Zdravím, nějakým nedopatřením se mi NTB nainstaloval goojile.info...je to podobné jako youndoo a ovládá mi to chrome, takže nemůžu měnit nastavení atp., navíc se mi teď každých pět minut restartuje explorer.exe a další kraviny. LOG přikládám:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
Ran by Vojtěch (administrator) on VOJTA-PC (12-03-2017 16:56:19)
Running from C:\Users\Vojtěch\Desktop
Loaded Profiles: Vojtěch (Available Profiles: Vojtěch)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Conexant Systems Inc.) C:\windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Tracker Software Products Ltd.) C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
() C:\Users\Vojtěch\AppData\Roaming\ICQ\bin\icq.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\windows\System32\SettingSyncHost.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\msiexec.exe
(forum.viry.cz) C:\Users\Vojtěch\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276104 2014-06-18] (ELAN Microelectronics Corp.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-09-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AutoKMS] => C:\windows\AutoKMS.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2016-09-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [pdfSaver3] => [X]
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [pdfSaver3] => c:\Program Files\PDF\pdfSaver\pdfSaver3.exe [385024 2004-05-19] (Tracker Software Products Ltd.)
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-02] (Disc Soft Ltd)
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [C] => cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@att (the data entry has 99 more characters). <===== ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [SpyEmergency] => C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [icq.desktop] => C:\Users\Vojtěch\AppData\Roaming\ICQ\bin\icq.exe [26353288 2017-03-12] ()
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\RunOnce: [Application Restart #5] => C:\Users\Vojtěch\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-reso (the data entry has 587 more characters).
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\RunOnce: [Application Restart #3] => C:\Users\Vojtěch\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-reso (the data entry has 587 more characters).
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Policies\Explorer: []
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {0b36c64d-a160-11e4-825e-3010b3a29d32} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {23c0be00-9f64-11e4-825e-3010b3a29d32} - "G:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
ShellExecuteHooks: No Name - {21E0FCA4-DE4A-11E6-844B-64006A5CFC23} - C:\Users\Vojtěch\AppData\Roaming\Vonepy\Sugophghilither.dll -> No File
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
Startup: C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2017-01-03]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 8.8.8.8
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{05CF0A7E-DD6F-497E-872F-01343F145810}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{05CF0A7E-DD6F-497E-872F-01343F145810}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{0EDF9A7D-0520-4EDA-B1AF-599F40EB1EA4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0EDF9A7D-0520-4EDA-B1AF-599F40EB1EA4}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{173A98E2-94CF-4C66-96EE-C074DC1B9306}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C3F2F1D7-4152-4CBC-9669-AF64F5A0A198}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C3F2F1D7-4152-4CBC-9669-AF64F5A0A198}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{ECE2C3ED-447F-484F-8245-99B223E062FE}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{EE4BA6AD-43B2-49C1-B22B-4A902A7EE229}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{EE4BA6AD-43B2-49C1-B22B-4A902A7EE229}: [DhcpNameServer] 192.168.0.1 8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://goojile.info/?ri=1&uid=698c128e8f50781cc31204c099e8df7e&q={searchTerms}
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://goojile.info/?ri=1&uid=698c128e8f50781cc31204c099e8df7e&q={searchTerms}
URLSearchHook: [S-1-5-21-866432661-1050328576-855569735-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8f50781cc31204c099e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8f50781cc31204c099e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://goojile.info/?ri=1&uid=698c128e8f50781cc31204c099e8df7e&q=
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} URL =
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {ECAD7C5B-257A-4BBE-80AD-94EC3417AC9C} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Youtube AdBlock -> {E3605470-291B-44EB-8648-745EE356599A} -> C:\Program Files (x86)\Youtube AdBlockIE\eA6_g_nB.dll [2017-03-10] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: No Name -> {E3605470-291B-44EB-8648-745EE356599A} -> No File
FireFox:
========
FF ProfilePath: C:\Users\Vojtěch\AppData\Roaming\Greyfirst\Celtx\Profiles\03mji8zv.default [2016-11-01]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org [2015-12-28] [not signed]
FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com [2015-12-28] [not signed]
FF Extension: (MSN-Smileys) - C:\Program Files (x86)\Celtx\extensions\emoticons-msn-smileys@m513901.de [2015-12-28] [not signed]
FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org [2015-12-28] [not signed]
FF Extension: (Blackened) - C:\Program Files (x86)\Celtx\extensions\messagestyle-blackened@addons.instantbird.org [2015-12-28] [not signed]
FF Extension: (Depth) - C:\Program Files (x86)\Celtx\extensions\messagestyle-depth@addons.instantbird.org [2015-12-28] [not signed]
FF Extension: (Minimal) - C:\Program Files (x86)\Celtx\extensions\messagestyle-minimal20@addons.instantbird.org [2015-12-28] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP","hxx ... id=UP97DHP"
CHR Profile: C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default [2017-03-12]
CHR Extension: (Dokumenty Google) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-04]
CHR Extension: (Disk Google) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-04]
CHR Extension: (YouTube) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-10]
CHR Extension: (Tabulky Google) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-04]
CHR Extension: (AdBlock) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-10]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgngmogcnpkcbknmcgpnooljecgadk [2017-03-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-04]
CHR Extension: (Chrome Media Router) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-12]
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Vojtěch\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-11-01]
OPR Extension: (Adblocker pro Youtube™) - C:\Users\Vojtěch\AppData\Roaming\Opera Software\Opera Stable\Extensions\oiiphhgajcopkkkglmilkjfokamokgni [2017-03-10]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-02] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-14] (Lenovo(beijing) Limited)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-14] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-09-14] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-09-14] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) [File not signed]
S2 Ralerly; C:\Program Files (x86)\Droyshocish\TerqutCmm.dll [X]
S2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-12] (Advanced Micro Devices)
R2 APXACC; C:\windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 athr; C:\windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R3 dtlitescsibus; C:\windows\System32\drivers\dtlitescsibus.sys [30264 2017-02-04] (Disc Soft Ltd)
R3 dtliteusbbus; C:\windows\System32\drivers\dtliteusbbus.sys [47672 2017-02-04] (Disc Soft Ltd)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2005-01-21] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2017-02-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2017-02-04] (Zemana Ltd.)
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-12 16:56 - 2017-03-12 16:57 - 00025257 _____ C:\Users\Vojtěch\Desktop\FRST.txt
2017-03-12 16:55 - 2017-03-12 16:56 - 00000000 ____D C:\FRST
2017-03-12 16:55 - 2017-03-12 16:55 - 00015327 _____ C:\Users\Vojtěch\Desktop\LM.bat
2017-03-12 16:51 - 2017-03-12 16:55 - 00029696 _____ C:\Users\Vojtěch\AppData\Local\MSGBOX.EXE
2017-03-12 16:50 - 2017-03-12 16:51 - 00112640 _____ (forum.viry.cz) C:\Users\Vojtěch\Desktop\FRSTLauncher.exe
2017-03-12 16:50 - 2017-03-12 16:50 - 02424832 _____ (Farbar) C:\Users\Vojtěch\Desktop\FRST64.exe
2017-03-12 16:43 - 2017-03-12 16:43 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-12 16:43 - 2017-03-12 16:43 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-12 16:41 - 2017-03-12 16:47 - 00003384 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-12 16:41 - 2017-03-12 16:47 - 00003256 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-12 16:17 - 2017-03-12 16:37 - 00000000 ____D C:\AdwCleaner
2017-03-12 16:17 - 2017-03-12 16:17 - 04031440 _____ C:\Users\Vojtěch\Downloads\adwcleaner_6.044.exe
2017-03-12 16:14 - 2017-03-12 16:14 - 00000000 ____D C:\Users\Vojtěch\Downloads\Malwarebytes Anti-Malware 3.0.6.1469 Premium Repack KpoJIuK [4realtorrentz]
2017-03-12 15:35 - 2017-03-12 15:35 - 09488448 _____ (Crawler Group ) C:\Users\Vojtěch\Downloads\SpywareTerminatorSetup.exe
2017-03-12 15:30 - 2017-03-12 16:01 - 56335875 ____R C:\Users\Vojtěch\Downloads\Malwarebytes Anti-Malware 3.0.6.1469 Premium Repack KpoJIuK [4realtorrentz].zip
2017-03-12 15:26 - 2017-03-12 15:26 - 00017643 _____ C:\Users\Vojtěch\Downloads\Malwarebytes-Anti-Malware-3.0.6.1469-Premium-Repack-KpoJIuK.torrent
2017-03-12 15:25 - 2017-03-12 15:25 - 01979944 _____ (WiperSoft) C:\Users\Vojtěch\Downloads\WiperSoft-installer (1).exe
2017-03-12 11:46 - 2017-03-12 15:21 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\ICQ
2017-03-12 11:46 - 2017-03-12 11:46 - 00001951 _____ C:\Users\Vojtěch\Desktop\ICQ.lnk
2017-03-12 11:46 - 2017-03-12 11:46 - 00001809 _____ C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2017-03-12 11:44 - 2017-03-12 11:45 - 49714312 _____ C:\Users\Vojtěch\Downloads\icq_rfrset_9983c4b5.exe
2017-03-12 11:29 - 2017-03-12 11:29 - 01979944 _____ (WiperSoft) C:\Users\Vojtěch\Downloads\WiperSoft-installer.exe
2017-03-12 11:27 - 2017-03-12 11:27 - 00000077 _____ C:\windows\SysWOW64\L
2017-03-11 15:03 - 2017-03-11 15:04 - 09261616 _____ (Piriform Ltd) C:\Users\Vojtěch\Downloads\ccsetup527.exe
2017-03-11 15:00 - 2017-03-11 15:01 - 35020712 _____ C:\Users\Vojtěch\Downloads\se-setup.exe
2017-03-10 19:37 - 2017-03-12 15:26 - 00000000 ____D C:\Users\Vojtěch\AppData\LocalLow\uTorrent
2017-03-10 06:12 - 2017-03-10 06:12 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlockIE
2017-03-10 06:11 - 2017-03-10 06:11 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlockU
2017-03-08 15:31 - 2017-03-08 15:31 - 00000000 ____D C:\Users\Vojtěch\Desktop\Nová složka (4)
2017-03-08 10:33 - 2017-03-08 10:33 - 00002747 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-08 10:33 - 2017-03-08 10:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-08 10:33 - 2017-03-08 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-08 10:26 - 2017-03-08 10:26 - 01631200 _____ (Skype Technologies S.A.) C:\Users\Vojtěch\Downloads\SkypeSetup.exe
2017-03-07 17:16 - 2017-03-07 17:16 - 00000967 _____ C:\Users\Vojtěch\Desktop\Sweet Home 3D.lnk
2017-03-07 17:16 - 2017-03-07 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2017-03-07 17:15 - 2017-03-07 17:16 - 00000000 ____D C:\Program Files\Sweet Home 3D
2017-03-07 17:12 - 2017-03-07 17:15 - 50221536 _____ C:\Users\Vojtěch\Downloads\SweetHome3D-5.4-windows.exe
2017-03-07 15:47 - 2017-03-07 15:47 - 00000031 _____ C:\Users\Vojtěch\AppData\Local\SQ.RemoverDelete.bat
2017-03-07 15:35 - 2017-03-07 15:47 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\SquareClock.Production_Home_Siko_Web
2017-03-07 15:35 - 2017-03-07 15:35 - 00425480 _____ (SquareClock SAS) C:\Users\Vojtěch\Downloads\Siko_Web_Kitchen_Planner.exe
2017-03-05 18:04 - 2017-03-05 18:39 - 00000000 ____D C:\Users\Vojtěch\Documents\Harry Potter
2017-03-05 18:03 - 2017-03-05 18:03 - 00000522 _____ C:\windows\eReg.dat
2017-03-05 17:22 - 2017-03-05 17:22 - 00000073 _____ C:\Users\Vojtěch\Downloads\1130420.xws
2017-03-05 17:19 - 2017-03-05 17:19 - 01950000 _____ C:\Users\Vojtěch\Downloads\100 (1).dat
2017-03-05 12:40 - 2017-03-12 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2017-03-04 18:14 - 2017-03-04 18:14 - 02247272 _____ C:\Users\Vojtěch\Downloads\michal_ruttner_DP_prilohy.zip
2017-03-04 17:43 - 2017-03-04 17:43 - 00937006 _____ C:\Users\Vojtěch\Downloads\Marek_Handl_BP_prilohy.zip
2017-03-04 17:16 - 2017-03-04 17:16 - 00001513 _____ C:\Users\Vojtěch\Downloads\QRSdetector (2).zip
2017-03-04 17:13 - 2017-03-04 17:13 - 00191623 _____ C:\Users\Vojtěch\Downloads\Bucsuhazy_Katerina_BP_prilohy.zip
2017-03-02 23:07 - 2017-03-02 23:07 - 00001513 _____ C:\Users\Vojtěch\Downloads\QRSdetector (1).zip
2017-03-02 23:02 - 2017-03-02 23:02 - 00005758 _____ C:\Users\Vojtěch\Downloads\David_Grossmann_BP_prilohy.zip
2017-03-02 19:24 - 2017-03-02 19:24 - 00009453 _____ C:\Users\Vojtěch\Downloads\DP_Bucsuhazy (2).zip
2017-03-02 19:21 - 2017-03-02 19:21 - 00005237 _____ C:\Users\Vojtěch\Downloads\Jakub_Brandejs_BP_prilohy.rar
2017-03-02 19:15 - 2017-03-02 19:15 - 00007780 _____ C:\Users\Vojtěch\Downloads\Detektor_Brandejs.zip
2017-03-02 19:04 - 2017-03-02 19:04 - 08325247 _____ C:\Users\Vojtěch\Downloads\Detektor QRS komplexu (1).zip
2017-03-02 17:29 - 2017-03-02 17:30 - 08641936 _____ C:\Users\Vojtěch\Downloads\Jiří_Bajgar_DP_priloha.zip
2017-03-01 16:54 - 2017-03-01 16:54 - 00136076 _____ C:\Users\Vojtěch\Downloads\pdf_dokumentcc9bf40d9227166ddc97777481df8aea.pdf
2017-02-28 19:22 - 2017-03-02 18:57 - 00000000 ____D C:\Users\Vojtěch\Desktop\Odeslat vedoucímu
2017-02-28 14:58 - 2017-03-02 17:24 - 00000000 ____D C:\Users\Vojtěch\Desktop\Katerina_Ancincova_BP_prilohy
2017-02-27 17:36 - 2017-02-27 17:36 - 00224883 _____ C:\Users\Vojtěch\Desktop\global.tif
2017-02-27 17:36 - 2017-02-27 17:36 - 00086919 _____ C:\Users\Vojtěch\Desktop\global2.tif
2017-02-26 15:28 - 2017-02-26 16:23 - 1932204032 ____R C:\Users\Vojtěch\Downloads\Kobry a užovky.avi
2017-02-24 19:09 - 2017-02-24 19:09 - 00878769 _____ C:\Users\Vojtěch\Downloads\Katerina_Ancincova_BP_prilohy (1).zip
2017-02-24 19:06 - 2017-03-08 21:22 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E07.HDTV.x264-LOL[ettv]
2017-02-24 18:10 - 2017-02-24 18:10 - 00139106 _____ C:\Users\Vojtěch\Downloads\MATLAB.rar
2017-02-24 14:57 - 2017-02-24 14:57 - 00021666 _____ C:\Users\Vojtěch\Downloads\Re_ Konzultace DP.zip
2017-02-24 14:55 - 2017-02-24 14:55 - 00056889 _____ C:\Users\Vojtěch\Desktop\TKEO.tif
2017-02-24 14:51 - 2017-02-24 14:51 - 00878769 _____ C:\Users\Vojtěch\Downloads\Katerina_Ancincova_BP_prilohy.zip
2017-02-22 22:55 - 2017-02-22 22:55 - 00170964 _____ C:\Users\Vojtěch\Downloads\5484-15900-1-PB.pdf
2017-02-22 22:52 - 2017-02-22 23:24 - 1164362025 _____ C:\Users\Vojtěch\Downloads\Zóna soumraku cz(lukuz) filmy scifi fantasy horor.mp4
2017-02-22 17:31 - 2017-03-05 12:37 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E02.HDTV.x264-LOL[ettv]
2017-02-22 00:38 - 2017-02-22 00:38 - 00001746 _____ C:\Users\Vojtěch\Desktop\235961.txt
2017-02-22 00:33 - 2017-02-22 00:39 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E08.HDTV.x264-LOL[ettv]
2017-02-22 00:18 - 2017-02-22 00:31 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E06.HDTV.x264-LOL[rarbg]
2017-02-22 00:17 - 2017-03-05 12:37 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E05.HDTV.x264-LOL[ettv]
2017-02-22 00:17 - 2017-02-24 19:10 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E03.HDTV.x264-LOL[ettv]
2017-02-22 00:17 - 2017-02-24 14:52 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E04.HDTV.x264-LOL[ettv]
2017-02-22 00:16 - 2017-02-22 00:16 - 00048371 _____ C:\Users\Vojtěch\Downloads\11.22.63.S01E02.HDTV.X264-LOL (+720p.H.264-TOPLEL).srt
2017-02-22 00:15 - 2017-03-05 12:37 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E01.HDTV.x264-LOL[ettv]
2017-02-21 22:11 - 2017-02-21 22:11 - 01013129 _____ C:\Users\Vojtěch\Downloads\Jakub_Hejc_DP_prilohy (3).zip
2017-02-20 19:22 - 2017-02-20 19:22 - 10437778 _____ C:\Users\Vojtěch\Downloads\Milan_Kubát_BP_prilohy (1).zip
2017-02-20 16:24 - 2017-02-21 01:55 - 2007631330 ____R C:\Users\Vojtěch\Downloads\tak-trochu-jina-love-story-dvdrip.avi
2017-02-20 16:23 - 2017-02-20 18:09 - 1629683790 ____R C:\Users\Vojtěch\Downloads\The.Hypnotist.2012.DVDrip.CZ.avi
2017-02-20 16:20 - 2017-02-20 18:11 - 2039156736 ____R C:\Users\Vojtěch\Downloads\Hon.avi
2017-02-19 22:11 - 2017-02-19 23:04 - 821395456 _____ C:\Users\Vojtěch\Downloads\Hercule.Poirot.S12E03.Videla.jsem.vrazdu.DVDRip.XviD.cz.en-iNG.avi
2017-02-18 11:36 - 2017-03-12 16:23 - 00000000 ____D C:\Users\Vojtěch\Desktop\Hry
2017-02-16 23:37 - 2017-02-16 23:37 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\Macromedia
2017-02-16 23:34 - 2017-03-12 11:27 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2017-02-16 23:34 - 2017-02-16 23:34 - 00000008 __RSH C:\Users\Vojtěch\ntuser.pol
2017-02-14 09:37 - 2017-03-11 15:15 - 00000000 ____D C:\windows\Minidump
2017-02-13 19:31 - 2017-02-13 19:39 - 136115406 _____ C:\Users\Vojtěch\Downloads\Harry-Potter-2-Chamber-of-Secrets-audiobook-EN.rar
2017-02-13 19:21 - 2017-02-13 19:28 - 117629141 _____ C:\Users\Vojtěch\Downloads\Harry-Potter-1-Philosopher's-stone-audiobook-EN.rar
2017-02-13 16:03 - 2017-02-13 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adventure Island 2
2017-02-13 16:03 - 2017-02-13 16:03 - 00000000 ____D C:\Program Files (x86)\Adventure Island 2
2017-02-13 14:42 - 2017-02-13 14:50 - 129820935 _____ C:\Users\Vojtěch\Downloads\Murphy-R.-English-Grammar-in-Use.pdf
2017-02-12 11:43 - 2017-02-12 11:43 - 00003062 _____ C:\windows\System32\Tasks\{2F790400-951E-46AF-B7FA-AFDFA48BE7F8}
2017-02-12 11:43 - 2017-02-12 11:43 - 00000000 ____D C:\Program Files (x86)\CAPCOM
2017-02-12 11:23 - 2017-03-12 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2017-02-12 11:14 - 2017-02-12 11:14 - 00003050 _____ C:\windows\System32\Tasks\{D1F689DA-2E91-4E14-8F60-62B225323103}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-12 16:58 - 2016-04-10 11:17 - 00000978 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job
2017-03-12 16:57 - 2017-02-04 14:54 - 00080960 _____ C:\windows\ZAM.krnl.trace
2017-03-12 16:57 - 2017-02-04 14:54 - 00048825 _____ C:\windows\ZAM_Guard.krnl.trace
2017-03-12 16:54 - 2015-01-18 23:58 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-866432661-1050328576-855569735-1002
2017-03-12 16:49 - 2015-08-24 14:38 - 00001279 _____ C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2017-03-12 16:49 - 2015-01-18 23:59 - 00000000 ____D C:\ProgramData\LU
2017-03-12 16:45 - 2015-01-31 13:27 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\CrashDumps
2017-03-12 16:45 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2017-03-12 16:45 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2017-03-12 16:44 - 2015-01-18 23:57 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-12 16:42 - 2017-02-04 16:58 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-12 16:42 - 2015-05-18 15:39 - 00000000 ____D C:\Users\Vojtěch\Documents\Soubory aplikace Outlook
2017-03-12 16:41 - 2015-01-19 15:55 - 00000568 _____ C:\windows\Tasks\MATLAB R2012b Startup Accelerator.job
2017-03-12 16:41 - 2015-01-18 23:56 - 00000000 ___DO C:\Users\Vojtěch\OneDrive
2017-03-12 16:39 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-12 16:38 - 2014-09-13 23:11 - 00065536 _____ C:\windows\system32\spu_storage.bin
2017-03-12 16:35 - 2014-09-14 00:01 - 00006656 _____ C:\windows\system32\VfService.trf
2017-03-12 16:26 - 2015-01-18 23:47 - 00000000 ____D C:\Users\Vojtěch
2017-03-12 16:16 - 2015-01-19 00:01 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\uTorrent
2017-03-12 16:08 - 2015-05-25 16:41 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-03-12 15:41 - 2015-01-19 17:43 - 00000000 ____D C:\Users\Vojtěch\Documents\MATLAB
2017-03-12 15:18 - 2014-09-14 00:02 - 00000000 ____D C:\ProgramData\McAfee
2017-03-12 12:08 - 2016-12-16 00:01 - 00000000 ____D C:\Program Files (x86)\National Instruments
2017-03-12 12:07 - 2016-12-15 23:59 - 00000000 ____D C:\ProgramData\National Instruments
2017-03-12 11:59 - 2016-04-26 18:43 - 00000000 ____D C:\Medicus 3
2017-03-12 11:57 - 2014-09-13 23:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-12 11:53 - 2015-01-19 22:03 - 00000000 ____D C:\Program Files (x86)\URUSoft
2017-03-12 11:53 - 2015-01-19 14:45 - 00000000 ____D C:\Program Files (x86)\UltraISO
2017-03-12 11:51 - 2016-07-17 14:33 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\Seznam.cz
2017-03-12 11:49 - 2014-09-14 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-03-12 11:49 - 2014-09-14 00:00 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-03-12 11:46 - 2015-01-19 00:17 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2017-03-12 11:27 - 2015-07-17 19:17 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-03-12 11:21 - 2015-02-11 21:14 - 00000000 ____D C:\Users\Vojtěch\Desktop\Filmy
2017-03-12 11:21 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
2017-03-12 11:18 - 2017-02-04 12:06 - 00000000 ____D C:\Users\Vojt↓ch
2017-03-12 11:18 - 2015-05-18 14:40 - 00000000 ____D C:\Users\Vojtch
2017-03-12 11:17 - 2014-09-14 00:13 - 00000000 ____D C:\ProgramData\Office2013
2017-03-12 11:17 - 2014-09-14 00:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-12 11:17 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-12 11:15 - 2016-07-17 17:00 - 00000000 ____D C:\ProgramData\Formix
2017-03-12 11:11 - 2015-01-18 23:56 - 00003834 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{AC9158A3-4C3C-4033-B028-C1C6C126075D}
2017-03-12 11:06 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2017-03-12 01:19 - 2015-05-25 16:41 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-03-11 19:24 - 2015-01-19 01:35 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\vlc
2017-03-11 15:37 - 2015-04-15 15:55 - 00000000 ____D C:\Users\Vojtěch\Documents\Harry Potter II
2017-03-11 15:36 - 2016-04-04 18:05 - 01132032 ___SH C:\Users\Vojtěch\Desktop\Thumbs.db
2017-03-11 15:16 - 2017-02-04 12:05 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\DAEMON Tools Lite
2017-03-11 15:15 - 2014-04-03 20:15 - 00000000 ____D C:\windows\Panther
2017-03-11 13:07 - 2015-01-19 00:13 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\Skype
2017-03-10 06:11 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2017-03-10 06:07 - 2016-11-22 19:47 - 00000000 ____D C:\Users\Vojtěch\Desktop\Diplomka programy
2017-03-08 21:22 - 2015-01-20 23:00 - 02718720 ___SH C:\Users\Vojtěch\Downloads\Thumbs.db
2017-03-08 19:24 - 2014-09-13 23:17 - 04820396 _____ C:\windows\system32\perfh005.dat
2017-03-08 19:24 - 2014-09-13 23:17 - 01465734 _____ C:\windows\system32\perfc005.dat
2017-03-08 19:24 - 2014-03-18 10:53 - 00005430 _____ C:\windows\system32\PerfStringBackup.INI
2017-03-08 15:37 - 2015-03-04 11:55 - 00000000 ____D C:\Temp
2017-03-08 10:33 - 2015-01-19 00:13 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\Skype
2017-03-08 10:33 - 2015-01-19 00:13 - 00000000 ____D C:\ProgramData\Skype
2017-03-08 10:30 - 2014-09-13 23:08 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-05 11:33 - 2016-09-30 09:28 - 00000000 ____D C:\Users\Vojtěch\Desktop\mat
2017-03-02 19:09 - 2015-01-18 23:58 - 00003846 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1421621899
2017-03-02 19:08 - 2015-01-18 23:58 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-24 04:58 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2017-02-24 04:57 - 2015-01-23 18:37 - 138020592 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-02-22 14:22 - 2016-02-21 13:00 - 00000000 ____D C:\Program Files (x86)\Maple 17
2017-02-17 19:19 - 2016-04-04 21:55 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\ElevatedDiagnostics
2017-02-17 11:06 - 2014-09-14 00:13 - 00000000 ____D C:\ProgramData\Energy Manager
2017-02-16 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\GroupPolicy
2017-02-14 14:08 - 2015-05-25 16:41 - 00003724 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-14 14:08 - 2015-05-25 16:41 - 00003666 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 14:08 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-02-14 14:08 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\Macromed
2017-02-14 09:41 - 2017-02-02 21:38 - 00000000 ____D C:\Users\Vojtěch\Desktop\T8BOR
2017-02-13 19:31 - 2016-02-08 19:19 - 00000000 ____D C:\Users\Vojtěch\Desktop\Angličtina
==================== Files in the root of some directories =======
2017-03-12 16:51 - 2017-03-12 16:55 - 0029696 _____ () C:\Users\Vojtěch\AppData\Local\MSGBOX.EXE
2017-03-07 15:47 - 2017-03-07 15:47 - 0000031 _____ () C:\Users\Vojtěch\AppData\Local\SQ.RemoverDelete.bat
2017-03-07 15:37 - 2017-03-07 15:37 - 0032038 _____ () C:\Users\Vojtěch\AppData\Local\SquareClock.Production_Home_Siko_WebIcon.ico
2014-09-13 23:15 - 2014-09-13 23:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-02-04 12:02 - 2013-01-18 22:24 - 0040328 _____ (Autodesk, Inc.) C:\Users\Vojtěch\AppData\Local\Temp\AcDeltree.exe
2017-01-21 09:04 - 2017-01-21 09:04 - 0739904 _____ (Oracle Corporation) C:\Users\Vojtěch\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-03-12 11:21 - 2014-11-21 16:18 - 0098824 _____ (McAfee Inc.) C:\Users\Vojtěch\AppData\Local\Temp\mccspuninstall.exe
2016-11-17 01:10 - 2016-11-17 01:12 - 64111920 _____ (SweetLabs,Inc.) C:\Users\Vojtěch\AppData\Local\Temp\oct35DD.tmp.exe
2017-01-10 23:20 - 2017-02-21 00:31 - 44048864 _____ (Skype Technologies S.A.) C:\Users\Vojtěch\AppData\Local\Temp\SkypeSetup.exe
2016-08-16 08:48 - 2016-08-16 08:48 - 0488960 _____ () C:\Users\Vojtěch\AppData\Local\Temp\sqlite3.exe
2017-03-08 10:27 - 2017-03-08 10:27 - 14456872 _____ (Microsoft Corporation) C:\Users\Vojtěch\AppData\Local\Temp\vc_redist.x86.exe
2016-10-17 18:23 - 2002-06-18 22:11 - 0294912 ____N (Blizzard Entertainment) C:\Users\Vojtěch\AppData\Local\Temp\war3_Install.exe
2017-02-14 09:46 - 2017-03-12 11:51 - 0534528 _____ () C:\Users\Vojtěch\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19311776010e3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MATLAB R2012b Startup Accelerator.job => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Únosce prohlížeče goojile.info
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Únosce prohlížeče goojile.info
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Únosce prohlížeče goojile.info
Nic to nenašlo, ale v Google Chrome je pořád ten únosce goojile.info
# AdwCleaner v6.044 - Log vytvořen 12/03/2017 v 18:37:01
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-12.1 [Místní]
# Operační systém : Windows 8.1 (X64)
# Uživatelské jméno : Vojtěch - VOJTA-PC
# Spuštěno z : C:\Users\Vojtěch\Downloads\adwcleaner_6.044.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Nebyly nalezeny žádné škodlivé služby.
***** [ Složky ] *****
Nebyly nalezeny žádné škodlivé složky.
***** [ Soubory ] *****
Nebyly nalezeny žádné škodlivé soubory.
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Nebyly nalezeny žádné škodlivé položky registru.
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [15542 Bajty] - [12/03/2017 16:26:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [1370 Bajty] - [12/03/2017 16:37:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [14350 Bajty] - [12/03/2017 16:21:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [1596 Bajty] - [12/03/2017 16:35:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [1663 Bajty] - [12/03/2017 17:29:11]
C:\AdwCleaner\AdwCleaner[S3].txt - [1584 Bajty] - [12/03/2017 18:37:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1657 Bajty] ##########
# AdwCleaner v6.044 - Log vytvořen 12/03/2017 v 18:37:01
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-12.1 [Místní]
# Operační systém : Windows 8.1 (X64)
# Uživatelské jméno : Vojtěch - VOJTA-PC
# Spuštěno z : C:\Users\Vojtěch\Downloads\adwcleaner_6.044.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Nebyly nalezeny žádné škodlivé služby.
***** [ Složky ] *****
Nebyly nalezeny žádné škodlivé složky.
***** [ Soubory ] *****
Nebyly nalezeny žádné škodlivé soubory.
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Nebyly nalezeny žádné škodlivé položky registru.
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [15542 Bajty] - [12/03/2017 16:26:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [1370 Bajty] - [12/03/2017 16:37:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [14350 Bajty] - [12/03/2017 16:21:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [1596 Bajty] - [12/03/2017 16:35:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [1663 Bajty] - [12/03/2017 17:29:11]
C:\AdwCleaner\AdwCleaner[S3].txt - [1584 Bajty] - [12/03/2017 18:37:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1657 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Únosce prohlížeče goojile.info
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\...\Run: [AutoKMS] => C:\windows\AutoKMS.exe
C:\windows\AutoKMS.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [pdfSaver3] => [X]
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [C] => cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@att (the data entry has 99 more characters). <===== ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Policies\Explorer: []
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {0b36c64d-a160-11e4-825e-3010b3a29d32} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {23c0be00-9f64-11e4-825e-3010b3a29d32} - "G:\LaunchU3.exe" -a
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
URLSearchHook: [S-1-5-21-866432661-1050328576-855569735-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q=
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} URL =
BHO-x32: No Name -> {E3605470-291B-44EB-8648-745EE356599A} -> No File
C:\Program Files (x86)\Droyshocish
S2 Ralerly; C:\Program Files (x86)\Droyshocish\TerqutCmm.dll [X]
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
c:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\windows\System32\Tasks\{D1F689DA-2E91-4E14-8F60-62B225323103}
C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job
C:\ProgramData\DP45977C.lfl
C:\Users\Vojtěch\AppData\Local\Temp
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Únosce prohlížeče goojile.info
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Vojtěch (12-03-2017 19:59:51) Run:1
Running from C:\Users\Vojtěch\Desktop
Loaded Profiles: Vojtěch & (Available Profiles: Vojtěch)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [AutoKMS] => C:\windows\AutoKMS.exe
C:\windows\AutoKMS.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [pdfSaver3] => [X]
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [C] => cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@att (the data entry has 99 more characters). <===== ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Policies\Explorer: []
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {0b36c64d-a160-11e4-825e-3010b3a29d32} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {23c0be00-9f64-11e4-825e-3010b3a29d32} - "G:\LaunchU3.exe" -a
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
URLSearchHook: [S-1-5-21-866432661-1050328576-855569735-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q=
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} URL =
BHO-x32: No Name -> {E3605470-291B-44EB-8648-745EE356599A} -> No File
C:\Program Files (x86)\Droyshocish
S2 Ralerly; C:\Program Files (x86)\Droyshocish\TerqutCmm.dll [X]
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
c:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\windows\System32\Tasks\{D1F689DA-2E91-4E14-8F60-62B225323103}
C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job
C:\ProgramData\DP45977C.lfl
C:\Users\Vojtěch\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS => value removed successfully
"C:\windows\AutoKMS.exe" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pdfSaver3 => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Windows\CurrentVersion\Run\\C => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b36c64d-a160-11e4-825e-3010b3a29d32} => key removed successfully
HKCR\CLSID\{0b36c64d-a160-11e4-825e-3010b3a29d32} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23c0be00-9f64-11e4-825e-3010b3a29d32} => key removed successfully
HKCR\CLSID\{23c0be00-9f64-11e4-825e-3010b3a29d32} => key not found.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3C} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} => key removed successfully
HKCR\CLSID\{A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3605470-291B-44EB-8648-745EE356599A} => key removed successfully
HKCR\Wow6432Node\CLSID\{E3605470-291B-44EB-8648-745EE356599A} => key not found.
"C:\Program Files (x86)\Droyshocish" => not found.
HKLM\System\CurrentControlSet\Services\Ralerly => key removed successfully
Ralerly => service removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
c:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\windows\System32\Tasks\{D1F689DA-2E91-4E14-8F60-62B225323103} => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job => moved successfully
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
"C:\Users\Vojtěch\AppData\Local\Temp" folder move:
Could not move "C:\Users\Vojtěch\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12733300 B
Java, Flash, Steam htmlcache => 570 B
Windows/system/drivers => 650876736 B
Edge => 0 B
Chrome => 147889168 B
Firefox => 0 B
Opera => 37443837 B
Temp, IE cache, history, cookies, recent:
Default => 6992 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 3406 B
NetworkService => 0 B
Vojtěch => 2073545382 B
RecycleBin => 94532 B
EmptyTemp: => 2.7 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2017 20:04:33)
C:\ProgramData\DP45977C.lfl => Is moved successfully
C:\Users\Vojtěch\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:04:36 ====
Ran by Vojtěch (12-03-2017 19:59:51) Run:1
Running from C:\Users\Vojtěch\Desktop
Loaded Profiles: Vojtěch & (Available Profiles: Vojtěch)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [AutoKMS] => C:\windows\AutoKMS.exe
C:\windows\AutoKMS.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [pdfSaver3] => [X]
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [C] => cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@att (the data entry has 99 more characters). <===== ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Policies\Explorer: []
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {0b36c64d-a160-11e4-825e-3010b3a29d32} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {23c0be00-9f64-11e4-825e-3010b3a29d32} - "G:\LaunchU3.exe" -a
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
URLSearchHook: [S-1-5-21-866432661-1050328576-855569735-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q=
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} URL =
BHO-x32: No Name -> {E3605470-291B-44EB-8648-745EE356599A} -> No File
C:\Program Files (x86)\Droyshocish
S2 Ralerly; C:\Program Files (x86)\Droyshocish\TerqutCmm.dll [X]
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
c:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\windows\System32\Tasks\{D1F689DA-2E91-4E14-8F60-62B225323103}
C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job
C:\ProgramData\DP45977C.lfl
C:\Users\Vojtěch\AppData\Local\Temp
EmptyTemp:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS => value removed successfully
"C:\windows\AutoKMS.exe" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pdfSaver3 => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Windows\CurrentVersion\Run\\C => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b36c64d-a160-11e4-825e-3010b3a29d32} => key removed successfully
HKCR\CLSID\{0b36c64d-a160-11e4-825e-3010b3a29d32} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23c0be00-9f64-11e4-825e-3010b3a29d32} => key removed successfully
HKCR\CLSID\{23c0be00-9f64-11e4-825e-3010b3a29d32} => key not found.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3C} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} => key removed successfully
HKCR\CLSID\{A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3605470-291B-44EB-8648-745EE356599A} => key removed successfully
HKCR\Wow6432Node\CLSID\{E3605470-291B-44EB-8648-745EE356599A} => key not found.
"C:\Program Files (x86)\Droyshocish" => not found.
HKLM\System\CurrentControlSet\Services\Ralerly => key removed successfully
Ralerly => service removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
c:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\windows\System32\Tasks\{D1F689DA-2E91-4E14-8F60-62B225323103} => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job => moved successfully
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
"C:\Users\Vojtěch\AppData\Local\Temp" folder move:
Could not move "C:\Users\Vojtěch\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12733300 B
Java, Flash, Steam htmlcache => 570 B
Windows/system/drivers => 650876736 B
Edge => 0 B
Chrome => 147889168 B
Firefox => 0 B
Opera => 37443837 B
Temp, IE cache, history, cookies, recent:
Default => 6992 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 3406 B
NetworkService => 0 B
Vojtěch => 2073545382 B
RecycleBin => 94532 B
EmptyTemp: => 2.7 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2017 20:04:33)
C:\ProgramData\DP45977C.lfl => Is moved successfully
C:\Users\Vojtěch\AppData\Local\Temp => moved successfully
==== End of Fixlog 20:04:36 ====
Re: Únosce prohlížeče goojile.info
Ihned po restartu a načtení Google Chrome se zdá, že je vše v naprostém pořádku. Nevím jak Vám poděkovat, už jsem byl naprosto bezradný. Mnohokrát děkuji.
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Únosce prohlížeče goojile.info
Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?