VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Únosce prohlížeče goojile.info

https://forum.viry.cz:443/viewtopic.php?t=151616

Stránka 1 z 1

Únosce prohlížeče goojile.info

Napsal: 12 bře 2017 17:12
od wewewe
Zdravím, nějakým nedopatřením se mi NTB nainstaloval goojile.info...je to podobné jako youndoo a ovládá mi to chrome, takže nemůžu měnit nastavení atp., navíc se mi teď každých pět minut restartuje explorer.exe a další kraviny. LOG přikládám:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
Ran by Vojtěch (administrator) on VOJTA-PC (12-03-2017 16:56:19)
Running from C:\Users\Vojtěch\Desktop
Loaded Profiles: Vojtěch (Available Profiles: Vojtěch)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Conexant Systems Inc.) C:\windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Tracker Software Products Ltd.) C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
() C:\Users\Vojtěch\AppData\Roaming\ICQ\bin\icq.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\windows\System32\SettingSyncHost.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Microsoft Corporation) C:\windows\System32\dllhost.exe
(Microsoft Corporation) C:\windows\System32\msiexec.exe
(forum.viry.cz) C:\Users\Vojtěch\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276104 2014-06-18] (ELAN Microelectronics Corp.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-09-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AutoKMS] => C:\windows\AutoKMS.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2016-09-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [pdfSaver3] => [X]
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [pdfSaver3] => c:\Program Files\PDF\pdfSaver\pdfSaver3.exe [385024 2004-05-19] (Tracker Software Products Ltd.)
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-02] (Disc Soft Ltd)
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [C] => cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@att (the data entry has 99 more characters). <===== ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [SpyEmergency] => C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [icq.desktop] => C:\Users\Vojtěch\AppData\Roaming\ICQ\bin\icq.exe [26353288 2017-03-12] ()
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\RunOnce: [Application Restart #5] => C:\Users\Vojtěch\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-reso (the data entry has 587 more characters).
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\RunOnce: [Application Restart #3] => C:\Users\Vojtěch\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-reso (the data entry has 587 more characters).
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Policies\Explorer: []
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {0b36c64d-a160-11e4-825e-3010b3a29d32} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {23c0be00-9f64-11e4-825e-3010b3a29d32} - "G:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
ShellExecuteHooks: No Name - {21E0FCA4-DE4A-11E6-844B-64006A5CFC23} - C:\Users\Vojtěch\AppData\Roaming\Vonepy\Sugophghilither.dll -> No File
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
Startup: C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2017-01-03]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 8.8.8.8
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{05CF0A7E-DD6F-497E-872F-01343F145810}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{05CF0A7E-DD6F-497E-872F-01343F145810}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{0EDF9A7D-0520-4EDA-B1AF-599F40EB1EA4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0EDF9A7D-0520-4EDA-B1AF-599F40EB1EA4}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{173A98E2-94CF-4C66-96EE-C074DC1B9306}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C3F2F1D7-4152-4CBC-9669-AF64F5A0A198}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C3F2F1D7-4152-4CBC-9669-AF64F5A0A198}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{ECE2C3ED-447F-484F-8245-99B223E062FE}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{EE4BA6AD-43B2-49C1-B22B-4A902A7EE229}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{EE4BA6AD-43B2-49C1-B22B-4A902A7EE229}: [DhcpNameServer] 192.168.0.1 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://goojile.info/?ri=1&uid=698c128e8f50781cc31204c099e8df7e&q={searchTerms}
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://goojile.info/?ri=1&uid=698c128e8f50781cc31204c099e8df7e&q={searchTerms}
URLSearchHook: [S-1-5-21-866432661-1050328576-855569735-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8f50781cc31204c099e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8f50781cc31204c099e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://goojile.info/?ri=1&uid=698c128e8f50781cc31204c099e8df7e&q=
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} URL =
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {ECAD7C5B-257A-4BBE-80AD-94EC3417AC9C} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Youtube AdBlock -> {E3605470-291B-44EB-8648-745EE356599A} -> C:\Program Files (x86)\Youtube AdBlockIE\eA6_g_nB.dll [2017-03-10] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: No Name -> {E3605470-291B-44EB-8648-745EE356599A} -> No File

FireFox:
========
FF ProfilePath: C:\Users\Vojtěch\AppData\Roaming\Greyfirst\Celtx\Profiles\03mji8zv.default [2016-11-01]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org [2015-12-28] [not signed]
FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com [2015-12-28] [not signed]
FF Extension: (MSN-Smileys) - C:\Program Files (x86)\Celtx\extensions\emoticons-msn-smileys@m513901.de [2015-12-28] [not signed]
FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org [2015-12-28] [not signed]
FF Extension: (Blackened) - C:\Program Files (x86)\Celtx\extensions\messagestyle-blackened@addons.instantbird.org [2015-12-28] [not signed]
FF Extension: (Depth) - C:\Program Files (x86)\Celtx\extensions\messagestyle-depth@addons.instantbird.org [2015-12-28] [not signed]
FF Extension: (Minimal) - C:\Program Files (x86)\Celtx\extensions\messagestyle-minimal20@addons.instantbird.org [2015-12-28] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP","hxx ... id=UP97DHP"
CHR Profile: C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default [2017-03-12]
CHR Extension: (Dokumenty Google) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-04]
CHR Extension: (Disk Google) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-04]
CHR Extension: (YouTube) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-10]
CHR Extension: (Tabulky Google) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-04]
CHR Extension: (AdBlock) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-10]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgngmogcnpkcbknmcgpnooljecgadk [2017-03-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-04]
CHR Extension: (Chrome Media Router) - C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-12]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Vojtěch\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-11-01]
OPR Extension: (Adblocker pro Youtube™) - C:\Users\Vojtěch\AppData\Roaming\Opera Software\Opera Stable\Extensions\oiiphhgajcopkkkglmilkjfokamokgni [2017-03-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-02] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-14] (Lenovo(beijing) Limited)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-14] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-09-14] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-09-14] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) [File not signed]
S2 Ralerly; C:\Program Files (x86)\Droyshocish\TerqutCmm.dll [X]
S2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-12] (Advanced Micro Devices)
R2 APXACC; C:\windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 athr; C:\windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R3 dtlitescsibus; C:\windows\System32\drivers\dtlitescsibus.sys [30264 2017-02-04] (Disc Soft Ltd)
R3 dtliteusbbus; C:\windows\System32\drivers\dtliteusbbus.sys [47672 2017-02-04] (Disc Soft Ltd)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2005-01-21] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2017-02-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2017-02-04] (Zemana Ltd.)
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 16:56 - 2017-03-12 16:57 - 00025257 _____ C:\Users\Vojtěch\Desktop\FRST.txt
2017-03-12 16:55 - 2017-03-12 16:56 - 00000000 ____D C:\FRST
2017-03-12 16:55 - 2017-03-12 16:55 - 00015327 _____ C:\Users\Vojtěch\Desktop\LM.bat
2017-03-12 16:51 - 2017-03-12 16:55 - 00029696 _____ C:\Users\Vojtěch\AppData\Local\MSGBOX.EXE
2017-03-12 16:50 - 2017-03-12 16:51 - 00112640 _____ (forum.viry.cz) C:\Users\Vojtěch\Desktop\FRSTLauncher.exe
2017-03-12 16:50 - 2017-03-12 16:50 - 02424832 _____ (Farbar) C:\Users\Vojtěch\Desktop\FRST64.exe
2017-03-12 16:43 - 2017-03-12 16:43 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-12 16:43 - 2017-03-12 16:43 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-12 16:41 - 2017-03-12 16:47 - 00003384 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-12 16:41 - 2017-03-12 16:47 - 00003256 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-12 16:17 - 2017-03-12 16:37 - 00000000 ____D C:\AdwCleaner
2017-03-12 16:17 - 2017-03-12 16:17 - 04031440 _____ C:\Users\Vojtěch\Downloads\adwcleaner_6.044.exe
2017-03-12 16:14 - 2017-03-12 16:14 - 00000000 ____D C:\Users\Vojtěch\Downloads\Malwarebytes Anti-Malware 3.0.6.1469 Premium Repack KpoJIuK [4realtorrentz]
2017-03-12 15:35 - 2017-03-12 15:35 - 09488448 _____ (Crawler Group ) C:\Users\Vojtěch\Downloads\SpywareTerminatorSetup.exe
2017-03-12 15:30 - 2017-03-12 16:01 - 56335875 ____R C:\Users\Vojtěch\Downloads\Malwarebytes Anti-Malware 3.0.6.1469 Premium Repack KpoJIuK [4realtorrentz].zip
2017-03-12 15:26 - 2017-03-12 15:26 - 00017643 _____ C:\Users\Vojtěch\Downloads\Malwarebytes-Anti-Malware-3.0.6.1469-Premium-Repack-KpoJIuK.torrent
2017-03-12 15:25 - 2017-03-12 15:25 - 01979944 _____ (WiperSoft) C:\Users\Vojtěch\Downloads\WiperSoft-installer (1).exe
2017-03-12 11:46 - 2017-03-12 15:21 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\ICQ
2017-03-12 11:46 - 2017-03-12 11:46 - 00001951 _____ C:\Users\Vojtěch\Desktop\ICQ.lnk
2017-03-12 11:46 - 2017-03-12 11:46 - 00001809 _____ C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2017-03-12 11:44 - 2017-03-12 11:45 - 49714312 _____ C:\Users\Vojtěch\Downloads\icq_rfrset_9983c4b5.exe
2017-03-12 11:29 - 2017-03-12 11:29 - 01979944 _____ (WiperSoft) C:\Users\Vojtěch\Downloads\WiperSoft-installer.exe
2017-03-12 11:27 - 2017-03-12 11:27 - 00000077 _____ C:\windows\SysWOW64\L
2017-03-11 15:03 - 2017-03-11 15:04 - 09261616 _____ (Piriform Ltd) C:\Users\Vojtěch\Downloads\ccsetup527.exe
2017-03-11 15:00 - 2017-03-11 15:01 - 35020712 _____ C:\Users\Vojtěch\Downloads\se-setup.exe
2017-03-10 19:37 - 2017-03-12 15:26 - 00000000 ____D C:\Users\Vojtěch\AppData\LocalLow\uTorrent
2017-03-10 06:12 - 2017-03-10 06:12 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlockIE
2017-03-10 06:11 - 2017-03-10 06:11 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlockU
2017-03-08 15:31 - 2017-03-08 15:31 - 00000000 ____D C:\Users\Vojtěch\Desktop\Nová složka (4)
2017-03-08 10:33 - 2017-03-08 10:33 - 00002747 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-08 10:33 - 2017-03-08 10:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-08 10:33 - 2017-03-08 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-08 10:26 - 2017-03-08 10:26 - 01631200 _____ (Skype Technologies S.A.) C:\Users\Vojtěch\Downloads\SkypeSetup.exe
2017-03-07 17:16 - 2017-03-07 17:16 - 00000967 _____ C:\Users\Vojtěch\Desktop\Sweet Home 3D.lnk
2017-03-07 17:16 - 2017-03-07 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2017-03-07 17:15 - 2017-03-07 17:16 - 00000000 ____D C:\Program Files\Sweet Home 3D
2017-03-07 17:12 - 2017-03-07 17:15 - 50221536 _____ C:\Users\Vojtěch\Downloads\SweetHome3D-5.4-windows.exe
2017-03-07 15:47 - 2017-03-07 15:47 - 00000031 _____ C:\Users\Vojtěch\AppData\Local\SQ.RemoverDelete.bat
2017-03-07 15:35 - 2017-03-07 15:47 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\SquareClock.Production_Home_Siko_Web
2017-03-07 15:35 - 2017-03-07 15:35 - 00425480 _____ (SquareClock SAS) C:\Users\Vojtěch\Downloads\Siko_Web_Kitchen_Planner.exe
2017-03-05 18:04 - 2017-03-05 18:39 - 00000000 ____D C:\Users\Vojtěch\Documents\Harry Potter
2017-03-05 18:03 - 2017-03-05 18:03 - 00000522 _____ C:\windows\eReg.dat
2017-03-05 17:22 - 2017-03-05 17:22 - 00000073 _____ C:\Users\Vojtěch\Downloads\1130420.xws
2017-03-05 17:19 - 2017-03-05 17:19 - 01950000 _____ C:\Users\Vojtěch\Downloads\100 (1).dat
2017-03-05 12:40 - 2017-03-12 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2017-03-04 18:14 - 2017-03-04 18:14 - 02247272 _____ C:\Users\Vojtěch\Downloads\michal_ruttner_DP_prilohy.zip
2017-03-04 17:43 - 2017-03-04 17:43 - 00937006 _____ C:\Users\Vojtěch\Downloads\Marek_Handl_BP_prilohy.zip
2017-03-04 17:16 - 2017-03-04 17:16 - 00001513 _____ C:\Users\Vojtěch\Downloads\QRSdetector (2).zip
2017-03-04 17:13 - 2017-03-04 17:13 - 00191623 _____ C:\Users\Vojtěch\Downloads\Bucsuhazy_Katerina_BP_prilohy.zip
2017-03-02 23:07 - 2017-03-02 23:07 - 00001513 _____ C:\Users\Vojtěch\Downloads\QRSdetector (1).zip
2017-03-02 23:02 - 2017-03-02 23:02 - 00005758 _____ C:\Users\Vojtěch\Downloads\David_Grossmann_BP_prilohy.zip
2017-03-02 19:24 - 2017-03-02 19:24 - 00009453 _____ C:\Users\Vojtěch\Downloads\DP_Bucsuhazy (2).zip
2017-03-02 19:21 - 2017-03-02 19:21 - 00005237 _____ C:\Users\Vojtěch\Downloads\Jakub_Brandejs_BP_prilohy.rar
2017-03-02 19:15 - 2017-03-02 19:15 - 00007780 _____ C:\Users\Vojtěch\Downloads\Detektor_Brandejs.zip
2017-03-02 19:04 - 2017-03-02 19:04 - 08325247 _____ C:\Users\Vojtěch\Downloads\Detektor QRS komplexu (1).zip
2017-03-02 17:29 - 2017-03-02 17:30 - 08641936 _____ C:\Users\Vojtěch\Downloads\Jiří_Bajgar_DP_priloha.zip
2017-03-01 16:54 - 2017-03-01 16:54 - 00136076 _____ C:\Users\Vojtěch\Downloads\pdf_dokumentcc9bf40d9227166ddc97777481df8aea.pdf
2017-02-28 19:22 - 2017-03-02 18:57 - 00000000 ____D C:\Users\Vojtěch\Desktop\Odeslat vedoucímu
2017-02-28 14:58 - 2017-03-02 17:24 - 00000000 ____D C:\Users\Vojtěch\Desktop\Katerina_Ancincova_BP_prilohy
2017-02-27 17:36 - 2017-02-27 17:36 - 00224883 _____ C:\Users\Vojtěch\Desktop\global.tif
2017-02-27 17:36 - 2017-02-27 17:36 - 00086919 _____ C:\Users\Vojtěch\Desktop\global2.tif
2017-02-26 15:28 - 2017-02-26 16:23 - 1932204032 ____R C:\Users\Vojtěch\Downloads\Kobry a užovky.avi
2017-02-24 19:09 - 2017-02-24 19:09 - 00878769 _____ C:\Users\Vojtěch\Downloads\Katerina_Ancincova_BP_prilohy (1).zip
2017-02-24 19:06 - 2017-03-08 21:22 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E07.HDTV.x264-LOL[ettv]
2017-02-24 18:10 - 2017-02-24 18:10 - 00139106 _____ C:\Users\Vojtěch\Downloads\MATLAB.rar
2017-02-24 14:57 - 2017-02-24 14:57 - 00021666 _____ C:\Users\Vojtěch\Downloads\Re_ Konzultace DP.zip
2017-02-24 14:55 - 2017-02-24 14:55 - 00056889 _____ C:\Users\Vojtěch\Desktop\TKEO.tif
2017-02-24 14:51 - 2017-02-24 14:51 - 00878769 _____ C:\Users\Vojtěch\Downloads\Katerina_Ancincova_BP_prilohy.zip
2017-02-22 22:55 - 2017-02-22 22:55 - 00170964 _____ C:\Users\Vojtěch\Downloads\5484-15900-1-PB.pdf
2017-02-22 22:52 - 2017-02-22 23:24 - 1164362025 _____ C:\Users\Vojtěch\Downloads\Zóna soumraku cz(lukuz) filmy scifi fantasy horor.mp4
2017-02-22 17:31 - 2017-03-05 12:37 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E02.HDTV.x264-LOL[ettv]
2017-02-22 00:38 - 2017-02-22 00:38 - 00001746 _____ C:\Users\Vojtěch\Desktop\235961.txt
2017-02-22 00:33 - 2017-02-22 00:39 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E08.HDTV.x264-LOL[ettv]
2017-02-22 00:18 - 2017-02-22 00:31 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E06.HDTV.x264-LOL[rarbg]
2017-02-22 00:17 - 2017-03-05 12:37 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E05.HDTV.x264-LOL[ettv]
2017-02-22 00:17 - 2017-02-24 19:10 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E03.HDTV.x264-LOL[ettv]
2017-02-22 00:17 - 2017-02-24 14:52 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E04.HDTV.x264-LOL[ettv]
2017-02-22 00:16 - 2017-02-22 00:16 - 00048371 _____ C:\Users\Vojtěch\Downloads\11.22.63.S01E02.HDTV.X264-LOL (+720p.H.264-TOPLEL).srt
2017-02-22 00:15 - 2017-03-05 12:37 - 00000000 ____D C:\Users\Vojtěch\Downloads\11.22.63.S01E01.HDTV.x264-LOL[ettv]
2017-02-21 22:11 - 2017-02-21 22:11 - 01013129 _____ C:\Users\Vojtěch\Downloads\Jakub_Hejc_DP_prilohy (3).zip
2017-02-20 19:22 - 2017-02-20 19:22 - 10437778 _____ C:\Users\Vojtěch\Downloads\Milan_Kubát_BP_prilohy (1).zip
2017-02-20 16:24 - 2017-02-21 01:55 - 2007631330 ____R C:\Users\Vojtěch\Downloads\tak-trochu-jina-love-story-dvdrip.avi
2017-02-20 16:23 - 2017-02-20 18:09 - 1629683790 ____R C:\Users\Vojtěch\Downloads\The.Hypnotist.2012.DVDrip.CZ.avi
2017-02-20 16:20 - 2017-02-20 18:11 - 2039156736 ____R C:\Users\Vojtěch\Downloads\Hon.avi
2017-02-19 22:11 - 2017-02-19 23:04 - 821395456 _____ C:\Users\Vojtěch\Downloads\Hercule.Poirot.S12E03.Videla.jsem.vrazdu.DVDRip.XviD.cz.en-iNG.avi
2017-02-18 11:36 - 2017-03-12 16:23 - 00000000 ____D C:\Users\Vojtěch\Desktop\Hry
2017-02-16 23:37 - 2017-02-16 23:37 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\Macromedia
2017-02-16 23:34 - 2017-03-12 11:27 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2017-02-16 23:34 - 2017-02-16 23:34 - 00000008 __RSH C:\Users\Vojtěch\ntuser.pol
2017-02-14 09:37 - 2017-03-11 15:15 - 00000000 ____D C:\windows\Minidump
2017-02-13 19:31 - 2017-02-13 19:39 - 136115406 _____ C:\Users\Vojtěch\Downloads\Harry-Potter-2-Chamber-of-Secrets-audiobook-EN.rar
2017-02-13 19:21 - 2017-02-13 19:28 - 117629141 _____ C:\Users\Vojtěch\Downloads\Harry-Potter-1-Philosopher's-stone-audiobook-EN.rar
2017-02-13 16:03 - 2017-02-13 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adventure Island 2
2017-02-13 16:03 - 2017-02-13 16:03 - 00000000 ____D C:\Program Files (x86)\Adventure Island 2
2017-02-13 14:42 - 2017-02-13 14:50 - 129820935 _____ C:\Users\Vojtěch\Downloads\Murphy-R.-English-Grammar-in-Use.pdf
2017-02-12 11:43 - 2017-02-12 11:43 - 00003062 _____ C:\windows\System32\Tasks\{2F790400-951E-46AF-B7FA-AFDFA48BE7F8}
2017-02-12 11:43 - 2017-02-12 11:43 - 00000000 ____D C:\Program Files (x86)\CAPCOM
2017-02-12 11:23 - 2017-03-12 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2017-02-12 11:14 - 2017-02-12 11:14 - 00003050 _____ C:\windows\System32\Tasks\{D1F689DA-2E91-4E14-8F60-62B225323103}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 16:58 - 2016-04-10 11:17 - 00000978 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job
2017-03-12 16:57 - 2017-02-04 14:54 - 00080960 _____ C:\windows\ZAM.krnl.trace
2017-03-12 16:57 - 2017-02-04 14:54 - 00048825 _____ C:\windows\ZAM_Guard.krnl.trace
2017-03-12 16:54 - 2015-01-18 23:58 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-866432661-1050328576-855569735-1002
2017-03-12 16:49 - 2015-08-24 14:38 - 00001279 _____ C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2017-03-12 16:49 - 2015-01-18 23:59 - 00000000 ____D C:\ProgramData\LU
2017-03-12 16:45 - 2015-01-31 13:27 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\CrashDumps
2017-03-12 16:45 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2017-03-12 16:45 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2017-03-12 16:44 - 2015-01-18 23:57 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-12 16:42 - 2017-02-04 16:58 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-12 16:42 - 2015-05-18 15:39 - 00000000 ____D C:\Users\Vojtěch\Documents\Soubory aplikace Outlook
2017-03-12 16:41 - 2015-01-19 15:55 - 00000568 _____ C:\windows\Tasks\MATLAB R2012b Startup Accelerator.job
2017-03-12 16:41 - 2015-01-18 23:56 - 00000000 ___DO C:\Users\Vojtěch\OneDrive
2017-03-12 16:39 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-12 16:38 - 2014-09-13 23:11 - 00065536 _____ C:\windows\system32\spu_storage.bin
2017-03-12 16:35 - 2014-09-14 00:01 - 00006656 _____ C:\windows\system32\VfService.trf
2017-03-12 16:26 - 2015-01-18 23:47 - 00000000 ____D C:\Users\Vojtěch
2017-03-12 16:16 - 2015-01-19 00:01 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\uTorrent
2017-03-12 16:08 - 2015-05-25 16:41 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-03-12 15:41 - 2015-01-19 17:43 - 00000000 ____D C:\Users\Vojtěch\Documents\MATLAB
2017-03-12 15:18 - 2014-09-14 00:02 - 00000000 ____D C:\ProgramData\McAfee
2017-03-12 12:08 - 2016-12-16 00:01 - 00000000 ____D C:\Program Files (x86)\National Instruments
2017-03-12 12:07 - 2016-12-15 23:59 - 00000000 ____D C:\ProgramData\National Instruments
2017-03-12 11:59 - 2016-04-26 18:43 - 00000000 ____D C:\Medicus 3
2017-03-12 11:57 - 2014-09-13 23:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-12 11:53 - 2015-01-19 22:03 - 00000000 ____D C:\Program Files (x86)\URUSoft
2017-03-12 11:53 - 2015-01-19 14:45 - 00000000 ____D C:\Program Files (x86)\UltraISO
2017-03-12 11:51 - 2016-07-17 14:33 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\Seznam.cz
2017-03-12 11:49 - 2014-09-14 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-03-12 11:49 - 2014-09-14 00:00 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-03-12 11:46 - 2015-01-19 00:17 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2017-03-12 11:27 - 2015-07-17 19:17 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-03-12 11:21 - 2015-02-11 21:14 - 00000000 ____D C:\Users\Vojtěch\Desktop\Filmy
2017-03-12 11:21 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
2017-03-12 11:18 - 2017-02-04 12:06 - 00000000 ____D C:\Users\Vojt↓ch
2017-03-12 11:18 - 2015-05-18 14:40 - 00000000 ____D C:\Users\Vojtch
2017-03-12 11:17 - 2014-09-14 00:13 - 00000000 ____D C:\ProgramData\Office2013
2017-03-12 11:17 - 2014-09-14 00:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-12 11:17 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-12 11:15 - 2016-07-17 17:00 - 00000000 ____D C:\ProgramData\Formix
2017-03-12 11:11 - 2015-01-18 23:56 - 00003834 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{AC9158A3-4C3C-4033-B028-C1C6C126075D}
2017-03-12 11:06 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2017-03-12 01:19 - 2015-05-25 16:41 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-03-11 19:24 - 2015-01-19 01:35 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\vlc
2017-03-11 15:37 - 2015-04-15 15:55 - 00000000 ____D C:\Users\Vojtěch\Documents\Harry Potter II
2017-03-11 15:36 - 2016-04-04 18:05 - 01132032 ___SH C:\Users\Vojtěch\Desktop\Thumbs.db
2017-03-11 15:16 - 2017-02-04 12:05 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\DAEMON Tools Lite
2017-03-11 15:15 - 2014-04-03 20:15 - 00000000 ____D C:\windows\Panther
2017-03-11 13:07 - 2015-01-19 00:13 - 00000000 ____D C:\Users\Vojtěch\AppData\Roaming\Skype
2017-03-10 06:11 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2017-03-10 06:07 - 2016-11-22 19:47 - 00000000 ____D C:\Users\Vojtěch\Desktop\Diplomka programy
2017-03-08 21:22 - 2015-01-20 23:00 - 02718720 ___SH C:\Users\Vojtěch\Downloads\Thumbs.db
2017-03-08 19:24 - 2014-09-13 23:17 - 04820396 _____ C:\windows\system32\perfh005.dat
2017-03-08 19:24 - 2014-09-13 23:17 - 01465734 _____ C:\windows\system32\perfc005.dat
2017-03-08 19:24 - 2014-03-18 10:53 - 00005430 _____ C:\windows\system32\PerfStringBackup.INI
2017-03-08 15:37 - 2015-03-04 11:55 - 00000000 ____D C:\Temp
2017-03-08 10:33 - 2015-01-19 00:13 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\Skype
2017-03-08 10:33 - 2015-01-19 00:13 - 00000000 ____D C:\ProgramData\Skype
2017-03-08 10:30 - 2014-09-13 23:08 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-05 11:33 - 2016-09-30 09:28 - 00000000 ____D C:\Users\Vojtěch\Desktop\mat
2017-03-02 19:09 - 2015-01-18 23:58 - 00003846 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1421621899
2017-03-02 19:08 - 2015-01-18 23:58 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-24 04:58 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2017-02-24 04:57 - 2015-01-23 18:37 - 138020592 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-02-22 14:22 - 2016-02-21 13:00 - 00000000 ____D C:\Program Files (x86)\Maple 17
2017-02-17 19:19 - 2016-04-04 21:55 - 00000000 ____D C:\Users\Vojtěch\AppData\Local\ElevatedDiagnostics
2017-02-17 11:06 - 2014-09-14 00:13 - 00000000 ____D C:\ProgramData\Energy Manager
2017-02-16 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\GroupPolicy
2017-02-14 14:08 - 2015-05-25 16:41 - 00003724 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-14 14:08 - 2015-05-25 16:41 - 00003666 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 14:08 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-02-14 14:08 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\Macromed
2017-02-14 09:41 - 2017-02-02 21:38 - 00000000 ____D C:\Users\Vojtěch\Desktop\T8BOR
2017-02-13 19:31 - 2016-02-08 19:19 - 00000000 ____D C:\Users\Vojtěch\Desktop\Angličtina

==================== Files in the root of some directories =======

2017-03-12 16:51 - 2017-03-12 16:55 - 0029696 _____ () C:\Users\Vojtěch\AppData\Local\MSGBOX.EXE
2017-03-07 15:47 - 2017-03-07 15:47 - 0000031 _____ () C:\Users\Vojtěch\AppData\Local\SQ.RemoverDelete.bat
2017-03-07 15:37 - 2017-03-07 15:37 - 0032038 _____ () C:\Users\Vojtěch\AppData\Local\SquareClock.Production_Home_Siko_WebIcon.ico
2014-09-13 23:15 - 2014-09-13 23:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-02-04 12:02 - 2013-01-18 22:24 - 0040328 _____ (Autodesk, Inc.) C:\Users\Vojtěch\AppData\Local\Temp\AcDeltree.exe
2017-01-21 09:04 - 2017-01-21 09:04 - 0739904 _____ (Oracle Corporation) C:\Users\Vojtěch\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-03-12 11:21 - 2014-11-21 16:18 - 0098824 _____ (McAfee Inc.) C:\Users\Vojtěch\AppData\Local\Temp\mccspuninstall.exe
2016-11-17 01:10 - 2016-11-17 01:12 - 64111920 _____ (SweetLabs,Inc.) C:\Users\Vojtěch\AppData\Local\Temp\oct35DD.tmp.exe
2017-01-10 23:20 - 2017-02-21 00:31 - 44048864 _____ (Skype Technologies S.A.) C:\Users\Vojtěch\AppData\Local\Temp\SkypeSetup.exe
2016-08-16 08:48 - 2016-08-16 08:48 - 0488960 _____ () C:\Users\Vojtěch\AppData\Local\Temp\sqlite3.exe
2017-03-08 10:27 - 2017-03-08 10:27 - 14456872 _____ (Microsoft Corporation) C:\Users\Vojtěch\AppData\Local\Temp\vc_redist.x86.exe
2016-10-17 18:23 - 2002-06-18 22:11 - 0294912 ____N (Blizzard Entertainment) C:\Users\Vojtěch\AppData\Local\Temp\war3_Install.exe
2017-02-14 09:46 - 2017-03-12 11:51 - 0534528 _____ () C:\Users\Vojtěch\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19311776010e3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MATLAB R2012b Startup Accelerator.job => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Re: Únosce prohlížeče goojile.info

Napsal: 12 bře 2017 18:33
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Únosce prohlížeče goojile.info

Napsal: 12 bře 2017 18:42
od wewewe
Nic to nenašlo, ale v Google Chrome je pořád ten únosce goojile.info


# AdwCleaner v6.044 - Log vytvořen 12/03/2017 v 18:37:01
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-12.1 [Místní]
# Operační systém : Windows 8.1 (X64)
# Uživatelské jméno : Vojtěch - VOJTA-PC
# Spuštěno z : C:\Users\Vojtěch\Downloads\adwcleaner_6.044.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Složky ] *****

Nebyly nalezeny žádné škodlivé složky.


***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.


***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.


***** [ Registry ] *****

Nebyly nalezeny žádné škodlivé položky registru.


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [15542 Bajty] - [12/03/2017 16:26:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [1370 Bajty] - [12/03/2017 16:37:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [14350 Bajty] - [12/03/2017 16:21:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [1596 Bajty] - [12/03/2017 16:35:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [1663 Bajty] - [12/03/2017 17:29:11]
C:\AdwCleaner\AdwCleaner[S3].txt - [1584 Bajty] - [12/03/2017 18:37:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1657 Bajty] ##########

Re: Únosce prohlížeče goojile.info

Napsal: 12 bře 2017 19:41
od Rudy
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM\...\Run: [AutoKMS] => C:\windows\AutoKMS.exe
C:\windows\AutoKMS.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [pdfSaver3] => [X]
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [C] => cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@att (the data entry has 99 more characters). <===== ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Policies\Explorer: []
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {0b36c64d-a160-11e4-825e-3010b3a29d32} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {23c0be00-9f64-11e4-825e-3010b3a29d32} - "G:\LaunchU3.exe" -a
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
URLSearchHook: [S-1-5-21-866432661-1050328576-855569735-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q=
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} URL =
BHO-x32: No Name -> {E3605470-291B-44EB-8648-745EE356599A} -> No File
C:\Program Files (x86)\Droyshocish
S2 Ralerly; C:\Program Files (x86)\Droyshocish\TerqutCmm.dll [X]
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
c:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\windows\System32\Tasks\{D1F689DA-2E91-4E14-8F60-62B225323103}
C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job
C:\ProgramData\DP45977C.lfl
C:\Users\Vojtěch\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Únosce prohlížeče goojile.info

Napsal: 12 bře 2017 20:13
od wewewe
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Vojtěch (12-03-2017 19:59:51) Run:1
Running from C:\Users\Vojtěch\Desktop
Loaded Profiles: Vojtěch & (Available Profiles: Vojtěch)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [AutoKMS] => C:\windows\AutoKMS.exe
C:\windows\AutoKMS.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [pdfSaver3] => [X]
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Run: [C] => cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@att (the data entry has 99 more characters). <===== ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\Policies\Explorer: []
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {0b36c64d-a160-11e4-825e-3010b3a29d32} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-866432661-1050328576-855569735-1002\...\MountPoints2: {23c0be00-9f64-11e4-825e-3010b3a29d32} - "G:\LaunchU3.exe" -a
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
URLSearchHook: [S-1-5-21-866432661-1050328576-855569735-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q={searchTerms}
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://goojile.info/?ri=1&uid=698c128e8 ... 9e8df7e&q=
SearchScopes: HKU\S-1-5-21-866432661-1050328576-855569735-1002 -> {A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} URL =
BHO-x32: No Name -> {E3605470-291B-44EB-8648-745EE356599A} -> No File
C:\Program Files (x86)\Droyshocish
S2 Ralerly; C:\Program Files (x86)\Droyshocish\TerqutCmm.dll [X]
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
c:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\windows\System32\Tasks\{D1F689DA-2E91-4E14-8F60-62B225323103}
C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job
C:\ProgramData\DP45977C.lfl
C:\Users\Vojtěch\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS => value removed successfully
"C:\windows\AutoKMS.exe" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pdfSaver3 => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Windows\CurrentVersion\Run\\C => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b36c64d-a160-11e4-825e-3010b3a29d32} => key removed successfully
HKCR\CLSID\{0b36c64d-a160-11e4-825e-3010b3a29d32} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23c0be00-9f64-11e4-825e-3010b3a29d32} => key removed successfully
HKCR\CLSID\{23c0be00-9f64-11e4-825e-3010b3a29d32} => key not found.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3C} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => key not found.
HKU\S-1-5-21-866432661-1050328576-855569735-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} => key removed successfully
HKCR\CLSID\{A5DD45CE-AAD2-48C6-A662-08FB5843B2FF} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3605470-291B-44EB-8648-745EE356599A} => key removed successfully
HKCR\Wow6432Node\CLSID\{E3605470-291B-44EB-8648-745EE356599A} => key not found.
"C:\Program Files (x86)\Droyshocish" => not found.
HKLM\System\CurrentControlSet\Services\Ralerly => key removed successfully
Ralerly => service removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
c:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\windows\System32\Tasks\{D1F689DA-2E91-4E14-8F60-62B225323103} => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineUA1d19312242b4c73.job => moved successfully
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.

"C:\Users\Vojtěch\AppData\Local\Temp" folder move:

Could not move "C:\Users\Vojtěch\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12733300 B
Java, Flash, Steam htmlcache => 570 B
Windows/system/drivers => 650876736 B
Edge => 0 B
Chrome => 147889168 B
Firefox => 0 B
Opera => 37443837 B

Temp, IE cache, history, cookies, recent:
Default => 6992 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 3406 B
NetworkService => 0 B
Vojtěch => 2073545382 B

RecycleBin => 94532 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2017 20:04:33)

C:\ProgramData\DP45977C.lfl => Is moved successfully
C:\Users\Vojtěch\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:04:36 ====

Re: Únosce prohlížeče goojile.info

Napsal: 12 bře 2017 20:14
od wewewe
Ihned po restartu a načtení Google Chrome se zdá, že je vše v naprostém pořádku. Nevím jak Vám poděkovat, už jsem byl naprosto bezradný. Mnohokrát děkuji.

Re: Únosce prohlížeče goojile.info

Napsal: 12 bře 2017 20:41
od Rudy
Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz