prosim o kontrolu logu
Napsal: 03 led 2016 11:10
Dobrý deň,prosím Vás o kontrolu logu,problém je v Chrome mi začali vyskakovať reklamné okna,pri vyhladavani v google mi zobrazí divné linky.Skúšal som adw cleaner,Malwarebytes Anti-Malware ,niečo zmazali ,ale problémy ostavajú.Tu je log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by igor (administrator) on IGOR-PC (03-01-2016 10:55:17)
Running from C:\Users\igor\Desktop
Loaded Profiles: igor (Available Profiles: igor)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\igor\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [5318992 2015-12-18] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [5557584 2015-12-18] (Crawler Group, LLC)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKU\S-1-5-21-1499928865-1730153143-363537449-1000\...\Run: [CCleaner Monitoring] => C:\PROGRAM FILES\CCLEANER\CCLEANER64.EXE [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1499928865-1730153143-363537449-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1499928865-1730153143-363537449-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-1499928865-1730153143-363537449-1000\...\MountPoints2: {3568c6a7-83ba-11e4-a81b-806e6f6e6963} - F:\Run.exe
HKU\S-1-5-21-1499928865-1730153143-363537449-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
Startup: C:\Users\igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-10-09]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4E672A57-FBCF-40CE-A2E3-4D36BDE1DEE8}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
URLSearchHook: HKLM-x32 - SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
URLSearchHook: HKU\S-1-5-21-1499928865-1730153143-363537449-1000 - SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2015-12-18] (Crawler Group, LLC)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2015-12-18] (Crawler Group, LLC)
Toolbar: HKU\S-1-5-21-1499928865-1730153143-363537449-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1499928865-1730153143-363537449-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FireFox:
========
FF ProfilePath: C:\Users\igor\AppData\Roaming\Mozilla\Firefox\Profiles\v0z7i4cw.default
FF Homepage: about:home
hxxp://www.sme.sk/?ref=pager
hxxp://www.idnes.cz/
about:preferences
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: SHOUTcast Radio Toolbar - C:\Users\igor\AppData\Roaming\Mozilla\Firefox\Profiles\v0z7i4cw.default\Extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489} [2015-06-02] [not signed]
FF Extension: Adblock Plus - C:\Users\igor\AppData\Roaming\Mozilla\Firefox\Profiles\v0z7i4cw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-31]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-31]
CHR Extension: (Dokumenty Google) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-31]
CHR Extension: (Disk Google) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-31]
CHR Extension: (YouTube) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-02]
CHR Extension: (Google Search) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Tabuľky Google) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-31]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-31]
CHR Extension: (Adblock Plus) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpajgnfjncfkdkiabpcjbmkaeeplancl [2015-11-17]
CHR Extension: (Vyhledávání na Uložto.cz) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmkajlpofgoacniacbaappohkglliini [2014-12-16]
CHR Extension: (Peňaženka Google) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-17]
CHR Extension: (Gmail) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
Opera:
=======
OPR Extension: (Preložiť) - C:\Users\igor\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2015-11-17]
OPR Extension: (Adblock Plus) - C:\Users\igor\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-11-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-10-09] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-01-03] (Macrovision Europe Ltd.) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3844640 2015-11-22] (INCA Internet Co., Ltd.)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3267408 2015-12-18] (Crawler Group, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-12-14] ()
R1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30592 2012-05-10] (REALiX(tm))
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-03 10:55 - 2016-01-03 10:55 - 00016406 _____ C:\Users\igor\Desktop\FRST.txt
2016-01-03 10:55 - 2016-01-03 10:55 - 00000000 ____D C:\FRST
2016-01-03 10:52 - 2016-01-03 10:52 - 00112640 _____ (forum.viry.cz) C:\Users\igor\Desktop\FRSTLauncher.exe
2016-01-03 10:51 - 2016-01-03 10:51 - 02370560 _____ (Farbar) C:\Users\igor\Desktop\FRST64.exe
2016-01-03 10:45 - 2016-01-03 10:45 - 02370560 _____ (Farbar) C:\Users\igor\Downloads\FRST64 (1).exe
2016-01-03 10:44 - 2016-01-03 10:44 - 02370560 _____ (Farbar) C:\Users\igor\Downloads\FRST64.exe
2016-01-03 10:42 - 2016-01-03 10:42 - 02370560 _____ (Farbar) C:\Users\igor\Downloads\Nepotvrdené 201950.crdownload
2016-01-02 23:27 - 2016-01-02 23:30 - 00060676 _____ C:\Windows\ntbtlog.txt
2016-01-02 18:53 - 2016-01-02 20:49 - 00000000 ____D C:\Users\igor\AppData\LocalLow\Spyware Terminator
2016-01-02 18:53 - 2016-01-02 20:22 - 00000000 ____D C:\ProgramData\Spyware Terminator
2016-01-02 18:53 - 2016-01-02 18:53 - 00001038 _____ C:\Users\Public\Desktop\Spyware Terminator 2015.lnk
2016-01-02 18:53 - 2016-01-02 18:53 - 00000000 ____D C:\Users\igor\AppData\Roaming\Spyware Terminator
2016-01-02 18:53 - 2016-01-02 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2016-01-02 18:53 - 2016-01-02 18:53 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2016-01-02 18:52 - 2016-01-02 18:52 - 01115112 _____ (Crawler Group ) C:\Users\igor\Downloads\SpywareTerminatorSetup.exe
2016-01-02 18:43 - 2016-01-02 18:43 - 00000085 _____ C:\Windows\wininit.ini
2016-01-02 18:05 - 2016-01-02 18:05 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-02 18:03 - 2016-01-02 23:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-02 18:03 - 2016-01-02 18:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-02 18:03 - 2016-01-02 18:03 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-01-02 18:01 - 2016-01-02 18:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\igor\Downloads\spybot-2.4.exe
2016-01-02 17:55 - 2016-01-02 17:55 - 01599336 _____ (Malwarebytes) C:\Users\igor\Downloads\JRT (1).exe
2016-01-02 17:50 - 2016-01-02 17:51 - 01599336 _____ (Malwarebytes) C:\Users\igor\Downloads\JRT.exe
2015-12-31 18:39 - 2015-12-31 18:39 - 02870984 _____ (ESET) C:\Users\igor\Downloads\esetsmartinstaller_sky.exe
2015-12-31 18:39 - 2015-12-31 18:39 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-31 10:27 - 2015-12-31 10:27 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-31 10:27 - 2015-12-31 10:27 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-31 10:27 - 2015-12-31 10:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-31 10:27 - 2015-12-31 10:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-31 10:26 - 2015-12-31 10:26 - 00248704 _____ C:\Users\igor\Downloads\Firefox Setup Stub 43.0.3.exe
2015-12-31 10:04 - 2015-12-31 10:04 - 00047278 _____ C:\Users\igor\Documents\cc_20151231_100404.reg
2015-12-30 18:52 - 2015-12-30 18:52 - 01745920 _____ C:\Users\igor\Desktop\adwcleaner_5.027.exe
2015-12-30 07:51 - 2016-01-03 09:25 - 00000290 __RSH C:\ProgramData\ntuser.pol
2015-12-29 08:45 - 2015-12-30 19:42 - 00000000 ___RD C:\Users\igor\Dropbox
2015-12-29 08:41 - 2016-01-02 23:27 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-29 08:41 - 2016-01-02 18:46 - 00000000 ____D C:\ProgramData\Dropbox
2015-12-29 08:41 - 2016-01-02 18:36 - 00000000 ____D C:\Users\igor\AppData\Local\Dropbox
2015-12-29 07:58 - 2015-12-29 07:58 - 00000000 ____D C:\Users\igor\AppData\Roaming\MAXON
2015-12-29 07:58 - 2015-12-29 07:58 - 00000000 ____D C:\Users\igor\AppData\Local\CrystalDiskMark5
2015-12-29 07:49 - 2015-12-29 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark5
2015-12-29 07:49 - 2015-12-29 07:49 - 00000000 ____D C:\Program Files\CrystalDiskMark5
2015-12-17 15:23 - 2015-12-17 15:23 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-12-13 08:17 - 2015-11-22 09:08 - 03844640 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2015-12-13 08:16 - 2004-12-30 13:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2015-12-13 08:16 - 2003-07-15 22:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2015-12-05 16:50 - 2015-12-31 14:22 - 00000000 ____D C:\Users\igor\Documents\gothic3
2015-12-05 16:49 - 2015-12-05 16:49 - 00001014 _____ C:\Users\Public\Desktop\Gothic III CP.lnk
2015-12-05 16:48 - 2015-12-05 16:48 - 00001894 _____ C:\Users\Public\Desktop\Gothic III.lnk
2015-12-05 16:44 - 2015-12-05 16:49 - 00000000 ____D C:\Program Files (x86)\Gothic III
2015-12-05 16:44 - 2015-12-05 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-03 10:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-03 09:45 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-03 09:45 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-03 09:27 - 2015-04-20 05:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-03 09:25 - 2015-07-31 18:47 - 00000000 ____D C:\Windows\CheckSur
2016-01-03 09:25 - 2014-12-14 19:16 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-03 09:25 - 2014-12-14 19:11 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-03 09:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-03 07:41 - 2009-07-14 06:13 - 00791318 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-03 07:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-02 23:40 - 2014-12-28 18:56 - 00000000 ____D C:\AdwCleaner
2016-01-02 18:36 - 2014-12-14 20:07 - 00000000 ____D C:\Users\igor\AppData\Roaming\Dropbox
2016-01-02 17:52 - 2015-07-09 12:20 - 00000000 ____D C:\Users\igor\AppData\Roaming\IObit
2016-01-02 17:52 - 2015-07-09 12:20 - 00000000 ____D C:\ProgramData\IObit
2016-01-02 17:52 - 2015-07-09 12:20 - 00000000 ____D C:\Program Files (x86)\IObit
2015-12-31 10:05 - 2014-12-14 19:16 - 00000000 ____D C:\Users\igor\AppData\Local\Google
2015-12-31 10:03 - 2014-12-14 20:17 - 00000000 ____D C:\Users\igor\AppData\Roaming\uTorrent
2015-12-31 08:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SchCache
2015-12-30 19:57 - 2015-05-11 16:38 - 00000000 ____D C:\Users\igor\AppData\Local\CrashDumps
2015-12-30 19:57 - 2014-12-31 07:42 - 00000000 ____D C:\Windows\Minidump
2015-12-30 19:43 - 2015-01-04 10:45 - 00000000 ____D C:\Users\igor\Desktop\moje_obrazky
2015-12-30 18:40 - 2011-04-12 14:40 - 00000000 ____D C:\Windows\ShellNew
2015-12-30 18:40 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-12-29 08:45 - 2014-12-14 19:04 - 00000000 ____D C:\Users\igor
2015-12-29 07:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-12-23 20:33 - 2014-12-14 19:17 - 00775120 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-21 14:41 - 2015-01-19 19:07 - 00000000 ____D C:\Users\igor\Documents\My Digital Editions
2015-12-19 15:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-12-19 15:14 - 2014-12-14 19:16 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-17 15:21 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-12-17 15:21 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-12-13 08:13 - 2015-04-25 09:58 - 00000000 ____D C:\Users\igor\Downloads\Gameforge Live
2015-12-10 14:09 - 2015-05-02 16:40 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1430581246
2015-12-10 14:09 - 2015-05-02 16:40 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-10 14:03 - 2009-07-14 06:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-05 16:50 - 2015-02-15 15:43 - 00000000 ____D C:\Users\igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-12-05 16:44 - 2014-12-14 19:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-05 07:53 - 2014-12-14 19:16 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 07:53 - 2014-12-14 19:16 - 00003680 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-05 07:53 - 2014-12-14 19:16 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
==================== Files in the root of some directories =======
2015-04-20 06:40 - 2015-11-01 10:37 - 0000414 _____ () C:\Users\igor\AppData\Roaming\Weather Meter_Settings.ini
2015-07-07 17:38 - 2015-07-07 17:38 - 0000000 ____H () C:\Users\igor\AppData\Local\BIT8036.tmp
2015-06-11 18:38 - 2015-06-11 18:38 - 0000000 ____H () C:\Users\igor\AppData\Local\BITDEEE.tmp
2015-07-27 18:44 - 2015-07-27 18:44 - 0007602 _____ () C:\Users\igor\AppData\Local\Resmon.ResmonCfg
2015-07-06 16:48 - 2015-07-06 16:52 - 0000000 _____ () C:\Users\igor\AppData\Local\{5764C6DE-4FC1-42DC-A5E5-EFB908C9C9E7}
2015-07-07 17:35 - 2015-07-07 17:35 - 0000000 _____ () C:\Users\igor\AppData\Local\{890B988E-DB5E-40B9-96DD-C83FB534595A}
2015-04-16 16:49 - 2015-04-16 16:53 - 0000000 _____ () C:\Users\igor\AppData\Local\{B040F6E6-E78E-4097-B7DC-FA0CCFEA1E71}
2015-06-11 18:32 - 2015-06-11 18:36 - 0000000 _____ () C:\Users\igor\AppData\Local\{DEA1ED9F-C36C-4577-BC51-528680507CBD}
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-30 14:29
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:97.43 GB) (Free:22.46 GB) NTFS
Drive d: (Disk) (Fixed) (Total:416.93 GB) (Free:218.66 GB) NTFS
Drive e: (Disk) (Fixed) (Total:416.93 GB) (Free:403.31 GB) NTFS
Available physical RAM: 2900.33 MB
Total physical RAM: 8134.7 MB
Percentage of memory in use: 64%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\igor\Desktop" je 8 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE
C:\Users\igor\PowerISO\PWRISOVM.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Users\igor\AppData\Local\Temp\utt818D.tmp.exe" /MINIMIZED [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
"C:\Program Files (x86)\Winamp\winampa.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^igor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\igor\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^igor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game of Thrones S05E02 HDTV x264-Xclusive [eztv].lnk
C:\ProgramData\{c3f8443c-1e97-417e-c3f8-8443c1e910f0}\Game of Thrones S05E02 HDTV x264-Xclusive [eztv].exe --startup=1 [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by igor (administrator) on IGOR-PC (03-01-2016 10:55:17)
Running from C:\Users\igor\Desktop
Loaded Profiles: igor (Available Profiles: igor)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\igor\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [5318992 2015-12-18] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [5557584 2015-12-18] (Crawler Group, LLC)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKU\S-1-5-21-1499928865-1730153143-363537449-1000\...\Run: [CCleaner Monitoring] => C:\PROGRAM FILES\CCLEANER\CCLEANER64.EXE [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1499928865-1730153143-363537449-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1499928865-1730153143-363537449-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-1499928865-1730153143-363537449-1000\...\MountPoints2: {3568c6a7-83ba-11e4-a81b-806e6f6e6963} - F:\Run.exe
HKU\S-1-5-21-1499928865-1730153143-363537449-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
Startup: C:\Users\igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-10-09]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4E672A57-FBCF-40CE-A2E3-4D36BDE1DEE8}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
URLSearchHook: HKLM-x32 - SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
URLSearchHook: HKU\S-1-5-21-1499928865-1730153143-363537449-1000 - SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files (x86)\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2015-12-18] (Crawler Group, LLC)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2015-12-18] (Crawler Group, LLC)
Toolbar: HKU\S-1-5-21-1499928865-1730153143-363537449-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1499928865-1730153143-363537449-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FireFox:
========
FF ProfilePath: C:\Users\igor\AppData\Roaming\Mozilla\Firefox\Profiles\v0z7i4cw.default
FF Homepage: about:home
hxxp://www.sme.sk/?ref=pager
hxxp://www.idnes.cz/
about:preferences
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: SHOUTcast Radio Toolbar - C:\Users\igor\AppData\Roaming\Mozilla\Firefox\Profiles\v0z7i4cw.default\Extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489} [2015-06-02] [not signed]
FF Extension: Adblock Plus - C:\Users\igor\AppData\Roaming\Mozilla\Firefox\Profiles\v0z7i4cw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-31]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-31]
CHR Extension: (Dokumenty Google) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-31]
CHR Extension: (Disk Google) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-31]
CHR Extension: (YouTube) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-02]
CHR Extension: (Google Search) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Tabuľky Google) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-31]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-31]
CHR Extension: (Adblock Plus) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpajgnfjncfkdkiabpcjbmkaeeplancl [2015-11-17]
CHR Extension: (Vyhledávání na Uložto.cz) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmkajlpofgoacniacbaappohkglliini [2014-12-16]
CHR Extension: (Peňaženka Google) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-17]
CHR Extension: (Gmail) - C:\Users\igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
Opera:
=======
OPR Extension: (Preložiť) - C:\Users\igor\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibnombjmjocaccigcefonnipcnlaeaed [2015-11-17]
OPR Extension: (Adblock Plus) - C:\Users\igor\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-11-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-10-09] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-01-03] (Macrovision Europe Ltd.) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3844640 2015-11-22] (INCA Internet Co., Ltd.)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3267408 2015-12-18] (Crawler Group, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-12-14] ()
R1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30592 2012-05-10] (REALiX(tm))
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-03 10:55 - 2016-01-03 10:55 - 00016406 _____ C:\Users\igor\Desktop\FRST.txt
2016-01-03 10:55 - 2016-01-03 10:55 - 00000000 ____D C:\FRST
2016-01-03 10:52 - 2016-01-03 10:52 - 00112640 _____ (forum.viry.cz) C:\Users\igor\Desktop\FRSTLauncher.exe
2016-01-03 10:51 - 2016-01-03 10:51 - 02370560 _____ (Farbar) C:\Users\igor\Desktop\FRST64.exe
2016-01-03 10:45 - 2016-01-03 10:45 - 02370560 _____ (Farbar) C:\Users\igor\Downloads\FRST64 (1).exe
2016-01-03 10:44 - 2016-01-03 10:44 - 02370560 _____ (Farbar) C:\Users\igor\Downloads\FRST64.exe
2016-01-03 10:42 - 2016-01-03 10:42 - 02370560 _____ (Farbar) C:\Users\igor\Downloads\Nepotvrdené 201950.crdownload
2016-01-02 23:27 - 2016-01-02 23:30 - 00060676 _____ C:\Windows\ntbtlog.txt
2016-01-02 18:53 - 2016-01-02 20:49 - 00000000 ____D C:\Users\igor\AppData\LocalLow\Spyware Terminator
2016-01-02 18:53 - 2016-01-02 20:22 - 00000000 ____D C:\ProgramData\Spyware Terminator
2016-01-02 18:53 - 2016-01-02 18:53 - 00001038 _____ C:\Users\Public\Desktop\Spyware Terminator 2015.lnk
2016-01-02 18:53 - 2016-01-02 18:53 - 00000000 ____D C:\Users\igor\AppData\Roaming\Spyware Terminator
2016-01-02 18:53 - 2016-01-02 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2016-01-02 18:53 - 2016-01-02 18:53 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2016-01-02 18:52 - 2016-01-02 18:52 - 01115112 _____ (Crawler Group ) C:\Users\igor\Downloads\SpywareTerminatorSetup.exe
2016-01-02 18:43 - 2016-01-02 18:43 - 00000085 _____ C:\Windows\wininit.ini
2016-01-02 18:05 - 2016-01-02 18:05 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-02 18:03 - 2016-01-02 23:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-02 18:03 - 2016-01-02 18:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-02 18:03 - 2016-01-02 18:03 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-01-02 18:01 - 2016-01-02 18:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\igor\Downloads\spybot-2.4.exe
2016-01-02 17:55 - 2016-01-02 17:55 - 01599336 _____ (Malwarebytes) C:\Users\igor\Downloads\JRT (1).exe
2016-01-02 17:50 - 2016-01-02 17:51 - 01599336 _____ (Malwarebytes) C:\Users\igor\Downloads\JRT.exe
2015-12-31 18:39 - 2015-12-31 18:39 - 02870984 _____ (ESET) C:\Users\igor\Downloads\esetsmartinstaller_sky.exe
2015-12-31 18:39 - 2015-12-31 18:39 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-31 10:27 - 2015-12-31 10:27 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-31 10:27 - 2015-12-31 10:27 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-31 10:27 - 2015-12-31 10:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-31 10:27 - 2015-12-31 10:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-31 10:26 - 2015-12-31 10:26 - 00248704 _____ C:\Users\igor\Downloads\Firefox Setup Stub 43.0.3.exe
2015-12-31 10:04 - 2015-12-31 10:04 - 00047278 _____ C:\Users\igor\Documents\cc_20151231_100404.reg
2015-12-30 18:52 - 2015-12-30 18:52 - 01745920 _____ C:\Users\igor\Desktop\adwcleaner_5.027.exe
2015-12-30 07:51 - 2016-01-03 09:25 - 00000290 __RSH C:\ProgramData\ntuser.pol
2015-12-29 08:45 - 2015-12-30 19:42 - 00000000 ___RD C:\Users\igor\Dropbox
2015-12-29 08:41 - 2016-01-02 23:27 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-29 08:41 - 2016-01-02 18:46 - 00000000 ____D C:\ProgramData\Dropbox
2015-12-29 08:41 - 2016-01-02 18:36 - 00000000 ____D C:\Users\igor\AppData\Local\Dropbox
2015-12-29 07:58 - 2015-12-29 07:58 - 00000000 ____D C:\Users\igor\AppData\Roaming\MAXON
2015-12-29 07:58 - 2015-12-29 07:58 - 00000000 ____D C:\Users\igor\AppData\Local\CrystalDiskMark5
2015-12-29 07:49 - 2015-12-29 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark5
2015-12-29 07:49 - 2015-12-29 07:49 - 00000000 ____D C:\Program Files\CrystalDiskMark5
2015-12-17 15:23 - 2015-12-17 15:23 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-12-13 08:17 - 2015-11-22 09:08 - 03844640 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2015-12-13 08:16 - 2004-12-30 13:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2015-12-13 08:16 - 2003-07-15 22:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2015-12-05 16:50 - 2015-12-31 14:22 - 00000000 ____D C:\Users\igor\Documents\gothic3
2015-12-05 16:49 - 2015-12-05 16:49 - 00001014 _____ C:\Users\Public\Desktop\Gothic III CP.lnk
2015-12-05 16:48 - 2015-12-05 16:48 - 00001894 _____ C:\Users\Public\Desktop\Gothic III.lnk
2015-12-05 16:44 - 2015-12-05 16:49 - 00000000 ____D C:\Program Files (x86)\Gothic III
2015-12-05 16:44 - 2015-12-05 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-03 10:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-03 09:45 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-03 09:45 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-03 09:27 - 2015-04-20 05:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-03 09:25 - 2015-07-31 18:47 - 00000000 ____D C:\Windows\CheckSur
2016-01-03 09:25 - 2014-12-14 19:16 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-03 09:25 - 2014-12-14 19:11 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-03 09:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-03 07:41 - 2009-07-14 06:13 - 00791318 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-03 07:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-02 23:40 - 2014-12-28 18:56 - 00000000 ____D C:\AdwCleaner
2016-01-02 18:36 - 2014-12-14 20:07 - 00000000 ____D C:\Users\igor\AppData\Roaming\Dropbox
2016-01-02 17:52 - 2015-07-09 12:20 - 00000000 ____D C:\Users\igor\AppData\Roaming\IObit
2016-01-02 17:52 - 2015-07-09 12:20 - 00000000 ____D C:\ProgramData\IObit
2016-01-02 17:52 - 2015-07-09 12:20 - 00000000 ____D C:\Program Files (x86)\IObit
2015-12-31 10:05 - 2014-12-14 19:16 - 00000000 ____D C:\Users\igor\AppData\Local\Google
2015-12-31 10:03 - 2014-12-14 20:17 - 00000000 ____D C:\Users\igor\AppData\Roaming\uTorrent
2015-12-31 08:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SchCache
2015-12-30 19:57 - 2015-05-11 16:38 - 00000000 ____D C:\Users\igor\AppData\Local\CrashDumps
2015-12-30 19:57 - 2014-12-31 07:42 - 00000000 ____D C:\Windows\Minidump
2015-12-30 19:43 - 2015-01-04 10:45 - 00000000 ____D C:\Users\igor\Desktop\moje_obrazky
2015-12-30 18:40 - 2011-04-12 14:40 - 00000000 ____D C:\Windows\ShellNew
2015-12-30 18:40 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-12-29 08:45 - 2014-12-14 19:04 - 00000000 ____D C:\Users\igor
2015-12-29 07:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-12-23 20:33 - 2014-12-14 19:17 - 00775120 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-21 14:41 - 2015-01-19 19:07 - 00000000 ____D C:\Users\igor\Documents\My Digital Editions
2015-12-19 15:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-12-19 15:14 - 2014-12-14 19:16 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-17 15:21 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-12-17 15:21 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-12-13 08:13 - 2015-04-25 09:58 - 00000000 ____D C:\Users\igor\Downloads\Gameforge Live
2015-12-10 14:09 - 2015-05-02 16:40 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1430581246
2015-12-10 14:09 - 2015-05-02 16:40 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-10 14:03 - 2009-07-14 06:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-05 16:50 - 2015-02-15 15:43 - 00000000 ____D C:\Users\igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-12-05 16:44 - 2014-12-14 19:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-05 07:53 - 2014-12-14 19:16 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 07:53 - 2014-12-14 19:16 - 00003680 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-05 07:53 - 2014-12-14 19:16 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
==================== Files in the root of some directories =======
2015-04-20 06:40 - 2015-11-01 10:37 - 0000414 _____ () C:\Users\igor\AppData\Roaming\Weather Meter_Settings.ini
2015-07-07 17:38 - 2015-07-07 17:38 - 0000000 ____H () C:\Users\igor\AppData\Local\BIT8036.tmp
2015-06-11 18:38 - 2015-06-11 18:38 - 0000000 ____H () C:\Users\igor\AppData\Local\BITDEEE.tmp
2015-07-27 18:44 - 2015-07-27 18:44 - 0007602 _____ () C:\Users\igor\AppData\Local\Resmon.ResmonCfg
2015-07-06 16:48 - 2015-07-06 16:52 - 0000000 _____ () C:\Users\igor\AppData\Local\{5764C6DE-4FC1-42DC-A5E5-EFB908C9C9E7}
2015-07-07 17:35 - 2015-07-07 17:35 - 0000000 _____ () C:\Users\igor\AppData\Local\{890B988E-DB5E-40B9-96DD-C83FB534595A}
2015-04-16 16:49 - 2015-04-16 16:53 - 0000000 _____ () C:\Users\igor\AppData\Local\{B040F6E6-E78E-4097-B7DC-FA0CCFEA1E71}
2015-06-11 18:32 - 2015-06-11 18:36 - 0000000 _____ () C:\Users\igor\AppData\Local\{DEA1ED9F-C36C-4577-BC51-528680507CBD}
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-30 14:29
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:97.43 GB) (Free:22.46 GB) NTFS
Drive d: (Disk) (Fixed) (Total:416.93 GB) (Free:218.66 GB) NTFS
Drive e: (Disk) (Fixed) (Total:416.93 GB) (Free:403.31 GB) NTFS
Available physical RAM: 2900.33 MB
Total physical RAM: 8134.7 MB
Percentage of memory in use: 64%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\igor\Desktop" je 8 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox
"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE
C:\Users\igor\PowerISO\PWRISOVM.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Users\igor\AppData\Local\Temp\utt818D.tmp.exe" /MINIMIZED [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
"C:\Program Files (x86)\Winamp\winampa.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^igor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\igor\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^igor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game of Thrones S05E02 HDTV x264-Xclusive [eztv].lnk
C:\ProgramData\{c3f8443c-1e97-417e-c3f8-8443c1e910f0}\Game of Thrones S05E02 HDTV x264-Xclusive [eztv].exe --startup=1 [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================