 07:03 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 07:03 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-13 07:03 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 07:03 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 07:03 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 07:03 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 07:03 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 07:03 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 07:03 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 07:03 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 07:03 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 07:03 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 07:03 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 07:03 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 07:03 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 07:03 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 07:03 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 07:03 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 07:03 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 07:03 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 07:03 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 07:03 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 07:03 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 07:03 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 07:03 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 07:03 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 07:03 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 07:03 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 07:03 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 07:03 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 07:03 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 07:03 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 07:03 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 07:03 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 07:03 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 07:03 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 07:03 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 07:03 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 07:03 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 07:03 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 07:03 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 07:03 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 07:03 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 07:03 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 07:03 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 07:03 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 07:03 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 07:03 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 07:03 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 07:03 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 07:03 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 07:02 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 07:02 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 07:02 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 07:02 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 07:02 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 07:02 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 07:02 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 07:02 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 07:00 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 06:59 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 06:59 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-10 07:08 - 2015-06-08 21:57 - 01469699 _____ C:\Windows\WindowsUpdate.log
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 22:00 - 2009-07-14 06:34 - 00022720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 22:00 - 2009-07-14 06:34 - 00022720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 21:59 - 2015-01-29 01:23 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-08 21:53 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 21:53 - 2009-07-14 04:04 - 00000512 _____ C:\Windows\win.ini
2015-06-08 17:56 - 2015-01-29 09:05 - 00000000 ____D C:\Users\ab021\AppData\Roaming\Skype
2015-06-08 17:55 - 2015-01-29 09:05 - 00000000 ____D C:\ProgramData\Skype
2015-06-08 17:36 - 2015-01-29 05:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 22:35 - 2015-01-29 04:12 - 00000000 _____ C:\Windows\XXLGSC
2015-06-07 17:37 - 2015-01-29 06:42 - 00000000 ___RD C:\Users\ab021\Documents\video
2015-06-04 14:55 - 2015-01-29 06:39 - 00000000 ____D C:\Users\ab021\Documents\Včely
2015-05-31 05:20 - 2015-01-29 06:48 - 00000000 ____D C:\Users\ab021\Documents\Darinka-práce
2015-05-30 17:33 - 2009-07-14 06:53 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-30 16:23 - 2015-01-29 01:17 - 00000000 ____D C:\Users\ab021
2015-05-27 05:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-05-22 15:36 - 2015-01-29 21:42 - 00000000 ____D C:\Program Files\EPSON
2015-05-22 15:36 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2015-05-22 15:25 - 2015-01-29 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-05-20 11:51 - 2015-01-29 01:29 - 00000000 ____D C:\Windows\system32\MRT
2015-05-20 11:42 - 2015-04-05 18:47 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-15 20:34 - 2015-01-29 08:16 - 00000000 ____D C:\Users\ab021\AppData\Roaming\DVDVideoSoft
2015-05-15 06:48 - 2015-01-29 05:29 - 00000759 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-15 06:48 - 2015-01-29 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-14 18:05 - 2015-04-18 06:39 - 00000000 ____D C:\Users\ab021\AppData\Local\Adobe
2015-05-14 18:05 - 2015-04-18 05:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-14 18:05 - 2015-04-18 05:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-14 09:01 - 2015-05-01 23:39 - 00000000 ____D C:\Users\ab021\AppData\Roaming\vlc
2015-05-13 21:03 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-05-13 20:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-05-13 07:53 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 07:38 - 2015-01-29 09:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 07:38 - 2009-07-14 06:33 - 00415384 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 07:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 07:31 - 2015-01-29 02:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-13 07:10 - 2015-01-29 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
==================== Files in the root of some directories =======
2015-01-29 09:11 - 2015-01-29 09:11 - 0081920 _____ () C:\Users\ab021\AppData\Roaming\ezpinst.exe
2015-01-29 09:11 - 2015-01-29 09:11 - 0007176 _____ () C:\Users\ab021\AppData\Roaming\pcouffin.cat
2015-01-29 09:11 - 2015-01-29 09:11 - 0001144 _____ () C:\Users\ab021\AppData\Roaming\pcouffin.inf
2015-01-29 09:11 - 2015-01-29 09:12 - 0000034 _____ () C:\Users\ab021\AppData\Roaming\pcouffin.log
2015-01-29 09:11 - 2015-01-29 09:11 - 0047360 _____ (VSO Software) C:\Users\ab021\AppData\Roaming\pcouffin.sys
Some files in TEMP:
====================
C:\Users\ab021\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-03 18:44
==================== End of log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by ab021 (administrator) on AB021-PC on 08-06-2015 22:12:08
Running from E:\
Loaded Profiles: ab021 (Available Profiles: ab021)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(CrossLoop) C:\Users\ab021\AppData\Local\CrossLoop\CrossLoopService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\ntvdm.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5078504 2013-03-21] (ESET)
HKU\S-1-5-21-2968783570-2792829094-2834685135-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\ab021\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kalendár.lnk [2015-01-29]
ShortcutTarget: Kalendár.lnk -> C:\Windows\MENINY.EXE ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2968783570-2792829094-2834685135-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-28] (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default
FF Homepage: hxxp://www.google.sk/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-14] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> D:\Program Files\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-31] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-05-19]
FF Extension: Nepi Jano! - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\jid1-ujYo9WP31heSeQ@jetpack.xpi [2015-05-19]
FF Extension: ImTranslator - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2015-05-19]
FF Extension: Downloads Window - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\{a7213cf2-fa1e-4373-88ff-255d0abd3020}.xpi [2015-05-19]
FF Extension: Video DownloadHelper - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-19]
FF Extension: Adblock Plus - C:\Users\ab021\AppData\Roaming\Mozilla\Firefox\Profiles\6dez0don.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-19]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2015-01-29]
FF HKU\S-1-5-21-2968783570-2792829094-2834685135-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2015-01-29]
Chrome:
=======
CHR Profile: C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-31]
CHR Extension: (YouTube) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-31]
CHR Extension: (Adblock Plus) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-31]
CHR Extension: (Google Search) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-31]
CHR Extension: (Bookmark Manager) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-31]
CHR Extension: (Google Wallet) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-31]
CHR Extension: (ImTranslator: Google Translate) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2015-05-31]
CHR Extension: (Gmail) - C:\Users\ab021\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CrossLoopService; C:\Users\ab021\AppData\Local\CrossLoop\CrossLoopService.exe [569072 2012-01-06] (CrossLoop)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1341664 2013-03-21] (ESET)
S4 MBAMScheduler; D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 tvnserver; C:\Users\ab021\AppData\Local\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [150080 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46056 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47568 2013-02-14] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
R3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2015-01-29] (VSO Software) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 22:11 - 2015-06-08 22:12 - 00000000 ____D C:\FRST
2015-06-07 21:37 - 2015-06-08 21:53 - 00000336 _____ C:\Windows\setupact.log
2015-06-07 21:37 - 2015-06-07 21:37 - 00000000 _____ C:\Windows\setuperr.log
2015-05-31 08:01 - 2015-05-31 08:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-31 08:01 - 2015-05-31 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-31 08:00 - 2015-05-31 08:01 - 00000000 ____D C:\Users\ab021\AppData\Local\Google
2015-05-31 08:00 - 2015-05-31 08:01 - 00000000 ____D C:\Program Files\Google
2015-05-30 16:23 - 2015-05-30 16:45 - 00000000 ____D C:\Users\ab021\dwhelper
2015-05-22 15:38 - 2015-05-22 15:38 - 00000000 ____D C:\Users\ab021\AppData\Roaming\EPSON
2015-05-22 15:36 - 2015-05-22 16:14 - 00000940 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-05-22 15:36 - 2015-05-22 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2015-05-22 15:36 - 2006-10-13 00:00 - 00061952 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escwiad.dll
2015-05-22 15:23 - 2015-05-22 15:25 - 00000000 ____D C:\ProgramData\EPSON
2015-05-22 15:23 - 2007-12-07 02:08 - 00086528 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLBBEE.DLL
2015-05-22 15:23 - 2007-12-07 02:01 - 00078848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BBEE.DLL
2015-05-22 15:23 - 2004-09-10 20:12 - 00049152 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2015-05-19 16:48 - 2015-05-19 16:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-19 16:15 - 2015-05-19 16:15 - 00000000 ____D C:\Users\ab021\AppData\Roaming\Mozilla
2015-05-19 16:15 - 2015-05-19 16:15 - 00000000 ____D C:\Users\ab021\AppData\Local\Mozilla
2015-05-19 16:14 - 2015-05-19 17:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-05-19 16:14 - 2015-05-19 16:14 - 00001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-19 16:14 - 2015-05-19 16:14 - 00001075 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-19 16:14 - 2015-05-19 16:14 - 00000000 ____D C:\ProgramData\Mozilla
2015-05-14 08:58 - 2015-05-14 08:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-05-13 07:31 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 07:04 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 07:03 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 07:03 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-13 07:03 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 07:03 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 07:03 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 07:03 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 07:03 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 07:03 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 07:03 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 07:03 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 07:03 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 07:03 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 07:03 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 07:03 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 07:03 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 07:03 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 07:03 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 07:03 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 07:03 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 07:03 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 07:03 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 07:03 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 07:03 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 07:03 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 07:03 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 07:03 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 07:03 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 07:03 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 07:03 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 07:03 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 07:03 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 07:03 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 07:03 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 07:03 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 07:03 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 07:03 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 07:03 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 07:03 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 07:03 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 07:03 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 07:03 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 07:03 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 07:03 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 07:03 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 07:03 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 07:03 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 07:03 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 07:03 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 07:03 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 07:03 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 07:03 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 07:03 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 07:03 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 07:02 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 07:02 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 07:02 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 07:02 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 07:02 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 07:02 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 07:02 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 07:02 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 07:00 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 06:59 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 06:59 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-10 07:08 - 2015-06-08 21:57 - 01469699 _____ C:\Windows\WindowsUpdate.log
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 22:00 - 2009-07-14 06:34 - 00022720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 22:00 - 2009-07-14 06:34 - 00022720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 21:59 - 2015-01-29 01:23 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-08 21:53 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 21:53 - 2009-07-14 04:04 - 00000512 _____ C:\Windows\win.ini
2015-06-08 17:56 - 2015-01-29 09:05 - 00000000 ____D C:\Users\ab021\AppData\Roaming\Skype
2015-06-08 17:55 - 2015-01-29 09:05 - 00000000 ____D C:\ProgramData\Skype
2015-06-08 17:36 - 2015-01-29 05:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 22:35 - 2015-01-29 04:12 - 00000000 _____ C:\Windows\XXLGSC
2015-06-07 17:37 - 2015-01-29 06:42 - 00000000 ___RD C:\Users\ab021\Documents\video
2015-06-04 14:55 - 2015-01-29 06:39 - 00000000 ____D C:\Users\ab021\Documents\Včely
2015-05-31 05:20 - 2015-01-29 06:48 - 00000000 ____D C:\Users\ab021\Documents\Darinka-práce
2015-05-30 17:33 - 2009-07-14 06:53 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-30 16:23 - 2015-01-29 01:17 - 00000000 ____D C:\Users\ab021
2015-05-27 05:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-05-22 15:36 - 2015-01-29 21:42 - 00000000 ____D C:\Program Files\EPSON
2015-05-22 15:36 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2015-05-22 15:25 - 2015-01-29 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-05-20 11:51 - 2015-01-29 01:29 - 00000000 ____D C:\Windows\system32\MRT
2015-05-20 11:42 - 2015-04-05 18:47 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-15 20:34 - 2015-01-29 08:16 - 00000000 ____D C:\Users\ab021\AppData\Roaming\DVDVideoSoft
2015-05-15 06:48 - 2015-01-29 05:29 - 00000759 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-15 06:48 - 2015-01-29 05:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-14 18:05 - 2015-04-18 06:39 - 00000000 ____D C:\Users\ab021\AppData\Local\Adobe
2015-05-14 18:05 - 2015-04-18 05:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-14 18:05 - 2015-04-18 05:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-14 09:01 - 2015-05-01 23:39 - 00000000 ____D C:\Users\ab021\AppData\Roaming\vlc
2015-05-13 21:03 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-05-13 20:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-05-13 07:53 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 07:38 - 2015-01-29 09:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 07:38 - 2009-07-14 06:33 - 00415384 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 07:37 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 07:31 - 2015-01-29 02:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-13 07:10 - 2015-01-29 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
==================== Files in the root of some directories =======
2015-01-29 09:11 - 2015-01-29 09:11 - 0081920 _____ () C:\Users\ab021\AppData\Roaming\ezpinst.exe
2015-01-29 09:11 - 2015-01-29 09:11 - 0007176 _____ () C:\Users\ab021\AppData\Roaming\pcouffin.cat
2015-01-29 09:11 - 2015-01-29 09:11 - 0001144 _____ () C:\Users\ab021\AppData\Roaming\pcouffin.inf
2015-01-29 09:11 - 2015-01-29 09:12 - 0000034 _____ () C:\Users\ab021\AppData\Roaming\pcouffin.log
2015-01-29 09:11 - 2015-01-29 09:11 - 0047360 _____ (VSO Software) C:\Users\ab021\AppData\Roaming\pcouffin.sys
Some files in TEMP:
====================
C:\Users\ab021\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-03 18:44
==================== End of log ============================
-
Rudy
- Site Admin
- Příspěvky: 119675
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: conduit
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: conduit
Vkladám log z adw. Conduit adw odstránil pred tým, ako som písal túto tému.
# AdwCleaner v4.203 - Log vytvořen 08/06/2015 v 22:55:22
# Aktualizováno 30/04/2015 by Xplode
# Databáze : 2015-06-08.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x86)
# Uživatelské jméno : ab021 - AB021-PC
# Spuštěno z : C:\Users\ab021\Desktop\adwcleaner_4.203.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v38.0.1 (x86 sk)
-\\ Google Chrome v43.0.2357.81
*************************
AdwCleaner[R0].txt - [801 bytů] - [08/06/2015 22:54:10]
AdwCleaner[S0].txt - [727 bytů] - [08/06/2015 22:55:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [784 bytů] ##########
# AdwCleaner v4.203 - Log vytvořen 08/06/2015 v 22:55:22
# Aktualizováno 30/04/2015 by Xplode
# Databáze : 2015-06-08.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x86)
# Uživatelské jméno : ab021 - AB021-PC
# Spuštěno z : C:\Users\ab021\Desktop\adwcleaner_4.203.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v38.0.1 (x86 sk)
-\\ Google Chrome v43.0.2357.81
*************************
AdwCleaner[R0].txt - [801 bytů] - [08/06/2015 22:54:10]
AdwCleaner[S0].txt - [727 bytů] - [08/06/2015 22:55:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [784 bytů] ##########
-
Rudy
- Site Admin
- Příspěvky: 119675
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: conduit
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Uložte do E:\ jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\ab021\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: conduit
Prikladám log:
Fix result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by ab021 at 2015-06-09 20:36:22 Run:1
Running from E:\
Loaded Profiles: ab021 (Available Profiles: ab021)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\ab021\AppData\Local\Temp
End
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"C:\Users\ab021\AppData\Local\Temp" folder move:
Could not move "C:\Users\ab021\AppData\Local\Temp" folder => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-09 20:38:04)<=
C:\Users\ab021\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:38:04 ====
Fix result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by ab021 at 2015-06-09 20:36:22 Run:1
Running from E:\
Loaded Profiles: ab021 (Available Profiles: ab021)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\ab021\AppData\Local\Temp
End
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"C:\Users\ab021\AppData\Local\Temp" folder move:
Could not move "C:\Users\ab021\AppData\Local\Temp" folder => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-09 20:38:04)<=
C:\Users\ab021\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:38:04 ====
-
Rudy
- Site Admin
- Příspěvky: 119675
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: conduit
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: conduit
Ďakujem za pomoc. Zatiaľ sa v registroch neobjavil conduit pri kontrole adw. Prajem pekný zvyšok večera.
-
Rudy
- Site Admin
- Příspěvky: 119675
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: conduit
Hezký den a nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?