Dobry den mohol by som poprosit o kontrolu logu.Ukazalo my to 146 hrozieb snad to bude vsetko v poriadku.Dakujem
# AdwCleaner v6.030 - Log soubor vytvořen 26/11/2016 na 10:35:59
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-25.3 [Server]
# Operační systém : Windows 7 Home Premium (X86)
# Uživatelské jméno : Vinc - VINC-PC
# Beží od : C:\Users\Vinc\Downloads\AdwCleaner.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Adresáře ] *****
[-] Adresář smazán:C:\Users\Vinc\AppData\Local\iMesh
[-] Adresář smazán:C:\Users\Vinc\AppData\Local\PackageAware
[-] Adresář smazán:C:\Users\Vinc\AppData\Local\torch
[-] Adresář smazán:C:\Users\Vinc\AppData\Local\VirtualStore\Program Files\iMesh Applications
[-] Adresář smazán:C:\Users\Vinc\AppData\LocalLow\ilividmoviestoolbar181
[-] Adresář smazán:C:\Users\Vinc\AppData\LocalLow\searchresultstb
[-] Adresář smazán:C:\Users\Vinc\AppData\Roaming\Babylon
[-] Adresář smazán:C:\Users\Vinc\AppData\Roaming\DealPly
[-] Adresář smazán:C:\Users\Vinc\AppData\Roaming\DownLite
[-] Adresář smazán:C:\Users\Vinc\AppData\Roaming\OpenCandy
[-] Adresář smazán:C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\ICQToolbarData
[-] Adresář smazán:C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\ilividmoviestoolbar181
[-] Adresář smazán:C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\Smartbar
[-] Adresář smazán:C:\ProgramData\apn
[-] Adresář smazán:C:\ProgramData\Babylon
[-] Adresář smazán:C:\ProgramData\BitGuard
[-] Adresář smazán:C:\ProgramData\Browser Manager
[-] Adresář smazán:C:\ProgramData\BrowserProtect
[-] Adresář smazán:C:\ProgramData\ICQ\ICQToolbar
[-] Adresář smazán:C:\ProgramData\wincert
[-] Adresář smazán:C:\ProgramData\ICQ\ICQNewTab
[#] Adresář nelze smazat:C:\ProgramData\Application Data\apn
[#] Adresář nelze smazat:C:\ProgramData\Application Data\Babylon
[#] Adresář nelze smazat:C:\ProgramData\Application Data\BitGuard
[#] Adresář nelze smazat:C:\ProgramData\Application Data\Browser Manager
[#] Adresář nelze smazat:C:\ProgramData\Application Data\BrowserProtect
[#] Adresář nelze smazat:C:\ProgramData\Application Data\ICQ\ICQToolbar
[#] Adresář nelze smazat:C:\ProgramData\Application Data\wincert
[#] Adresář nelze smazat:C:\ProgramData\Application Data\ICQ\ICQNewTab
[-] Adresář smazán:C:\Program Files\ICQ6Toolbar
[-] Adresář smazán:C:\extensions
***** [ Soubory ] *****
[-] Soubor smazán:C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\icqplugin-1.xml
[-] Soubor smazán:C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\icqplugin-2.xml
[-] Soubor smazán:C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\icqplugin-3.xml
[-] Soubor smazán:C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\icqplugin-4.xml
[-] Soubor smazán:C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\icqplugin-5.xml
[-] Soubor smazán:C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\icqplugin.xml
[-] Soubor smazán:C:\Users\Vinc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[-] Soubor smazán:C:\Users\Vinc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[-] Soubor smazán:C:\Users\Vinc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
[-] Soubor smazán:C:\user.js
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupce ] *****
***** [ Plánovač úloh ] *****
***** [ Registry ] *****
[-] Klíč smazán:HKCU\Software\8edd8ce23bb845
[-] Klíč smazán:HKLM\SOFTWARE\8edd8ce23bb845
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1227-n-bf.exe
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup-r706-n-bf.exe
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\iLividSetup.exe
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Classes\iLivid.torrent
[#] Klíč smazán po restartování:HKCU\Software\Classes\iLivid.torrent
[-] Klíč smazán:HKLM\SOFTWARE\Classes\iLivid.torrent
[-] Klíč smazán:HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
[-] Klíč smazán:HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Prod.cap
[-] Klíč smazán:HKLM\SOFTWARE\Classes\speedupmypc
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F001652-AF51-45C6-B029-86E0265A1851}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8278076-BC68-4484-9233-6E7F1628B56C}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F001652-AF51-45C6-B029-86E0265A1851}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
[-] Hodnota smazána:HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Hodnota smazána:HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
[-] Hodnota smazána:HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
[-] Hodnota smazána:HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
[-] Klíč smazán:HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\APN PIP
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\APNDTX
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\BABSOLUTION
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\BabylonToolbar
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Conduit
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\DataMngr_Toolbar
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\DownLite
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\ilivid
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\ilividmoviestoolbar181
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\PrivitizeVPNInstallDates
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\StartSearch
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\torch
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Mail.Ru
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\AppDataLow\Software\ilividmoviestoolbar181
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4096036714-2317514608-166931336-1000\Software\AskPartnerNetwork
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\AskPartnerNetwork
[#] Klíč smazán po restartování:HKCU\Software\APN PIP
[#] Klíč smazán po restartování:HKCU\Software\APNDTX
[#] Klíč smazán po restartování:HKCU\Software\BABSOLUTION
[#] Klíč smazán po restartování:HKCU\Software\BabylonToolbar
[#] Klíč smazán po restartování:HKCU\Software\Conduit
[#] Klíč smazán po restartování:HKCU\Software\DataMngr_Toolbar
[#] Klíč smazán po restartování:HKCU\Software\DownLite
[#] Klíč smazán po restartování:HKCU\Software\ilivid
[#] Klíč smazán po restartování:HKCU\Software\ilividmoviestoolbar181
[#] Klíč smazán po restartování:HKCU\Software\PrivitizeVPNInstallDates
[#] Klíč smazán po restartování:HKCU\Software\StartSearch
[#] Klíč smazán po restartování:HKCU\Software\torch
[#] Klíč smazán po restartování:HKCU\Software\Mail.Ru
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolbar
[#] Klíč smazán po restartování:HKCU\Software\AppDataLow\Software\ilividmoviestoolbar181
[-] Klíč smazán:HKLM\SOFTWARE\Babylon
[-] Klíč smazán:HKLM\SOFTWARE\Conduit
[-] Klíč smazán:HKLM\SOFTWARE\DataMngr
[-] Klíč smazán:HKLM\SOFTWARE\ICQ\ICQToolbar
[-] Klíč smazán:HKLM\SOFTWARE\iLividSRTB
[-] Klíč smazán:HKLM\SOFTWARE\Imesh
[-] Klíč smazán:HKLM\SOFTWARE\PIP
[-] Klíč smazán:HKLM\SOFTWARE\torch
[-] Klíč smazán:HKLM\SOFTWARE\Uniblue
[#] Klíč smazán po restartování:HKLM\SOFTWARE\Uniblue\DriverScanner
[-] Klíč smazán:HKLM\SOFTWARE\Mail.Ru
[#] Klíč smazán po restartování:HKLM\SOFTWARE\Datamngr
[#] Klíč smazán po restartování:HKLM\SOFTWARE\iMesh
[-] Data obnovena:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Data obnovena:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Internet Explorer\Main [bProtector Start Page]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [bProtector Start Page]
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[-] Klíč smazán:HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E783E48A-5DD8-4794-A551-B18BAAD4E1B6}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E783E48A-5DD8-4794-A551-B18BAAD4E1B6}
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] c:\progra~2\browse~2\261249~1.132\{c16c1~1\browse~1.dll
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Hodnota smazána:HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
[-] Hodnota smazána:HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Hodnota smazána:HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
[#] Klíč smazán po restartování:HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
[-] Klíč smazán:HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Hodnota smazána:HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
[-] Hodnota smazána:HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
[-] Hodnota smazána:HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
[#] Hodnota smazána po restartování:HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [13298 Bajtů] - [26/11/2016 10:35:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [13206 Bajtů] - [26/11/2016 10:34:48]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [13448 Bajtů] ##########
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zavirovany Notebook
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118310
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovany Notebook
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavirovany Notebook
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016
Ran by Vinc (administrator) on VINC-PC (26-11-2016 11:34:34)
Running from C:\Users\Vinc\Desktop
Loaded Profiles: Vinc (Available Profiles: Vinc)
Platform: Microsoft Windows 7 Home Premium (X86) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) C:\Program Files\Defraggler\Defraggler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Vinc\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\Run: [] => [X]
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {39dce2de-3764-11e3-b5a4-001d60fd27f1} - I:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {3b633cd9-30af-11e5-b009-001d60fd27f1} - I:\LG_PC_Programs.exe
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {b31a15a9-4894-11e3-ae23-001d60fd27f1} - I:\LGAutoRun.exe
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {b31a15b5-4894-11e3-ae23-001d60fd27f1} - I:\PcOptions.exe
Startup: C:\Users\Vinc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk [2013-02-19]
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{44C30D06-67E9-489D-9DBD-89394A476B37}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6A48C047-3B15-41E1-9B75-A9B2ADFA98A6}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131106000396455078&GUID=00000000-0000-0000-0000-000000000000
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> DefaultScope {DFE7119D-13A2-44BE-8281-27CC86DDA5FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> {DFE7119D-13A2-44BE-8281-27CC86DDA5FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-26] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> No Name - {434C4D2D-5341-5400-76A7-7A786E7484D7} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default [2016-11-26]
FF user.js: detected! => C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\user.js [2013-11-25]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3ee9z9zp.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&CUI=UN11562418163226514&UM=1&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3ee9z9zp.default -> Tuvaro
FF Homepage: Mozilla\Firefox\Profiles\3ee9z9zp.default -> hxxp://google.cz/
FF Extension: (ADB Helper) - C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\Extensions\adbhelper@mozilla.org [2015-07-17] [not signed]
FF Extension: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\Extensions\{d1dac034-9fd9-4c13-a388-d2e10e57707f} [2014-04-16] [not signed]
FF Extension: (No Name) - C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\extensions\{282b0e54-8981-49eb-9193-5910a1f6fd33} [not found]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\ask-search.xml [2013-02-21]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\askcom.xml [2013-02-02]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\babylon.xml [2013-05-08]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\conduit.xml [2013-04-07]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\Search_Results.xml [2013-02-20]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\tuvaro.xml [2013-11-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-26] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-26] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4096036714-2317514608-166931336-1000: iMeshPlugin -> C:\Program Files\iMesh Applications\iMesh\npiMeshPlugin.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-31]
Chrome:
=======
CHR Profile: C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default [2016-11-26]
CHR Extension: (Prezentace Google) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-26]
CHR Extension: (Dokumenty Google) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-26]
CHR Extension: (Disk Google) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-26]
CHR Extension: (YouTube) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-26]
CHR Extension: (Tabulky Google) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-26]
CHR Extension: (Gmail) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-26]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)
R3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc)
S3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [11136 2010-08-11] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-10] (Apple, Inc.) [File not signed]
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam.sys [1068216 2012-04-15] (Windows (R) Win 7 DDK provider)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 11:34 - 2016-11-26 11:35 - 00012725 _____ C:\Users\Vinc\Desktop\FRST.txt
2016-11-26 11:34 - 2016-11-26 11:34 - 00000000 ____D C:\FRST
2016-11-26 11:32 - 2016-11-26 11:32 - 00112640 _____ (forum.viry.cz) C:\Users\Vinc\Desktop\FRSTLauncher.exe
2016-11-26 11:30 - 2016-11-26 11:30 - 01761280 _____ (Farbar) C:\Users\Vinc\Desktop\FRST.exe
2016-11-26 10:46 - 2016-11-26 10:46 - 00001863 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-11-26 10:46 - 2016-11-26 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-11-26 10:46 - 2016-11-26 10:46 - 00000000 ____D C:\Program Files\Defraggler
2016-11-26 10:45 - 2016-11-26 10:45 - 04529456 _____ (Piriform Ltd) C:\Users\Vinc\Downloads\dfsetup221.exe
2016-11-26 10:42 - 2016-11-26 10:42 - 20174528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-11-26 10:39 - 2016-11-26 10:39 - 00013529 _____ C:\Users\Vinc\Desktop\AdwCleaner[C0].txt
2016-11-26 10:32 - 2016-11-26 10:39 - 00000000 ____D C:\AdwCleaner
2016-11-26 10:32 - 2016-11-26 10:32 - 03910208 _____ C:\Users\Vinc\Downloads\AdwCleaner.exe
2016-11-26 10:28 - 2016-11-26 10:28 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-26 10:28 - 2016-11-26 10:28 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-26 10:26 - 2016-11-26 11:31 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-26 10:26 - 2016-11-26 10:37 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 10:25 - 2016-11-26 10:26 - 00000000 ____D C:\Users\Vinc\AppData\Local\Deployment
2016-11-26 10:25 - 2016-11-26 10:25 - 00000000 ____D C:\Users\Vinc\AppData\Local\Apps\2.0
2016-11-26 10:24 - 2016-11-26 10:24 - 00060144 _____ C:\Users\Vinc\Desktop\cc_20161126_102432.reg
2016-11-26 09:47 - 2016-11-26 09:47 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\Sun
2016-11-26 09:47 - 2016-11-26 09:47 - 00000000 ____D C:\Program Files\Common Files\Java
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 10:45 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-26 10:45 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-26 10:42 - 2013-02-19 15:35 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-26 10:42 - 2013-02-19 15:35 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-26 10:42 - 2013-02-19 15:35 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-26 10:42 - 2013-02-19 15:35 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-26 10:38 - 2016-01-02 21:45 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-26 10:38 - 2013-02-19 15:29 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\Skype
2016-11-26 10:37 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-26 10:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-11-26 10:35 - 2013-04-20 01:42 - 00000000 ____D C:\ProgramData\ICQ
2016-11-26 10:30 - 2013-06-01 12:41 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-11-26 10:28 - 2013-05-20 16:11 - 00000000 ____D C:\Program Files\Google
2016-11-26 10:21 - 2013-02-21 22:43 - 00000000 ____D C:\Windows\Minidump
2016-11-26 10:21 - 2013-02-19 17:06 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\DAEMON Tools Lite
2016-11-26 10:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\ModemLogs
2016-11-26 10:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2016-11-26 10:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat
2016-11-26 10:17 - 2015-01-28 17:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-26 10:13 - 2016-04-03 17:47 - 00000000 ____D C:\ProgramData\Apple
2016-11-26 10:13 - 2016-04-03 17:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-26 10:12 - 2013-07-04 13:16 - 00000000 ____D C:\ProgramData\Origin
2016-11-26 10:08 - 2013-09-10 15:40 - 00000000 ___HD C:\GrandeDevice
2016-11-26 10:08 - 2013-02-20 00:07 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-11-26 10:00 - 2013-05-08 13:06 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\uTorrent
2016-11-26 09:59 - 2013-02-19 15:50 - 00108768 _____ C:\Users\Vinc\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-26 09:57 - 2009-07-14 05:33 - 00406440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-26 09:55 - 2013-09-29 17:11 - 00000000 ____D C:\Program Files\ESET
2016-11-26 09:48 - 2013-11-19 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2016-11-26 09:48 - 2013-11-19 20:54 - 00000000 ____D C:\Program Files\Counter-Strike
2016-11-26 09:48 - 2013-10-21 07:33 - 00000000 ____D C:\ProgramData\Oracle
2016-11-26 09:47 - 2014-02-18 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-26 09:47 - 2013-08-20 07:46 - 00000000 ____D C:\Program Files\Java
2016-11-26 09:46 - 2014-02-18 18:49 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-11-26 09:45 - 2014-02-18 18:49 - 00269888 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-11-26 09:45 - 2013-04-07 21:32 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\BSplayer
2016-11-26 09:37 - 2014-07-31 20:20 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-11-26 09:37 - 2014-07-31 20:20 - 00000000 ____D C:\Program Files\DSPRobotics
2016-11-26 09:37 - 2014-07-31 20:14 - 00000000 ____D C:\Program Files\Image-Line
2016-11-26 09:29 - 2013-02-19 15:31 - 01575230 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-26 09:29 - 2009-07-14 09:44 - 00665944 _____ C:\Windows\system32\perfh005.dat
2016-11-26 09:29 - 2009-07-14 09:44 - 00139608 _____ C:\Windows\system32\perfc005.dat
2016-11-26 09:21 - 2013-02-19 15:29 - 00000000 ___RD C:\Program Files\Skype
2016-11-26 09:20 - 2013-02-19 15:24 - 00000000 ____D C:\Users\Vinc
==================== Files in the root of some directories =======
2013-05-08 12:50 - 2013-05-08 12:51 - 0000000 _____ () C:\Users\Vinc\AppData\Roaming\bitlord_log.txt
2013-08-03 21:41 - 2013-08-03 21:41 - 0003584 _____ () C:\Users\Vinc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-31 14:52 - 2013-05-31 15:11 - 0000000 _____ () C:\ProgramData\kjhy64.txt
2013-05-31 14:52 - 2013-05-31 15:11 - 95023320 ____T () C:\ProgramData\t14a.pad
Files to move or delete:
====================
C:\ProgramData\t14a.pad
Some files in TEMP:
====================
C:\Users\Vinc\AppData\Local\Temp\BRSVC_1142703_hlp.exe
C:\Users\Vinc\AppData\Local\Temp\libeay32.dll
C:\Users\Vinc\AppData\Local\Temp\msvcr120.dll
C:\Users\Vinc\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Vinc\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-26 13:47
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:89.43 GB) (Free:52.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:59.62 GB) (Free:9.85 GB) NTFS
Available physical RAM: 827.85 MB
Total physical RAM: 1791.24 MB
Percentage of memory in use: 53%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1A9608F5)
Partition 1: (Active) - (Size=89.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.6 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Vinc\Desktop" je 3283 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Vinc (administrator) on VINC-PC (26-11-2016 11:34:34)
Running from C:\Users\Vinc\Desktop
Loaded Profiles: Vinc (Available Profiles: Vinc)
Platform: Microsoft Windows 7 Home Premium (X86) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) C:\Program Files\Defraggler\Defraggler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Vinc\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\Run: [] => [X]
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {39dce2de-3764-11e3-b5a4-001d60fd27f1} - I:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {3b633cd9-30af-11e5-b009-001d60fd27f1} - I:\LG_PC_Programs.exe
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {b31a15a9-4894-11e3-ae23-001d60fd27f1} - I:\LGAutoRun.exe
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {b31a15b5-4894-11e3-ae23-001d60fd27f1} - I:\PcOptions.exe
Startup: C:\Users\Vinc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk [2013-02-19]
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{44C30D06-67E9-489D-9DBD-89394A476B37}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6A48C047-3B15-41E1-9B75-A9B2ADFA98A6}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131106000396455078&GUID=00000000-0000-0000-0000-000000000000
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> DefaultScope {DFE7119D-13A2-44BE-8281-27CC86DDA5FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> {DFE7119D-13A2-44BE-8281-27CC86DDA5FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-26] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> No Name - {434C4D2D-5341-5400-76A7-7A786E7484D7} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default [2016-11-26]
FF user.js: detected! => C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\user.js [2013-11-25]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3ee9z9zp.default -> hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&CUI=UN11562418163226514&UM=1&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3ee9z9zp.default -> Tuvaro
FF Homepage: Mozilla\Firefox\Profiles\3ee9z9zp.default -> hxxp://google.cz/
FF Extension: (ADB Helper) - C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\Extensions\adbhelper@mozilla.org [2015-07-17] [not signed]
FF Extension: (Movies Toolbar (Dist. by Bandoo Media, Inc.)) - C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\Extensions\{d1dac034-9fd9-4c13-a388-d2e10e57707f} [2014-04-16] [not signed]
FF Extension: (No Name) - C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\extensions\{282b0e54-8981-49eb-9193-5910a1f6fd33} [not found]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\ask-search.xml [2013-02-21]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\askcom.xml [2013-02-02]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\babylon.xml [2013-05-08]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\conduit.xml [2013-04-07]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\Search_Results.xml [2013-02-20]
FF SearchPlugin: C:\Users\Vinc\AppData\Roaming\Mozilla\Firefox\Profiles\3ee9z9zp.default\searchplugins\tuvaro.xml [2013-11-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-26] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-26] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4096036714-2317514608-166931336-1000: iMeshPlugin -> C:\Program Files\iMesh Applications\iMesh\npiMeshPlugin.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-31]
Chrome:
=======
CHR Profile: C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default [2016-11-26]
CHR Extension: (Prezentace Google) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-26]
CHR Extension: (Dokumenty Google) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-26]
CHR Extension: (Disk Google) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-26]
CHR Extension: (YouTube) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-26]
CHR Extension: (Tabulky Google) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-26]
CHR Extension: (Gmail) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\Vinc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-26]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)
R3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc)
S3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [11136 2010-08-11] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-10] (Apple, Inc.) [File not signed]
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam.sys [1068216 2012-04-15] (Windows (R) Win 7 DDK provider)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 11:34 - 2016-11-26 11:35 - 00012725 _____ C:\Users\Vinc\Desktop\FRST.txt
2016-11-26 11:34 - 2016-11-26 11:34 - 00000000 ____D C:\FRST
2016-11-26 11:32 - 2016-11-26 11:32 - 00112640 _____ (forum.viry.cz) C:\Users\Vinc\Desktop\FRSTLauncher.exe
2016-11-26 11:30 - 2016-11-26 11:30 - 01761280 _____ (Farbar) C:\Users\Vinc\Desktop\FRST.exe
2016-11-26 10:46 - 2016-11-26 10:46 - 00001863 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-11-26 10:46 - 2016-11-26 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-11-26 10:46 - 2016-11-26 10:46 - 00000000 ____D C:\Program Files\Defraggler
2016-11-26 10:45 - 2016-11-26 10:45 - 04529456 _____ (Piriform Ltd) C:\Users\Vinc\Downloads\dfsetup221.exe
2016-11-26 10:42 - 2016-11-26 10:42 - 20174528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-11-26 10:39 - 2016-11-26 10:39 - 00013529 _____ C:\Users\Vinc\Desktop\AdwCleaner[C0].txt
2016-11-26 10:32 - 2016-11-26 10:39 - 00000000 ____D C:\AdwCleaner
2016-11-26 10:32 - 2016-11-26 10:32 - 03910208 _____ C:\Users\Vinc\Downloads\AdwCleaner.exe
2016-11-26 10:28 - 2016-11-26 10:28 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-26 10:28 - 2016-11-26 10:28 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-26 10:26 - 2016-11-26 11:31 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-26 10:26 - 2016-11-26 10:37 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 10:25 - 2016-11-26 10:26 - 00000000 ____D C:\Users\Vinc\AppData\Local\Deployment
2016-11-26 10:25 - 2016-11-26 10:25 - 00000000 ____D C:\Users\Vinc\AppData\Local\Apps\2.0
2016-11-26 10:24 - 2016-11-26 10:24 - 00060144 _____ C:\Users\Vinc\Desktop\cc_20161126_102432.reg
2016-11-26 09:47 - 2016-11-26 09:47 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\Sun
2016-11-26 09:47 - 2016-11-26 09:47 - 00000000 ____D C:\Program Files\Common Files\Java
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 10:45 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-26 10:45 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-26 10:42 - 2013-02-19 15:35 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-26 10:42 - 2013-02-19 15:35 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-26 10:42 - 2013-02-19 15:35 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-26 10:42 - 2013-02-19 15:35 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-26 10:38 - 2016-01-02 21:45 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-26 10:38 - 2013-02-19 15:29 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\Skype
2016-11-26 10:37 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-26 10:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-11-26 10:35 - 2013-04-20 01:42 - 00000000 ____D C:\ProgramData\ICQ
2016-11-26 10:30 - 2013-06-01 12:41 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-11-26 10:28 - 2013-05-20 16:11 - 00000000 ____D C:\Program Files\Google
2016-11-26 10:21 - 2013-02-21 22:43 - 00000000 ____D C:\Windows\Minidump
2016-11-26 10:21 - 2013-02-19 17:06 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\DAEMON Tools Lite
2016-11-26 10:21 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\ModemLogs
2016-11-26 10:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2016-11-26 10:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat
2016-11-26 10:17 - 2015-01-28 17:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-26 10:13 - 2016-04-03 17:47 - 00000000 ____D C:\ProgramData\Apple
2016-11-26 10:13 - 2016-04-03 17:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-26 10:12 - 2013-07-04 13:16 - 00000000 ____D C:\ProgramData\Origin
2016-11-26 10:08 - 2013-09-10 15:40 - 00000000 ___HD C:\GrandeDevice
2016-11-26 10:08 - 2013-02-20 00:07 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-11-26 10:00 - 2013-05-08 13:06 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\uTorrent
2016-11-26 09:59 - 2013-02-19 15:50 - 00108768 _____ C:\Users\Vinc\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-26 09:57 - 2009-07-14 05:33 - 00406440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-26 09:55 - 2013-09-29 17:11 - 00000000 ____D C:\Program Files\ESET
2016-11-26 09:48 - 2013-11-19 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2016-11-26 09:48 - 2013-11-19 20:54 - 00000000 ____D C:\Program Files\Counter-Strike
2016-11-26 09:48 - 2013-10-21 07:33 - 00000000 ____D C:\ProgramData\Oracle
2016-11-26 09:47 - 2014-02-18 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-26 09:47 - 2013-08-20 07:46 - 00000000 ____D C:\Program Files\Java
2016-11-26 09:46 - 2014-02-18 18:49 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-11-26 09:45 - 2014-02-18 18:49 - 00269888 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-11-26 09:45 - 2013-04-07 21:32 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\BSplayer
2016-11-26 09:37 - 2014-07-31 20:20 - 00000000 ____D C:\Users\Vinc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-11-26 09:37 - 2014-07-31 20:20 - 00000000 ____D C:\Program Files\DSPRobotics
2016-11-26 09:37 - 2014-07-31 20:14 - 00000000 ____D C:\Program Files\Image-Line
2016-11-26 09:29 - 2013-02-19 15:31 - 01575230 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-26 09:29 - 2009-07-14 09:44 - 00665944 _____ C:\Windows\system32\perfh005.dat
2016-11-26 09:29 - 2009-07-14 09:44 - 00139608 _____ C:\Windows\system32\perfc005.dat
2016-11-26 09:21 - 2013-02-19 15:29 - 00000000 ___RD C:\Program Files\Skype
2016-11-26 09:20 - 2013-02-19 15:24 - 00000000 ____D C:\Users\Vinc
==================== Files in the root of some directories =======
2013-05-08 12:50 - 2013-05-08 12:51 - 0000000 _____ () C:\Users\Vinc\AppData\Roaming\bitlord_log.txt
2013-08-03 21:41 - 2013-08-03 21:41 - 0003584 _____ () C:\Users\Vinc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-31 14:52 - 2013-05-31 15:11 - 0000000 _____ () C:\ProgramData\kjhy64.txt
2013-05-31 14:52 - 2013-05-31 15:11 - 95023320 ____T () C:\ProgramData\t14a.pad
Files to move or delete:
====================
C:\ProgramData\t14a.pad
Some files in TEMP:
====================
C:\Users\Vinc\AppData\Local\Temp\BRSVC_1142703_hlp.exe
C:\Users\Vinc\AppData\Local\Temp\libeay32.dll
C:\Users\Vinc\AppData\Local\Temp\msvcr120.dll
C:\Users\Vinc\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Vinc\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-26 13:47
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:89.43 GB) (Free:52.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:59.62 GB) (Free:9.85 GB) NTFS
Available physical RAM: 827.85 MB
Total physical RAM: 1791.24 MB
Percentage of memory in use: 53%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1A9608F5)
Partition 1: (Active) - (Size=89.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.6 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Vinc\Desktop" je 3283 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 118310
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovany Notebook
Otevřte poznámkový blok a zkopírujte do něj:
Z logu:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\Run: [] => [X]
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {39dce2de-3764-11e3-b5a4-001d60fd27f1} - I:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {3b633cd9-30af-11e5-b009-001d60fd27f1} - I:\LG_PC_Programs.exe
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {b31a15a9-4894-11e3-ae23-001d60fd27f1} - I:\LGAutoRun.exe
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {b31a15b5-4894-11e3-ae23-001d60fd27f1} - I:\PcOptions.exe
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> DefaultScope {DFE7119D-13A2-44BE-8281-27CC86DDA5FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> {DFE7119D-13A2-44BE-8281-27CC86DDA5FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Toolbar: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> No Name - {434C4D2D-5341-5400-76A7-7A786E7484D7} - No File
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3ee9z9zp.default -> hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3ee9z9zp.default -> Tuvaro
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\t14a.pad
C:\Users\Vinc\AppData\Local\Temp
EmptyTemp:
End
Z logu:
To je příliš mnoho a může to způsobovat pomalý start systému. Vytvořte v C:\Users\Vinc novou složku, do níž přesuňte veškerá data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.Velikost slozky "C:\Users\Vinc\Desktop" je 3283 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavirovany Notebook
Fix result of Farbar Recovery Scan Tool (x86) Version: 23-11-2016
Ran by Vinc (26-11-2016 11:53:35) Run:1
Running from C:\Users\Vinc\Desktop
Loaded Profiles: Vinc (Available Profiles: Vinc)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\Run: [] => [X]
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {39dce2de-3764-11e3-b5a4-001d60fd27f1} - I:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {3b633cd9-30af-11e5-b009-001d60fd27f1} - I:\LG_PC_Programs.exe
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {b31a15a9-4894-11e3-ae23-001d60fd27f1} - I:\LGAutoRun.exe
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {b31a15b5-4894-11e3-ae23-001d60fd27f1} - I:\PcOptions.exe
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> DefaultScope {DFE7119D-13A2-44BE-8281-27CC86DDA5FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> {DFE7119D-13A2-44BE-8281-27CC86DDA5FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Toolbar: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> No Name - {434C4D2D-5341-5400-76A7-7A786E7484D7} - No File
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3ee9z9zp.default -> hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3ee9z9zp.default -> Tuvaro
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\t14a.pad
C:\Users\Vinc\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
"HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39dce2de-3764-11e3-b5a4-001d60fd27f1}" => key removed successfully.
HKCR\CLSID\{39dce2de-3764-11e3-b5a4-001d60fd27f1} => key not found.
"HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b633cd9-30af-11e5-b009-001d60fd27f1}" => key removed successfully.
HKCR\CLSID\{3b633cd9-30af-11e5-b009-001d60fd27f1} => key not found.
"HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b31a15a9-4894-11e3-ae23-001d60fd27f1}" => key removed successfully.
HKCR\CLSID\{b31a15a9-4894-11e3-ae23-001d60fd27f1} => key not found.
"HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b31a15b5-4894-11e3-ae23-001d60fd27f1}" => key removed successfully.
HKCR\CLSID\{b31a15b5-4894-11e3-ae23-001d60fd27f1} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DFE7119D-13A2-44BE-8281-27CC86DDA5FE}" => key removed successfully.
HKCR\CLSID\{DFE7119D-13A2-44BE-8281-27CC86DDA5FE} => key not found.
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{434C4D2D-5341-5400-76A7-7A786E7484D7} => value removed successfully.
HKCR\CLSID\{434C4D2D-5341-5400-76A7-7A786E7484D7} => key not found.
Firefox DefaultSearchUrl removed successfully.
Firefox SelectedSearchEngine removed successfully.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\ProgramData\t14a.pad => moved successfully
"C:\Users\Vinc\AppData\Local\Temp" folder move:
Could not move "C:\Users\Vinc\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3388468 B
Java, Flash, Steam htmlcache => 1370 B
Windows/system/drivers => 1348 B
Edge => 0 B
Chrome => 51276086 B
Firefox => 381551572 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 1870334 B
LocalService => 66708 B
NetworkService => 2090 B
Vinc => 37874818 B
RecycleBin => 0 B
EmptyTemp: => 462 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-11-2016 11:55:41)
C:\Users\Vinc\AppData\Local\Temp => moved successfully
==== End of Fixlog 11:55:41 ====
Ran by Vinc (26-11-2016 11:53:35) Run:1
Running from C:\Users\Vinc\Desktop
Loaded Profiles: Vinc (Available Profiles: Vinc)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\Run: [] => [X]
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {39dce2de-3764-11e3-b5a4-001d60fd27f1} - I:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {3b633cd9-30af-11e5-b009-001d60fd27f1} - I:\LG_PC_Programs.exe
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {b31a15a9-4894-11e3-ae23-001d60fd27f1} - I:\LGAutoRun.exe
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\...\MountPoints2: {b31a15b5-4894-11e3-ae23-001d60fd27f1} - I:\PcOptions.exe
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> DefaultScope {DFE7119D-13A2-44BE-8281-27CC86DDA5FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> {DFE7119D-13A2-44BE-8281-27CC86DDA5FE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Toolbar: HKU\S-1-5-21-4096036714-2317514608-166931336-1000 -> No Name - {434C4D2D-5341-5400-76A7-7A786E7484D7} - No File
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\3ee9z9zp.default -> hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3ee9z9zp.default -> Tuvaro
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\t14a.pad
C:\Users\Vinc\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
"HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39dce2de-3764-11e3-b5a4-001d60fd27f1}" => key removed successfully.
HKCR\CLSID\{39dce2de-3764-11e3-b5a4-001d60fd27f1} => key not found.
"HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b633cd9-30af-11e5-b009-001d60fd27f1}" => key removed successfully.
HKCR\CLSID\{3b633cd9-30af-11e5-b009-001d60fd27f1} => key not found.
"HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b31a15a9-4894-11e3-ae23-001d60fd27f1}" => key removed successfully.
HKCR\CLSID\{b31a15a9-4894-11e3-ae23-001d60fd27f1} => key not found.
"HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b31a15b5-4894-11e3-ae23-001d60fd27f1}" => key removed successfully.
HKCR\CLSID\{b31a15b5-4894-11e3-ae23-001d60fd27f1} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => key removed successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => key not found.
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-4096036714-2317514608-166931336-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DFE7119D-13A2-44BE-8281-27CC86DDA5FE}" => key removed successfully.
HKCR\CLSID\{DFE7119D-13A2-44BE-8281-27CC86DDA5FE} => key not found.
HKU\S-1-5-21-4096036714-2317514608-166931336-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{434C4D2D-5341-5400-76A7-7A786E7484D7} => value removed successfully.
HKCR\CLSID\{434C4D2D-5341-5400-76A7-7A786E7484D7} => key not found.
Firefox DefaultSearchUrl removed successfully.
Firefox SelectedSearchEngine removed successfully.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\ProgramData\t14a.pad => moved successfully
"C:\Users\Vinc\AppData\Local\Temp" folder move:
Could not move "C:\Users\Vinc\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3388468 B
Java, Flash, Steam htmlcache => 1370 B
Windows/system/drivers => 1348 B
Edge => 0 B
Chrome => 51276086 B
Firefox => 381551572 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 1870334 B
LocalService => 66708 B
NetworkService => 2090 B
Vinc => 37874818 B
RecycleBin => 0 B
EmptyTemp: => 462 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-11-2016 11:55:41)
C:\Users\Vinc\AppData\Local\Temp => moved successfully
==== End of Fixlog 11:55:41 ====
-
Rudy
- Site Admin
- Příspěvky: 118310
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovany Notebook
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zavirovany Notebook
Myslim ze notebook je o nieco rychlejsi este ho defragmentujem a snad to bude ok.Este sa opytam ten log je z celeho pc myslim disky C a D?Inac moc velka vdaka za pomoc.
Re: Zavirovany Notebook
Vsetko je OK syn je spokojny a tiez dakuje 
-
Rudy
- Site Admin
- Příspěvky: 118310
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zavirovany Notebook
Log je převážne ze systémového disku. Pokud by se něco spouštělo z jiného disku, než systémového, pak i z něj. Pokud si zavirujete počítač, odnese to zpravidla oper. systém. Tak proto. Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?