Dobrý den, facebook začal z mého profilu rozesílat spam (porno) do skupin. Prosím o zkontrolování a předem děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by user (administrator) on USER-PC (13-04-2016 18:22:18)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Realtek) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe
(Realtek) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtWLan.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [Cm108Sound] => "C:\WINDOWS\syswow64\RunDll32.exe" C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-05] (Glarysoft Ltd)
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-05] (Spotify Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{715d44d6-c999-41eb-b9be-df28e9eadef0}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{ef8ecec9-cbc0-4c16-b28f-8d22b84c476f}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1eyohW3yv0n
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-08] (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-08] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-03-08] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-03] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-03] (Pando Networks)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-27] ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml [2011-12-21]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (TrackMania Online) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbfcgenalmboiphnkbaebjofimjdecp [2013-10-29]
CHR Extension: (Webcam Toy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 Realtek8709; C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
R2 RtlService; C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [245016 2015-12-15] (SlimWare Utilities, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [307456 2012-02-24] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R1 EIO64; C:\Windows\System32\drivers\EIO64.sys [16384 2012-01-02] (ASUSTeK Computer Inc.)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-22] (Glarysoft Ltd)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 RtlWlanu; C:\Windows\System32\drivers\wna3100m.sys [1576080 2012-10-04] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-09-15 19:37 - 2120-09-15 19:37 - 00143872 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iacenc.dll
2099-09-15 19:37 - 2120-09-15 19:37 - 00056832 _____ C:\WINDOWS\SysWOW64\iyvu9_32.dll
2016-04-13 18:22 - 2016-04-13 18:23 - 00015261 _____ C:\Users\user\Desktop\FRST.txt
2016-04-13 18:21 - 2016-04-13 18:22 - 00000000 ____D C:\FRST
2016-04-13 18:20 - 2016-04-13 18:21 - 00112640 _____ (forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
2016-04-13 18:18 - 2016-04-13 18:18 - 02375168 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-04-13 18:05 - 2016-04-13 18:05 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer.exe
2016-04-10 19:36 - 2016-04-10 19:36 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-10 16:54 - 2016-04-10 16:54 - 00031123 _____ C:\Users\user\Downloads\The Big Bang Theory - 01x01 - Pilot.WEB-DL.PhoenixRG.English.C.updated.Addic7ed.com.srt
2016-04-10 16:53 - 2016-04-10 16:53 - 00014425 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s01e01.hdtv.xvid.xor.torrent
2016-04-10 14:42 - 2016-04-10 15:04 - 364326912 _____ C:\Users\user\Downloads\Simpsonovi-S05E04-Medvídek.XviD.AC3.CZ.avi.crdownload
2016-04-10 12:48 - 2016-04-10 12:51 - 00253434 _____ C:\TDSSKiller.3.0.0.16_10.04.2016_12.48.19_log.txt
2016-04-10 12:48 - 2016-04-10 12:49 - 02156640 _____ C:\Users\user\Downloads\tdsskiller.zip.uq2yx17.partial
2016-04-10 12:41 - 2016-04-10 12:41 - 00004835 _____ C:\Users\user\Downloads\[kat.cr]kaspersky.tdsskiller.2.7.5.0.torrent
2016-04-10 12:37 - 2016-04-10 12:37 - 00007978 _____ C:\Users\user\Downloads\[kat.cr]malwarebytes.anti.malware.premium.2.2.0.1024.final.multilingual.incl.keygen.team.os.torrent
2016-04-08 19:44 - 2016-04-08 20:42 - 1044101894 _____ C:\Users\user\Downloads\Legendy.z.Dogtownu.2005.DVDRip.XviD.CZ-XtrM.avi.crdownload
2016-04-08 19:16 - 2016-04-08 19:17 - 00000000 ____D C:\Users\user\Desktop\The.Big.Bang.Theory.S09E20.HDTV.x264-LOL[rarbg]
2016-04-08 19:16 - 2016-04-08 19:16 - 00029683 _____ C:\Users\user\Downloads\The Big Bang Theory - 09x20 - The Big Bear Precipitation.DIMENSION.English.HI.C.orig.Addic7ed.com.srt
2016-04-08 19:16 - 2016-04-08 19:16 - 00009766 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s09e20.hdtv.x264.lol.rartv (1).torrent
2016-04-08 19:15 - 2016-04-08 19:15 - 00009766 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s09e20.hdtv.x264.lol.rartv.torrent
2016-04-01 14:43 - 2016-04-01 14:43 - 00000000 ____D C:\Users\user\Desktop\The.Big.Bang.Theory.S09E19.HDTV.x264-LOL[ettv]
2016-03-26 14:28 - 2016-04-09 20:39 - 00000000 ____D C:\Users\user\Desktop\WoW Cata
2016-03-26 00:13 - 2016-03-26 14:21 - 2451867803 ____N C:\Users\user\Desktop\WoW_Cata.zip
2016-03-26 00:12 - 2016-03-26 00:12 - 00146563 _____ C:\Users\user\Downloads\WoW_Cata.torrent
2016-03-26 00:09 - 2016-03-26 00:09 - 04747214 _____ C:\Users\user\Downloads\wow.exe.zip
2016-03-22 14:39 - 2016-03-22 14:39 - 00567255 _____ C:\Users\user\Downloads\Beduíni.pptx
2016-03-21 18:13 - 2016-03-21 18:20 - 00002960 ____N C:\Users\user\Desktop\x360ce.ini
2016-03-21 18:13 - 2016-03-21 18:13 - 00171176 ____N (hxxp://x360ce.googlecode.com) C:\Users\user\Desktop\xinput1_3.dll
2016-03-20 20:20 - 2016-03-21 18:01 - 00002964 _____ C:\Users\user\Documents\x360ce.ini
2016-03-20 20:20 - 2016-03-20 20:20 - 00171176 _____ (hxxp://x360ce.googlecode.com) C:\Users\user\Documents\xinput1_3.dll
2016-03-20 20:19 - 2016-03-20 20:19 - 01346760 ____N (TocaEdit) C:\Users\user\Desktop\Hacked Gamepad BY SARATH GAMER.exe
2016-03-20 20:17 - 2016-03-20 20:18 - 00517542 _____ C:\Users\user\Downloads\Hacked Gamepad BY Sarath@Gamer.rar
2016-03-15 15:45 - 2016-03-15 15:45 - 00000000 ____D C:\Users\user\AppData\Roaming\.mono
2016-03-15 15:45 - 2016-03-15 15:45 - 00000000 ____D C:\ProgramData\.mono
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-13 18:20 - 2010-01-29 12:24 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-13 16:18 - 2015-06-16 19:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 15:20 - 2010-01-29 12:24 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 14:27 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-13 14:27 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 14:27 - 2015-10-16 07:01 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-04-11 17:49 - 2013-11-11 20:24 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-10 21:36 - 2014-10-03 17:47 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2016-04-10 19:36 - 2015-06-16 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-10 19:36 - 2015-06-16 19:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-10 17:30 - 2013-10-05 14:52 - 00000000 ____D C:\Users\user\Desktop\PROGRAMY
2016-04-10 17:19 - 2016-02-07 17:33 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2016-04-10 17:08 - 2014-07-07 17:59 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-04-10 17:00 - 2015-10-25 14:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2016-04-10 16:52 - 2013-10-05 18:01 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-04-10 15:15 - 2014-10-03 17:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-10 14:13 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-10 13:54 - 2016-01-11 22:18 - 02048234 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-10 13:54 - 2015-10-30 20:31 - 00846796 _____ C:\WINDOWS\system32\perfh005.dat
2016-04-10 13:54 - 2015-10-30 20:31 - 00193746 _____ C:\WINDOWS\system32\perfc005.dat
2016-04-10 13:49 - 2016-01-11 22:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-10 13:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\TAPI
2016-04-10 13:48 - 2015-10-30 08:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-10 13:46 - 2011-12-25 01:37 - 00000000 ____D C:\Program Files (x86)\Conduit
2016-04-10 13:46 - 2011-07-01 18:06 - 00000000 ____D C:\ProgramData\ICQ
2016-04-08 17:05 - 2015-05-30 12:31 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2016-04-08 17:04 - 2014-12-22 22:00 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-04-07 18:11 - 2014-10-05 20:12 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-04-07 18:11 - 2013-10-02 16:15 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard Entertainment
2016-04-07 17:58 - 2015-12-25 19:38 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-04-04 21:29 - 2013-10-12 18:49 - 00000000 ____D C:\Users\user\Documents\Škola
2016-03-31 22:06 - 2015-04-19 20:52 - 00000000 ____D C:\Users\user\Documents\Heroes of the Storm
2016-03-26 22:09 - 2012-03-05 18:57 - 00000000 ____D C:\Users\user\AppData\Roaming\.minecraft
2016-03-26 20:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-26 00:16 - 2013-04-19 20:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-03-26 00:11 - 2016-01-16 12:26 - 00000000 ____D C:\Users\user\Desktop\World of Warcraft
2016-03-24 14:09 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-24 13:12 - 2016-01-11 20:04 - 00000000 ____D C:\Users\user\Documents\GTA San Andreas User Files
2016-03-23 23:42 - 2014-06-30 17:47 - 00000000 ____D C:\Users\user\Documents\Euro Truck Simulator 2
2016-03-22 20:15 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-22 13:35 - 2015-10-30 09:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-03-20 21:51 - 2015-05-29 22:38 - 00000866 ____N C:\Users\user\Desktop\CCleaner.lnk
2016-03-20 20:52 - 2012-06-18 15:33 - 00000000 ____D C:\Program Files (x86)\Mount&Blade
2016-03-15 15:36 - 2015-01-11 19:13 - 00000000 ____D C:\Program Files (x86)\Hearthstone
==================== Files in the root of some directories =======
2013-06-19 19:43 - 2013-06-19 19:43 - 2280581 _____ () C:\Program Files (x86)\steven 2.age3sav
2013-05-26 18:28 - 2013-09-17 15:10 - 3249855 _____ () C:\Program Files (x86)\steven.age3sav
2013-06-21 21:21 - 2013-06-23 14:07 - 1421905 _____ () C:\Program Files (x86)\steven3.age3sav
2014-12-22 22:20 - 2014-12-22 22:42 - 0099384 _____ () C:\Users\user\AppData\Roaming\inst.exe
2014-12-22 22:20 - 2014-12-22 22:42 - 0007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
2014-12-22 22:20 - 2014-12-22 22:42 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
2014-12-22 22:20 - 2014-12-22 22:42 - 0000055 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
2014-12-22 22:20 - 2014-12-22 22:42 - 0082816 _____ (VSO Software) C:\Users\user\AppData\Roaming\pcouffin.sys
2012-01-31 21:58 - 2013-09-24 22:52 - 0001057 _____ () C:\Users\user\AppData\Roaming\vso_ts_preview.xml
2011-10-06 23:01 - 2013-10-28 18:39 - 0008192 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-09 22:19 - 2012-05-09 22:19 - 0007612 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2009-11-12 16:16 - 2009-11-12 16:16 - 0000008 __RSH () C:\ProgramData\51A8C86491.sys
2016-01-12 21:32 - 2016-01-12 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2009-09-02 20:32 - 2010-01-05 18:26 - 0001986 _____ () C:\ProgramData\hpzinstall.log
2009-11-12 16:16 - 2009-11-12 16:17 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - user).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{EF925198-493B-4701-9840-0A3CD96FDF8D}.job => C:\Windows\system32\msfeedssync.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\user\Desktop" je 19599 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup
"C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu - fb spam
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu - fb spam
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu - fb spam
Díky za rychlou reakci.
# AdwCleaner v5.110 - Log soubor vytvořen 13/04/2016 o 18:47:41
# Aktualizováno 10/04/2016 by Xplode
# Databáze : 2016-04-11.4 [Server]
# Operační systém : Windows 10 Home (X64)
# Jméno uživatele : user - USER-PC
# Spuštěno z : C:\Users\user\Desktop\adwcleaner_5.110.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazáno : C:\Program Files\slimcleaner plus
[-] Složka smazáno : C:\Program Files\slimservice
[-] Složka smazáno : C:\Program Files (x86)\Application Updater
[-] Složka smazáno : C:\Program Files (x86)\Conduit
[-] Složka smazáno : C:\Program Files (x86)\DriverToolkit
[-] Složka smazáno : C:\Program Files (x86)\iMesh Applications
[-] Složka smazáno : C:\Program Files (x86)\Innovative Solutions
[-] Složka smazáno : C:\ProgramData\Ask
[-] Složka smazáno : C:\ProgramData\slimware utilities inc
[-] Složka smazáno : C:\ProgramData\SlimWare Utilities, Inc
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
[-] Složka smazáno : C:\Users\Public\Documents\Downloaded Installers
[#] Složka smazáno : C:\Users\Public\Documents\Downloaded Installers\{76F909AC-80EB-47F4-AE1C-299741F83F76}
[-] Složka smazáno : C:\users\user\AppData\Local\DriverToolkit
[-] Složka smazáno : C:\users\user\AppData\Local\Innovative Solutions
[-] Složka smazáno : C:\users\user\AppData\Local\Downloaded Installers
[-] Složka smazáno : C:\users\user\AppData\Roaming\Innovative Solutions
[-] Složka smazáno : C:\WINDOWS\Installer\{76F909AC-80EB-47F4-AE1C-299741F83F76}
[-] Složka smazáno : C:\WINDOWS\SysWOW64\C2MP
***** [ Soubory ] *****
***** [ DLLs ] *****
***** [ Zástupci ] *****
***** [ Naplánované úkoly ] *****
***** [ Registr ] *****
[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Klávesa smazáno : HKCU\Software\APN PIP
[-] Klávesa smazáno : HKCU\Software\Conduit
[-] Klávesa smazáno : HKCU\Software\DriverToolkit
[-] Klávesa smazáno : HKCU\Software\IM
[-] Klávesa smazáno : HKCU\Software\ImInstaller
[-] Klávesa smazáno : HKCU\Software\SlimWare Utilities Inc
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Conduit
[-] Klávesa smazáno : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Klávesa smazáno : HKLM\SOFTWARE\Conduit
[-] Klávesa smazáno : HKLM\SOFTWARE\ImInstaller
[-] Klávesa smazáno : HKLM\SOFTWARE\PIP
[-] Klávesa smazáno : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76F909AC-80EB-47F4-AE1C-299741F83F76}
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
***** [ Webové prohlížeče ] *****
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] smazáno : search.yahoo.com
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] smazáno : yahoo.com search
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : icdlfehblmklkikfigmjhbmmpmkmpooj
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : pfndaklgolladniicklehhancnlgocpp
*************************
:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [4657 bytes] - [13/04/2016 18:47:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [5354 bytes] - [13/04/2016 18:44:45]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4803 bytes] ##########
# AdwCleaner v5.110 - Log soubor vytvořen 13/04/2016 o 18:47:41
# Aktualizováno 10/04/2016 by Xplode
# Databáze : 2016-04-11.4 [Server]
# Operační systém : Windows 10 Home (X64)
# Jméno uživatele : user - USER-PC
# Spuštěno z : C:\Users\user\Desktop\adwcleaner_5.110.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazáno : C:\Program Files\slimcleaner plus
[-] Složka smazáno : C:\Program Files\slimservice
[-] Složka smazáno : C:\Program Files (x86)\Application Updater
[-] Složka smazáno : C:\Program Files (x86)\Conduit
[-] Složka smazáno : C:\Program Files (x86)\DriverToolkit
[-] Složka smazáno : C:\Program Files (x86)\iMesh Applications
[-] Složka smazáno : C:\Program Files (x86)\Innovative Solutions
[-] Složka smazáno : C:\ProgramData\Ask
[-] Složka smazáno : C:\ProgramData\slimware utilities inc
[-] Složka smazáno : C:\ProgramData\SlimWare Utilities, Inc
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
[-] Složka smazáno : C:\Users\Public\Documents\Downloaded Installers
[#] Složka smazáno : C:\Users\Public\Documents\Downloaded Installers\{76F909AC-80EB-47F4-AE1C-299741F83F76}
[-] Složka smazáno : C:\users\user\AppData\Local\DriverToolkit
[-] Složka smazáno : C:\users\user\AppData\Local\Innovative Solutions
[-] Složka smazáno : C:\users\user\AppData\Local\Downloaded Installers
[-] Složka smazáno : C:\users\user\AppData\Roaming\Innovative Solutions
[-] Složka smazáno : C:\WINDOWS\Installer\{76F909AC-80EB-47F4-AE1C-299741F83F76}
[-] Složka smazáno : C:\WINDOWS\SysWOW64\C2MP
***** [ Soubory ] *****
***** [ DLLs ] *****
***** [ Zástupci ] *****
***** [ Naplánované úkoly ] *****
***** [ Registr ] *****
[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Klávesa smazáno : HKCU\Software\APN PIP
[-] Klávesa smazáno : HKCU\Software\Conduit
[-] Klávesa smazáno : HKCU\Software\DriverToolkit
[-] Klávesa smazáno : HKCU\Software\IM
[-] Klávesa smazáno : HKCU\Software\ImInstaller
[-] Klávesa smazáno : HKCU\Software\SlimWare Utilities Inc
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Conduit
[-] Klávesa smazáno : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Klávesa smazáno : HKLM\SOFTWARE\Conduit
[-] Klávesa smazáno : HKLM\SOFTWARE\ImInstaller
[-] Klávesa smazáno : HKLM\SOFTWARE\PIP
[-] Klávesa smazáno : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76F909AC-80EB-47F4-AE1C-299741F83F76}
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
***** [ Webové prohlížeče ] *****
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] smazáno : search.yahoo.com
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] smazáno : yahoo.com search
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : icdlfehblmklkikfigmjhbmmpmkmpooj
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : pfndaklgolladniicklehhancnlgocpp
*************************
:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [4657 bytes] - [13/04/2016 18:47:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [5354 bytes] - [13/04/2016 18:44:45]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4803 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu - fb spam
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu - fb spam
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by user (administrator) on USER-PC (13-04-2016 19:45:12)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe
(Realtek) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtWLan.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
Failed to access process -> nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.35-delta.exe
(forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [Cm108Sound] => "C:\WINDOWS\syswow64\RunDll32.exe" C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-05] (Glarysoft Ltd)
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-05] (Spotify Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{715d44d6-c999-41eb-b9be-df28e9eadef0}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{ef8ecec9-cbc0-4c16-b28f-8d22b84c476f}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-08] (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-08] (Sun Microsystems, Inc.)
DPF: HKLM {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-03-08] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-03] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-03] (Pando Networks)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-27] ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml [2011-12-21]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (TrackMania Online) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbfcgenalmboiphnkbaebjofimjdecp [2013-10-29]
CHR Extension: (Webcam Toy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 Realtek8709; C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
R2 RtlService; C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [307456 2012-02-24] ()
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R1 EIO64; C:\Windows\System32\drivers\EIO64.sys [16384 2012-01-02] (ASUSTeK Computer Inc.)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-22] (Glarysoft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 RtlWlanu; C:\Windows\System32\drivers\wna3100m.sys [1576080 2012-10-04] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-09-15 19:37 - 2120-09-15 19:37 - 00143872 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iacenc.dll
2099-09-15 19:37 - 2120-09-15 19:37 - 00056832 _____ C:\WINDOWS\SysWOW64\iyvu9_32.dll
2016-04-13 18:44 - 2016-04-13 18:47 - 00000000 ____D C:\AdwCleaner
2016-04-13 18:43 - 2016-04-13 18:44 - 03465280 _____ C:\Users\user\Desktop\adwcleaner_5.110.exe
2016-04-13 18:22 - 2016-04-13 19:46 - 00016029 _____ C:\Users\user\Desktop\FRST.txt
2016-04-13 18:21 - 2016-04-13 19:45 - 00000000 ____D C:\FRST
2016-04-13 18:20 - 2016-04-13 18:21 - 00112640 _____ (forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
2016-04-13 18:18 - 2016-04-13 18:18 - 02375168 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-04-13 18:05 - 2016-04-13 18:05 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer.exe
2016-04-10 19:36 - 2016-04-10 19:36 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-10 16:54 - 2016-04-10 16:54 - 00031123 _____ C:\Users\user\Downloads\The Big Bang Theory - 01x01 - Pilot.WEB-DL.PhoenixRG.English.C.updated.Addic7ed.com.srt
2016-04-10 16:53 - 2016-04-10 16:53 - 00014425 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s01e01.hdtv.xvid.xor.torrent
2016-04-10 14:42 - 2016-04-10 15:04 - 364326912 _____ C:\Users\user\Downloads\Simpsonovi-S05E04-Medvídek.XviD.AC3.CZ.avi.crdownload
2016-04-10 12:48 - 2016-04-10 12:51 - 00253434 _____ C:\TDSSKiller.3.0.0.16_10.04.2016_12.48.19_log.txt
2016-04-10 12:48 - 2016-04-10 12:49 - 02156640 _____ C:\Users\user\Downloads\tdsskiller.zip.uq2yx17.partial
2016-04-10 12:41 - 2016-04-10 12:41 - 00004835 _____ C:\Users\user\Downloads\[kat.cr]kaspersky.tdsskiller.2.7.5.0.torrent
2016-04-10 12:37 - 2016-04-10 12:37 - 00007978 _____ C:\Users\user\Downloads\[kat.cr]malwarebytes.anti.malware.premium.2.2.0.1024.final.multilingual.incl.keygen.team.os.torrent
2016-04-08 19:44 - 2016-04-08 20:42 - 1044101894 _____ C:\Users\user\Downloads\Legendy.z.Dogtownu.2005.DVDRip.XviD.CZ-XtrM.avi.crdownload
2016-04-08 19:16 - 2016-04-08 19:17 - 00000000 ____D C:\Users\user\Desktop\The.Big.Bang.Theory.S09E20.HDTV.x264-LOL[rarbg]
2016-04-08 19:16 - 2016-04-08 19:16 - 00029683 _____ C:\Users\user\Downloads\The Big Bang Theory - 09x20 - The Big Bear Precipitation.DIMENSION.English.HI.C.orig.Addic7ed.com.srt
2016-04-08 19:16 - 2016-04-08 19:16 - 00009766 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s09e20.hdtv.x264.lol.rartv (1).torrent
2016-04-08 19:15 - 2016-04-08 19:15 - 00009766 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s09e20.hdtv.x264.lol.rartv.torrent
2016-04-01 14:43 - 2016-04-01 14:43 - 00000000 ____D C:\Users\user\Desktop\The.Big.Bang.Theory.S09E19.HDTV.x264-LOL[ettv]
2016-03-26 14:28 - 2016-04-09 20:39 - 00000000 ____D C:\Users\user\Desktop\WoW Cata
2016-03-26 00:13 - 2016-03-26 14:21 - 2451867803 ____N C:\Users\user\Desktop\WoW_Cata.zip
2016-03-26 00:12 - 2016-03-26 00:12 - 00146563 _____ C:\Users\user\Downloads\WoW_Cata.torrent
2016-03-26 00:09 - 2016-03-26 00:09 - 04747214 _____ C:\Users\user\Downloads\wow.exe.zip
2016-03-22 14:39 - 2016-03-22 14:39 - 00567255 _____ C:\Users\user\Downloads\Beduíni.pptx
2016-03-21 18:13 - 2016-03-21 18:20 - 00002960 ____N C:\Users\user\Desktop\x360ce.ini
2016-03-21 18:13 - 2016-03-21 18:13 - 00171176 ____N (hxxp://x360ce.googlecode.com) C:\Users\user\Desktop\xinput1_3.dll
2016-03-20 20:20 - 2016-03-21 18:01 - 00002964 _____ C:\Users\user\Documents\x360ce.ini
2016-03-20 20:20 - 2016-03-20 20:20 - 00171176 _____ (hxxp://x360ce.googlecode.com) C:\Users\user\Documents\xinput1_3.dll
2016-03-20 20:19 - 2016-03-20 20:19 - 01346760 ____N (TocaEdit) C:\Users\user\Desktop\Hacked Gamepad BY SARATH GAMER.exe
2016-03-20 20:17 - 2016-03-20 20:18 - 00517542 _____ C:\Users\user\Downloads\Hacked Gamepad BY Sarath@Gamer.rar
2016-03-15 15:45 - 2016-03-15 15:45 - 00000000 ____D C:\Users\user\AppData\Roaming\.mono
2016-03-15 15:45 - 2016-03-15 15:45 - 00000000 ____D C:\ProgramData\.mono
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-13 19:45 - 2013-08-16 00:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 19:45 - 2011-06-30 11:01 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 19:39 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 19:31 - 2015-06-16 19:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 19:20 - 2010-01-29 12:24 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-13 18:57 - 2016-01-11 22:18 - 02048234 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-13 18:57 - 2015-10-30 20:31 - 00846796 _____ C:\WINDOWS\system32\perfh005.dat
2016-04-13 18:57 - 2015-10-30 20:31 - 00193746 _____ C:\WINDOWS\system32\perfc005.dat
2016-04-13 18:57 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-13 18:51 - 2010-01-29 12:24 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 18:50 - 2016-01-11 22:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-13 18:49 - 2015-10-30 08:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 14:27 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-13 14:27 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 14:27 - 2015-10-16 07:01 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-04-11 17:49 - 2013-11-11 20:24 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-10 21:36 - 2014-10-03 17:47 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2016-04-10 19:36 - 2015-06-16 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-10 19:36 - 2015-06-16 19:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-10 17:30 - 2013-10-05 14:52 - 00000000 ____D C:\Users\user\Desktop\PROGRAMY
2016-04-10 17:19 - 2016-02-07 17:33 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2016-04-10 17:08 - 2014-07-07 17:59 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-04-10 17:00 - 2015-10-25 14:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2016-04-10 16:52 - 2013-10-05 18:01 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-04-10 15:15 - 2014-10-03 17:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-10 13:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\TAPI
2016-04-10 13:46 - 2011-07-01 18:06 - 00000000 ____D C:\ProgramData\ICQ
2016-04-08 17:05 - 2015-05-30 12:31 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2016-04-08 17:04 - 2014-12-22 22:00 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-04-07 18:11 - 2014-10-05 20:12 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-04-07 18:11 - 2013-10-02 16:15 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard Entertainment
2016-04-07 17:58 - 2015-12-25 19:38 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-04-06 20:32 - 2016-01-12 20:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2016-01-12 20:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 21:29 - 2013-10-12 18:49 - 00000000 ____D C:\Users\user\Documents\Škola
2016-03-31 22:06 - 2015-04-19 20:52 - 00000000 ____D C:\Users\user\Documents\Heroes of the Storm
2016-03-26 22:09 - 2012-03-05 18:57 - 00000000 ____D C:\Users\user\AppData\Roaming\.minecraft
2016-03-26 20:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-26 00:16 - 2013-04-19 20:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-03-26 00:11 - 2016-01-16 12:26 - 00000000 ____D C:\Users\user\Desktop\World of Warcraft
2016-03-24 14:09 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-24 13:12 - 2016-01-11 20:04 - 00000000 ____D C:\Users\user\Documents\GTA San Andreas User Files
2016-03-23 23:42 - 2014-06-30 17:47 - 00000000 ____D C:\Users\user\Documents\Euro Truck Simulator 2
2016-03-22 13:35 - 2015-10-30 09:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-03-20 21:51 - 2015-05-29 22:38 - 00000866 ____N C:\Users\user\Desktop\CCleaner.lnk
2016-03-20 20:52 - 2012-06-18 15:33 - 00000000 ____D C:\Program Files (x86)\Mount&Blade
2016-03-15 15:36 - 2015-01-11 19:13 - 00000000 ____D C:\Program Files (x86)\Hearthstone
==================== Files in the root of some directories =======
2013-06-19 19:43 - 2013-06-19 19:43 - 2280581 _____ () C:\Program Files (x86)\steven 2.age3sav
2013-05-26 18:28 - 2013-09-17 15:10 - 3249855 _____ () C:\Program Files (x86)\steven.age3sav
2013-06-21 21:21 - 2013-06-23 14:07 - 1421905 _____ () C:\Program Files (x86)\steven3.age3sav
2014-12-22 22:20 - 2014-12-22 22:42 - 0099384 _____ () C:\Users\user\AppData\Roaming\inst.exe
2014-12-22 22:20 - 2014-12-22 22:42 - 0007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
2014-12-22 22:20 - 2014-12-22 22:42 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
2014-12-22 22:20 - 2014-12-22 22:42 - 0000055 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
2014-12-22 22:20 - 2014-12-22 22:42 - 0082816 _____ (VSO Software) C:\Users\user\AppData\Roaming\pcouffin.sys
2012-01-31 21:58 - 2013-09-24 22:52 - 0001057 _____ () C:\Users\user\AppData\Roaming\vso_ts_preview.xml
2011-10-06 23:01 - 2013-10-28 18:39 - 0008192 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-09 22:19 - 2012-05-09 22:19 - 0007612 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2009-11-12 16:16 - 2009-11-12 16:16 - 0000008 __RSH () C:\ProgramData\51A8C86491.sys
2016-01-12 21:32 - 2016-01-12 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2009-09-02 20:32 - 2010-01-05 18:26 - 0001986 _____ () C:\ProgramData\hpzinstall.log
2009-11-12 16:16 - 2009-11-12 16:17 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - user).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{EF925198-493B-4701-9840-0A3CD96FDF8D}.job => C:\Windows\system32\msfeedssync.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\user\Desktop" je 19602 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup
"C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Ran by user (administrator) on USER-PC (13-04-2016 19:45:12)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe
(Realtek) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtWLan.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
Failed to access process -> nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.35-delta.exe
(forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [Cm108Sound] => "C:\WINDOWS\syswow64\RunDll32.exe" C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-05] (Glarysoft Ltd)
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-05] (Spotify Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{715d44d6-c999-41eb-b9be-df28e9eadef0}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{ef8ecec9-cbc0-4c16-b28f-8d22b84c476f}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Internet Explorer:
==================
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-08] (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-08] (Sun Microsystems, Inc.)
DPF: HKLM {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-03-08] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-03] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-03] (Pando Networks)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-27] ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml [2011-12-21]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (TrackMania Online) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbfcgenalmboiphnkbaebjofimjdecp [2013-10-29]
CHR Extension: (Webcam Toy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 Realtek8709; C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
R2 RtlService; C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [307456 2012-02-24] ()
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R1 EIO64; C:\Windows\System32\drivers\EIO64.sys [16384 2012-01-02] (ASUSTeK Computer Inc.)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-22] (Glarysoft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 RtlWlanu; C:\Windows\System32\drivers\wna3100m.sys [1576080 2012-10-04] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-09-15 19:37 - 2120-09-15 19:37 - 00143872 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iacenc.dll
2099-09-15 19:37 - 2120-09-15 19:37 - 00056832 _____ C:\WINDOWS\SysWOW64\iyvu9_32.dll
2016-04-13 18:44 - 2016-04-13 18:47 - 00000000 ____D C:\AdwCleaner
2016-04-13 18:43 - 2016-04-13 18:44 - 03465280 _____ C:\Users\user\Desktop\adwcleaner_5.110.exe
2016-04-13 18:22 - 2016-04-13 19:46 - 00016029 _____ C:\Users\user\Desktop\FRST.txt
2016-04-13 18:21 - 2016-04-13 19:45 - 00000000 ____D C:\FRST
2016-04-13 18:20 - 2016-04-13 18:21 - 00112640 _____ (forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
2016-04-13 18:18 - 2016-04-13 18:18 - 02375168 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-04-13 18:05 - 2016-04-13 18:05 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer.exe
2016-04-10 19:36 - 2016-04-10 19:36 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-10 16:54 - 2016-04-10 16:54 - 00031123 _____ C:\Users\user\Downloads\The Big Bang Theory - 01x01 - Pilot.WEB-DL.PhoenixRG.English.C.updated.Addic7ed.com.srt
2016-04-10 16:53 - 2016-04-10 16:53 - 00014425 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s01e01.hdtv.xvid.xor.torrent
2016-04-10 14:42 - 2016-04-10 15:04 - 364326912 _____ C:\Users\user\Downloads\Simpsonovi-S05E04-Medvídek.XviD.AC3.CZ.avi.crdownload
2016-04-10 12:48 - 2016-04-10 12:51 - 00253434 _____ C:\TDSSKiller.3.0.0.16_10.04.2016_12.48.19_log.txt
2016-04-10 12:48 - 2016-04-10 12:49 - 02156640 _____ C:\Users\user\Downloads\tdsskiller.zip.uq2yx17.partial
2016-04-10 12:41 - 2016-04-10 12:41 - 00004835 _____ C:\Users\user\Downloads\[kat.cr]kaspersky.tdsskiller.2.7.5.0.torrent
2016-04-10 12:37 - 2016-04-10 12:37 - 00007978 _____ C:\Users\user\Downloads\[kat.cr]malwarebytes.anti.malware.premium.2.2.0.1024.final.multilingual.incl.keygen.team.os.torrent
2016-04-08 19:44 - 2016-04-08 20:42 - 1044101894 _____ C:\Users\user\Downloads\Legendy.z.Dogtownu.2005.DVDRip.XviD.CZ-XtrM.avi.crdownload
2016-04-08 19:16 - 2016-04-08 19:17 - 00000000 ____D C:\Users\user\Desktop\The.Big.Bang.Theory.S09E20.HDTV.x264-LOL[rarbg]
2016-04-08 19:16 - 2016-04-08 19:16 - 00029683 _____ C:\Users\user\Downloads\The Big Bang Theory - 09x20 - The Big Bear Precipitation.DIMENSION.English.HI.C.orig.Addic7ed.com.srt
2016-04-08 19:16 - 2016-04-08 19:16 - 00009766 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s09e20.hdtv.x264.lol.rartv (1).torrent
2016-04-08 19:15 - 2016-04-08 19:15 - 00009766 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s09e20.hdtv.x264.lol.rartv.torrent
2016-04-01 14:43 - 2016-04-01 14:43 - 00000000 ____D C:\Users\user\Desktop\The.Big.Bang.Theory.S09E19.HDTV.x264-LOL[ettv]
2016-03-26 14:28 - 2016-04-09 20:39 - 00000000 ____D C:\Users\user\Desktop\WoW Cata
2016-03-26 00:13 - 2016-03-26 14:21 - 2451867803 ____N C:\Users\user\Desktop\WoW_Cata.zip
2016-03-26 00:12 - 2016-03-26 00:12 - 00146563 _____ C:\Users\user\Downloads\WoW_Cata.torrent
2016-03-26 00:09 - 2016-03-26 00:09 - 04747214 _____ C:\Users\user\Downloads\wow.exe.zip
2016-03-22 14:39 - 2016-03-22 14:39 - 00567255 _____ C:\Users\user\Downloads\Beduíni.pptx
2016-03-21 18:13 - 2016-03-21 18:20 - 00002960 ____N C:\Users\user\Desktop\x360ce.ini
2016-03-21 18:13 - 2016-03-21 18:13 - 00171176 ____N (hxxp://x360ce.googlecode.com) C:\Users\user\Desktop\xinput1_3.dll
2016-03-20 20:20 - 2016-03-21 18:01 - 00002964 _____ C:\Users\user\Documents\x360ce.ini
2016-03-20 20:20 - 2016-03-20 20:20 - 00171176 _____ (hxxp://x360ce.googlecode.com) C:\Users\user\Documents\xinput1_3.dll
2016-03-20 20:19 - 2016-03-20 20:19 - 01346760 ____N (TocaEdit) C:\Users\user\Desktop\Hacked Gamepad BY SARATH GAMER.exe
2016-03-20 20:17 - 2016-03-20 20:18 - 00517542 _____ C:\Users\user\Downloads\Hacked Gamepad BY Sarath@Gamer.rar
2016-03-15 15:45 - 2016-03-15 15:45 - 00000000 ____D C:\Users\user\AppData\Roaming\.mono
2016-03-15 15:45 - 2016-03-15 15:45 - 00000000 ____D C:\ProgramData\.mono
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-13 19:45 - 2013-08-16 00:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 19:45 - 2011-06-30 11:01 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 19:39 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 19:31 - 2015-06-16 19:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 19:20 - 2010-01-29 12:24 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-13 18:57 - 2016-01-11 22:18 - 02048234 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-13 18:57 - 2015-10-30 20:31 - 00846796 _____ C:\WINDOWS\system32\perfh005.dat
2016-04-13 18:57 - 2015-10-30 20:31 - 00193746 _____ C:\WINDOWS\system32\perfc005.dat
2016-04-13 18:57 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-13 18:51 - 2010-01-29 12:24 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 18:50 - 2016-01-11 22:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-13 18:49 - 2015-10-30 08:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 14:27 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-13 14:27 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 14:27 - 2015-10-16 07:01 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-04-11 17:49 - 2013-11-11 20:24 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-10 21:36 - 2014-10-03 17:47 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2016-04-10 19:36 - 2015-06-16 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-10 19:36 - 2015-06-16 19:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-10 17:30 - 2013-10-05 14:52 - 00000000 ____D C:\Users\user\Desktop\PROGRAMY
2016-04-10 17:19 - 2016-02-07 17:33 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2016-04-10 17:08 - 2014-07-07 17:59 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-04-10 17:00 - 2015-10-25 14:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2016-04-10 16:52 - 2013-10-05 18:01 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-04-10 15:15 - 2014-10-03 17:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-10 13:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\TAPI
2016-04-10 13:46 - 2011-07-01 18:06 - 00000000 ____D C:\ProgramData\ICQ
2016-04-08 17:05 - 2015-05-30 12:31 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2016-04-08 17:04 - 2014-12-22 22:00 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-04-07 18:11 - 2014-10-05 20:12 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-04-07 18:11 - 2013-10-02 16:15 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard Entertainment
2016-04-07 17:58 - 2015-12-25 19:38 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-04-06 20:32 - 2016-01-12 20:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2016-01-12 20:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 21:29 - 2013-10-12 18:49 - 00000000 ____D C:\Users\user\Documents\Škola
2016-03-31 22:06 - 2015-04-19 20:52 - 00000000 ____D C:\Users\user\Documents\Heroes of the Storm
2016-03-26 22:09 - 2012-03-05 18:57 - 00000000 ____D C:\Users\user\AppData\Roaming\.minecraft
2016-03-26 20:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-26 00:16 - 2013-04-19 20:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-03-26 00:11 - 2016-01-16 12:26 - 00000000 ____D C:\Users\user\Desktop\World of Warcraft
2016-03-24 14:09 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-24 13:12 - 2016-01-11 20:04 - 00000000 ____D C:\Users\user\Documents\GTA San Andreas User Files
2016-03-23 23:42 - 2014-06-30 17:47 - 00000000 ____D C:\Users\user\Documents\Euro Truck Simulator 2
2016-03-22 13:35 - 2015-10-30 09:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-03-20 21:51 - 2015-05-29 22:38 - 00000866 ____N C:\Users\user\Desktop\CCleaner.lnk
2016-03-20 20:52 - 2012-06-18 15:33 - 00000000 ____D C:\Program Files (x86)\Mount&Blade
2016-03-15 15:36 - 2015-01-11 19:13 - 00000000 ____D C:\Program Files (x86)\Hearthstone
==================== Files in the root of some directories =======
2013-06-19 19:43 - 2013-06-19 19:43 - 2280581 _____ () C:\Program Files (x86)\steven 2.age3sav
2013-05-26 18:28 - 2013-09-17 15:10 - 3249855 _____ () C:\Program Files (x86)\steven.age3sav
2013-06-21 21:21 - 2013-06-23 14:07 - 1421905 _____ () C:\Program Files (x86)\steven3.age3sav
2014-12-22 22:20 - 2014-12-22 22:42 - 0099384 _____ () C:\Users\user\AppData\Roaming\inst.exe
2014-12-22 22:20 - 2014-12-22 22:42 - 0007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
2014-12-22 22:20 - 2014-12-22 22:42 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
2014-12-22 22:20 - 2014-12-22 22:42 - 0000055 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
2014-12-22 22:20 - 2014-12-22 22:42 - 0082816 _____ (VSO Software) C:\Users\user\AppData\Roaming\pcouffin.sys
2012-01-31 21:58 - 2013-09-24 22:52 - 0001057 _____ () C:\Users\user\AppData\Roaming\vso_ts_preview.xml
2011-10-06 23:01 - 2013-10-28 18:39 - 0008192 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-09 22:19 - 2012-05-09 22:19 - 0007612 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2009-11-12 16:16 - 2009-11-12 16:16 - 0000008 __RSH () C:\ProgramData\51A8C86491.sys
2016-01-12 21:32 - 2016-01-12 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2009-09-02 20:32 - 2010-01-05 18:26 - 0001986 _____ () C:\ProgramData\hpzinstall.log
2009-11-12 16:16 - 2009-11-12 16:17 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - user).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{EF925198-493B-4701-9840-0A3CD96FDF8D}.job => C:\Windows\system32\msfeedssync.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\user\Desktop" je 19602 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup
"C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu - fb spam
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
U3 idsvc; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\51A8C86491.sys
C:\ProgramData\DP45977C.lfl
C:\ProgramData\KGyGaAvL.sys
C:\Users\user\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Z logu:
Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
U3 idsvc; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\51A8C86491.sys
C:\ProgramData\DP45977C.lfl
C:\ProgramData\KGyGaAvL.sys
C:\Users\user\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Z logu:
To je příliš mnoho a může to zpomalovat start systému. Vytvořte v C:\Users\user novou složku, přesuňte do ni všechna data z plochy (kromě zástupců) a na plochu si dejte kvůli snazšímu přístupu zástupce té složky.Velikost slozky "C:\Users\user\Desktop" je 19602 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu - fb spam
Rudy píše:Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
U3 idsvc; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\51A8C86491.sys
C:\ProgramData\DP45977C.lfl
C:\ProgramData\KGyGaAvL.sys
C:\Users\user\AppData\Local\Temp
End
Z logu:
To je příliš mnoho a může to zpomalovat start systému. Vytvořte v C:\Users\user novou složku, přesuňte do ni všechna data z plochy (kromě zástupců) a na plochu si dejte kvůli snazšímu přístupu zástupce té složky.Velikost slozky "C:\Users\user\Desktop" je 19602 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu - fb spam
Otevřte poznámkový blok a zkopírujte do něj:
Z logu:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
U3 idsvc; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\51A8C86491.sys
C:\ProgramData\DP45977C.lfl
C:\ProgramData\KGyGaAvL.sys
C:\Users\user\AppData\Local\Temp
End
Z logu:
To je příliš mnoho a může to zpomalovat start systému. Vytvořte v C:\Users\user novou složku, přesuňte do ni všechna data z plochy (kromě zástupců) a na plochu si dejte kvůli snazšímu přístupu zástupce té složky.Velikost slozky "C:\Users\user\Desktop" je 19602 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu - fb spam
Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by user (2016-04-13 21:21:16) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
U3 idsvc; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\51A8C86491.sys
C:\ProgramData\DP45977C.lfl
C:\ProgramData\KGyGaAvL.sys
C:\Users\user\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => key removed successfully
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => not found.
C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => moved successfully
C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => not found.
idsvc => service removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\ProgramData\51A8C86491.sys => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\KGyGaAvL.sys => moved successfully
C:\Users\user\AppData\Local\Temp => moved successfully
==== End of Fixlog 21:21:18 ====
Ran by user (2016-04-13 21:21:16) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
U3 idsvc; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\51A8C86491.sys
C:\ProgramData\DP45977C.lfl
C:\ProgramData\KGyGaAvL.sys
C:\Users\user\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => key removed successfully
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => not found.
C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => moved successfully
C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => not found.
idsvc => service removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\ProgramData\51A8C86491.sys => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\KGyGaAvL.sys => moved successfully
C:\Users\user\AppData\Local\Temp => moved successfully
==== End of Fixlog 21:21:18 ====
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu - fb spam
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?