Zdravím,
mám nejaký problém s prehliadačmi Chrome a Opera. Prednedávnom stránky mojej banky cez internet banking fungovali normálne, no odnedávna tomu už tak nie je. Keď sa chcem prihlásiť, jednoducho sa nič nedeje, v banke ma uistili že musí byť problém u mňa, oni žiadny nezaznamenali. Preto sa s prosbou obraciam na vás, urobil som všetko podľa návodu na FRST.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Šimon (administrator) on HOME (09-03-2016 18:19:49)
Running from C:\Users\Šimon\Desktop
Loaded Profiles: Šimon (Available Profiles: Šimon & user-band & Administrator)
Platform: Windows 8.1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(forum.viry.cz) C:\Users\Šimon\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2014-12-04] (Dritek System Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WindowsDriverScan86] => C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk [1501 2014-08-10] ()
HKLM-x32\...\Run: [WindowsDriverScan64] => C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk [1419 2014-08-10] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Run: [Google Update] => C:\Users\Šimon\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {01b53d36-a96a-11e5-bf0f-208984c3ab5b} - "G:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {626b74e5-8c2e-11e5-bef7-208984c3ab5b} - "E:\Install.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {9b7217e7-7bbd-11e4-8250-208984c3ab5b} - "E:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {af0093a9-d4b3-11e5-bf39-208984c3ab5b} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\Common_Handset_USB_Driver.exe
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153392 2015-12-16] (NVIDIA Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B26C385-7A9D-49A9-BFFC-57EDC999C3CF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{417CBE7F-17AF-49A5-8DDD-2001A3F11F78}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab
FireFox:
========
FF ProfilePath: C:\Users\Šimon\AppData\Roaming\Mozilla\Firefox\Profiles\tcqxgcj3.default
FF DefaultSearchEngine: terra.im
FF SelectedSearchEngine: terra.im
FF Homepage: about:home
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-07] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-2504456539-958815627-3647854443-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Šimon\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2504456539-958815627-3647854443-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Šimon\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2504456539-958815627-3647854443-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Šimon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-04] (Unity Technologies ApS)
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://feed.baboom.audio/?st=ds&query={searchTerms}
CHR DefaultSearchKeyword: Default -> Baboom Search
CHR Profile: C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-09]
CHR Extension: (Dokumenty Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-09]
CHR Extension: (Disk Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (YouTube) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (Baboom.Audio) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnligehkhogpcngalffdoomehjcbecna [2016-03-09]
CHR Extension: (Tabuľky Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-09]
CHR Extension: (MSN Homepage) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2016-03-09]
CHR Extension: (Baboom Search) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe [2016-03-09]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-09]
CHR Extension: (Gmail) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-09]
CHR HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (MuzicInfo) - C:\Users\Šimon\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbgiinmeeapadlkkeiijikonhkdlkdb [2016-03-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
S3 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-20] (Acer Incorporated)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-16] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
S3 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-03] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-16] (NVIDIA Corporation)
R2 RfButtonDriverService; C:\WINDOWS\RfBtnSvc64.exe [96880 2015-12-28] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 itakhidsi; no ImagePath
S2 sohvifd; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-12-11] () [File not signed]
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-12-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2015-12-24] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-08-21] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-13] (REALiX(tm))
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-12-11] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-12-16] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-07-15] (Dritek System Inc.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 cpuz137; \??\C:\Users\IMON~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S1 uzbyzbnz; \??\C:\WINDOWS\system32\drivers\uzbyzbnz.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-09 18:19 - 2016-03-09 18:19 - 00020810 _____ C:\Users\Šimon\Desktop\FRST.txt
2016-03-09 18:07 - 2016-03-09 18:19 - 00000000 ____D C:\FRST
2016-03-09 18:06 - 2016-03-09 18:06 - 00112640 _____ (forum.viry.cz) C:\Users\Šimon\Desktop\FRSTLauncher.exe
2016-03-09 18:05 - 2016-03-09 18:05 - 02374144 _____ (Farbar) C:\Users\Šimon\Desktop\FRST64.exe
2016-03-09 17:56 - 2016-03-09 17:56 - 00002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-09 17:56 - 2016-03-09 17:56 - 00002293 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-09 17:56 - 2016-03-09 17:56 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Curiolab
2016-03-09 17:55 - 2016-03-09 18:02 - 00000944 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-09 17:55 - 2016-03-09 18:00 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-09 17:55 - 2016-03-09 17:55 - 00003916 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-09 17:55 - 2016-03-09 17:55 - 00003680 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-08 16:29 - 2016-03-08 16:29 - 00003840 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1457450946
2016-03-08 16:29 - 2016-03-08 16:29 - 00001151 _____ C:\Users\Public\Desktop\Opera.lnk
2016-03-08 16:29 - 2016-03-08 16:29 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-03-08 16:27 - 2016-03-08 16:29 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-07 20:32 - 2016-03-07 20:32 - 00001545 _____ C:\Users\Šimon\Desktop\ie.lnk
2016-03-06 19:47 - 2016-03-06 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-03-06 19:47 - 2016-03-06 19:47 - 00000000 ____D C:\Program Files\CPUID
2016-03-03 13:35 - 2016-03-03 13:35 - 00000000 ____D C:\Program Files (x86)\Eidos Interactive
2016-03-02 10:54 - 2016-03-02 10:54 - 00000000 ____D C:\Users\Šimon\Documents\Electronic Arts
2016-03-01 00:03 - 2016-03-01 00:13 - 00000000 ____D C:\Users\Šimon\AppData\Local\D2RM
2016-02-29 15:18 - 2016-03-03 19:54 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\SpinTires
2016-02-29 15:17 - 2016-02-29 15:18 - 00000000 ____D C:\Program Files (x86)\Spintires
2016-02-29 15:17 - 2016-02-29 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2016-02-27 11:05 - 2016-02-27 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software
2016-02-27 11:05 - 2016-02-27 11:05 - 00000000 ____D C:\Program Files\GIANTS Software
2016-02-25 18:42 - 2016-02-25 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\PDAppFlex
2016-02-22 19:49 - 2016-02-22 19:53 - 00000000 ____D C:\Program Files\Farming Simulator 15
2016-02-22 19:49 - 2016-02-22 19:49 - 00000873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15.lnk
2016-02-22 19:49 - 2016-02-22 19:49 - 00000873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15 (x64).lnk
2016-02-21 20:25 - 2016-02-21 20:25 - 00000290 __RSH C:\ProgramData\ntuser.pol
2016-02-21 20:23 - 2016-02-21 20:23 - 00000000 ____H C:\asc_rdflag
2016-02-21 19:41 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-21 19:41 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-21 19:41 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-21 19:40 - 2016-03-09 15:10 - 00000454 _____ C:\WINDOWS\Tasks\736F47384C_1002.job
2016-02-21 19:40 - 2016-03-09 15:10 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\736F47384C_1002
2016-02-21 19:40 - 2016-02-21 19:40 - 00003122 _____ C:\WINDOWS\System32\Tasks\736F47384C_1002
2016-02-20 20:04 - 2016-03-01 21:30 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Trove
2016-02-20 13:50 - 2016-02-20 13:50 - 00000000 ____D C:\Users\Šimon\AppData\Local\Skyrim
2016-02-13 17:02 - 2016-02-27 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net
2016-02-13 17:02 - 2016-02-21 20:26 - 00001420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-13 17:01 - 2016-03-09 15:10 - 00000454 _____ C:\WINDOWS\Tasks\3435377667_1024.job
2016-02-13 17:01 - 2016-02-13 17:01 - 00003122 _____ C:\WINDOWS\System32\Tasks\3435377667_1024
2016-02-13 17:01 - 2016-02-13 17:01 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\3435377667_1024
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-09 18:10 - 2015-08-28 20:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-09 18:10 - 2014-11-26 17:16 - 00000398 _____ C:\WINDOWS\Tasks\update-sys.job
2016-03-09 18:06 - 2014-11-22 23:35 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2504456539-958815627-3647854443-1002
2016-03-09 18:05 - 2014-11-22 22:38 - 00000288 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Šimon.job
2016-03-09 17:56 - 2015-12-30 23:48 - 00000000 ____D C:\Users\Šimon\AppData\Local\CrashDumps
2016-03-09 17:56 - 2014-11-22 21:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-09 17:44 - 2016-02-02 10:39 - 00000956 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002UA.job
2016-03-09 17:44 - 2014-11-26 17:16 - 00000398 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2504456539-958815627-3647854443-1002.job
2016-03-09 16:29 - 2014-11-22 23:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-09 16:23 - 2014-02-02 15:02 - 00000000 ___RD C:\Users\Šimon\Desktop\programy
2016-03-09 15:21 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 15:21 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-09 15:12 - 2014-12-04 15:23 - 00000000 ___DO C:\Users\Šimon\OneDrive
2016-03-09 15:09 - 2014-12-04 14:51 - 00000000 ____D C:\Users\Šimon
2016-03-09 15:09 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-09 14:21 - 2015-01-26 21:13 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3ACDC03A-E666-4F39-AE55-DB670C4007CD}
2016-03-08 19:00 - 2014-12-07 12:21 - 00000000 ____D C:\Users\Šimon\AppData\Local\Deployment
2016-03-08 16:29 - 2015-08-22 13:31 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Opera Software
2016-03-08 16:29 - 2015-08-22 13:31 - 00000000 ____D C:\Users\Šimon\AppData\Local\Opera Software
2016-03-06 15:41 - 2014-01-12 17:17 - 00000000 ___HD C:\Users\Šimon\Documents\Simon
2016-03-06 15:16 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-06 11:52 - 2014-11-22 22:38 - 00000000 ____D C:\ProgramData\ProductData
2016-03-06 10:56 - 2014-01-10 19:46 - 00000000 ____D C:\Users\Šimon\Documents\filmy
2016-03-06 10:44 - 2016-02-02 10:39 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002Core.job
2016-03-06 00:44 - 2015-08-28 20:05 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-05 13:23 - 2014-09-24 06:35 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-05 13:21 - 2014-01-09 16:54 - 10420736 ___SH C:\Users\Šimon\Desktop\Thumbs.db
2016-03-05 12:13 - 2015-12-29 19:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-02 20:05 - 2014-11-29 18:20 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-03-02 10:44 - 2015-01-31 11:46 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-03-02 10:44 - 2014-12-02 16:35 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-03-02 08:39 - 2014-11-29 20:42 - 00000000 ____D C:\Games
2016-03-02 08:38 - 2015-11-02 16:36 - 00000000 ____D C:\Hry
2016-03-02 08:35 - 2014-11-23 13:37 - 00000000 ____D C:\uTorrent
2016-03-01 23:32 - 2014-11-23 22:27 - 00000000 ____D C:\Torrents
2016-03-01 21:33 - 2014-12-05 18:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-01 21:32 - 2014-12-04 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry
2016-02-29 09:54 - 2015-08-08 08:10 - 00000000 ____D C:\Users\Šimon\AppData\Local\SKIDROW
2016-02-28 15:00 - 2015-01-17 18:03 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2016-02-28 14:57 - 2015-01-17 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2016-02-27 21:09 - 2013-08-22 15:44 - 05158792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-27 10:49 - 2014-01-08 19:25 - 00000000 ____D C:\Users\Šimon\Documents\My Games
2016-02-26 14:31 - 2014-01-08 17:10 - 00668160 ___SH C:\Users\Šimon\Downloads\Thumbs.db
2016-02-26 10:38 - 2014-11-24 21:11 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\DAEMON Tools Lite
2016-02-26 08:21 - 2015-11-16 19:10 - 00000000 ____D C:\Users\Šimon\Documents\GTA San Andreas User Files
2016-02-25 18:42 - 2015-12-05 17:48 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-02-25 18:42 - 2013-05-23 05:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-25 17:12 - 2015-09-05 21:25 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-25 17:12 - 2015-09-05 21:21 - 00000000 ____D C:\ProgramData\Adobe
2016-02-25 16:53 - 2014-11-22 21:32 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Adobe
2016-02-25 12:27 - 2015-08-23 10:27 - 00000000 ____D C:\Users\Šimon\AppData\Local\Adobe
2016-02-21 20:26 - 2014-12-04 14:56 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-21 20:26 - 2013-07-15 22:04 - 00001972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-02-21 20:25 - 2015-12-28 22:24 - 00001276 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Správca zvuku s vysokým rozlíšením Realtek.lnk
2016-02-21 20:25 - 2015-08-20 08:33 - 00001446 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-21 20:25 - 2014-12-04 14:51 - 00000469 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-02-21 20:25 - 2014-12-04 14:51 - 00000467 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-02-21 20:23 - 2014-12-19 12:56 - 102760448 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2016-02-21 20:23 - 2014-12-19 12:56 - 00548864 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2016-02-21 20:23 - 2014-12-19 12:56 - 00098304 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2016-02-21 20:23 - 2014-12-19 12:56 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2016-02-21 20:22 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-21 19:42 - 2015-08-22 11:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-21 19:41 - 2015-08-22 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-21 19:41 - 2015-08-22 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-21 12:48 - 2014-11-22 21:41 - 00000000 ____D C:\Users\Šimon\AppData\Local\Google
2016-02-16 15:36 - 2015-12-31 14:31 - 00000000 ____D C:\Program Files (x86)\Counter Strike 1.6 Windows 8
2016-02-16 15:36 - 2015-10-25 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 Windows 8
2016-02-13 23:10 - 2014-12-07 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series
2016-02-13 18:19 - 2015-11-09 17:17 - 00000000 ____D C:\WINDOWS\system32\log
2016-02-13 18:18 - 2015-08-21 19:11 - 00000000 ____D C:\AdwCleaner
2016-02-13 18:18 - 2014-11-22 22:58 - 00000252 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_Šimon.job
2016-02-13 17:16 - 2016-01-05 19:34 - 00000000 ____D C:\ProgramData\MTA San Andreas All
2016-02-13 15:58 - 2015-12-10 15:00 - 00000000 ____D C:\Users\Šimon\Documents\Euro Truck Simulator 2
2016-02-12 19:48 - 2014-05-20 19:33 - 00000000 ____D C:\Users\Šimon\Desktop\foťák
2016-02-10 14:16 - 2015-08-28 20:05 - 00003848 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-02-10 14:16 - 2015-08-28 20:05 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-09 15:20 - 2014-01-10 19:55 - 00000000 ____D C:\Users\Šimon\Documents\Matúš
==================== Files in the root of some directories =======
2015-08-21 09:44 - 2015-08-21 09:44 - 3702878 _____ (E-Tech) C:\Program Files\Common Files\nchdxtid.exe
2014-11-26 17:16 - 2014-11-26 17:16 - 0000003 _____ () C:\Users\Šimon\AppData\Local\updater.log
2015-12-28 22:10 - 2015-12-28 22:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Šimon\AppData\Local\Temp\eauninstall.exe
C:\Users\Šimon\AppData\Local\Temp\GURB8CD.exe
C:\Users\Šimon\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe
C:\Users\Šimon\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
C:\Users\Šimon\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\1N9uswukYzchQtv.job => C:\Users\�imon\AppData\Roaming\1N9uswukYzchQtv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\3435377667_1024.job => C:\Users\Šimon\AppData\Roaming\3435377667_1024\wvFB22bCci.exe
Task: C:\WINDOWS\Tasks\42IvuB5gWSp.job => C:\Users\�imon\AppData\Roaming\42IvuB5gWSp.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\736F47384C_1002.job => C:\Users\Šimon\AppData\Roaming\736F47384C_1002\WQEcRjAJag.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Šimon.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\DdkrTIphI7tpSeHqb0QIoUA3.job => C:\Users\�imon\AppData\Roaming\DdkrTIphI7tpSeHqb0QIoUA3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\eVJm3hhYcZYUUyZvDR.job => C:\Users\�imon\AppData\Roaming\eVJm3hhYcZYUUyZvDR.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002Core.job => C:\Users\Šimon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002UA.job => C:\Users\Šimon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\isWi3E0vv.job => C:\Users\�imon\AppData\Roaming\isWi3E0vv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\kVMoTciHp3uFw.job => C:\Users\�imon\AppData\Roaming\kVMoTciHp3uFw.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Qf8atUYGBqNLVOvFC31b2T.job => C:\Users\�imon\AppData\Roaming\Qf8atUYGBqNLVOvFC31b2T.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RciQcM8hNuX7F.job => C:\Users\�imon\AppData\Roaming\RciQcM8hNuX7F.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Šimon.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2504456539-958815627-3647854443-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\vDo6J3oYC704ipYnVxW7gRxJ.job => C:\Users\�imon\AppData\Roaming\vDo6J3oYC704ipYnVxW7gRxJ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VGuVZV7fnYeOrz2ljwGOfNw2.job => C:\Users\�imon\AppData\Roaming\VGuVZV7fnYeOrz2ljwGOfNw2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\xZVDiVLrFwuvBvfjsCq.job => C:\Users\�imon\AppData\Roaming\xZVDiVLrFwuvBvfjsCq.exe <==== ATTENTION
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\�imon\Desktop" je 9486 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Ruské reklamy - presmerovanie na ruské stránky
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
sitdowntragedy
- Návštěvník
- Příspěvky: 5
- Registrován: 09 bře 2016 18:14
Ruské reklamy - presmerovanie na ruské stránky
- Přílohy
-
- Addition - sitdowntragedy.zip
- Prikladám Addition.txt v zip súbore.
- (7.09 KiB) Staženo 40 x
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Ruské reklamy - presmerovanie na ruské stránky
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
sitdowntragedy
- Návštěvník
- Příspěvky: 5
- Registrován: 09 bře 2016 18:14
Re: Ruské reklamy - presmerovanie na ruské stránky
# AdwCleaner v5.101 - Logfile created 09/03/2016 at 20:17:48
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Šimon - HOME
# Running from : C:\Users\Šimon\Downloads\adwcleaner_5.101.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : update-S-1-5-21-2504456539-958815627-3647854443-1002
[-] Task Deleted : update-sys
[-] Task Deleted : update-S-1-5-21-2504456539-958815627-3647854443-1002
[-] Task Deleted : update-sys
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
*************************
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [891 bytes] - [09/03/2016 20:17:48]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [968 bytes] - [09/03/2016 20:15:10]
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1075 bytes] ##########
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Šimon - HOME
# Running from : C:\Users\Šimon\Downloads\adwcleaner_5.101.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : update-S-1-5-21-2504456539-958815627-3647854443-1002
[-] Task Deleted : update-sys
[-] Task Deleted : update-S-1-5-21-2504456539-958815627-3647854443-1002
[-] Task Deleted : update-sys
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
*************************
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [891 bytes] - [09/03/2016 20:17:48]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [968 bytes] - [09/03/2016 20:15:10]
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1075 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Ruské reklamy - presmerovanie na ruské stránky
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
sitdowntragedy
- Návštěvník
- Příspěvky: 5
- Registrován: 09 bře 2016 18:14
Re: Ruské reklamy - presmerovanie na ruské stránky
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Šimon (administrator) on HOME (09-03-2016 20:25:11)
Running from C:\Users\Šimon\Desktop
Loaded Profiles: Šimon (Available Profiles: Šimon & user-band & Administrator)
Platform: Windows 8.1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(forum.viry.cz) C:\Users\Šimon\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2014-12-04] (Dritek System Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WindowsDriverScan86] => C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk [1501 2014-08-10] ()
HKLM-x32\...\Run: [WindowsDriverScan64] => C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk [1419 2014-08-10] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Run: [Google Update] => C:\Users\Šimon\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {01b53d36-a96a-11e5-bf0f-208984c3ab5b} - "G:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {626b74e5-8c2e-11e5-bef7-208984c3ab5b} - "E:\Install.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {9b7217e7-7bbd-11e4-8250-208984c3ab5b} - "E:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {af0093a9-d4b3-11e5-bf39-208984c3ab5b} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\Common_Handset_USB_Driver.exe
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153392 2015-12-16] (NVIDIA Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B26C385-7A9D-49A9-BFFC-57EDC999C3CF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{417CBE7F-17AF-49A5-8DDD-2001A3F11F78}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab
FireFox:
========
FF ProfilePath: C:\Users\Šimon\AppData\Roaming\Mozilla\Firefox\Profiles\tcqxgcj3.default
FF DefaultSearchEngine: terra.im
FF SelectedSearchEngine: terra.im
FF Homepage: about:home
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-07] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-2504456539-958815627-3647854443-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Šimon\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2504456539-958815627-3647854443-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Šimon\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2504456539-958815627-3647854443-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Šimon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-04] (Unity Technologies ApS)
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://feed.baboom.audio/?st=ds&query={searchTerms}
CHR DefaultSearchKeyword: Default -> Baboom Search
CHR Profile: C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-09]
CHR Extension: (Dokumenty Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-09]
CHR Extension: (Disk Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (YouTube) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (MuzicInfo) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbgiinmeeapadlkkeiijikonhkdlkdb [2016-03-09]
CHR Extension: (Baboom.Audio) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnligehkhogpcngalffdoomehjcbecna [2016-03-09]
CHR Extension: (Tabuľky Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-09]
CHR Extension: (MSN Homepage) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2016-03-09]
CHR Extension: (Baboom Search) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe [2016-03-09]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-09]
CHR Extension: (Gmail) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-09]
CHR HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (MuzicInfo) - C:\Users\Šimon\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbgiinmeeapadlkkeiijikonhkdlkdb [2016-03-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
S3 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-20] (Acer Incorporated)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-16] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
S3 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-03] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-16] (NVIDIA Corporation)
R2 RfButtonDriverService; C:\WINDOWS\RfBtnSvc64.exe [96880 2015-12-28] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [X]
S2 itakhidsi; no ImagePath
S2 sohvifd; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-12-11] () [File not signed]
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-12-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2015-12-24] (Disc Soft Ltd)
S3 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-08-21] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-13] (REALiX(tm))
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-12-11] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-12-16] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-07-15] (Dritek System Inc.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 cpuz137; \??\C:\Users\IMON~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S1 uzbyzbnz; \??\C:\WINDOWS\system32\drivers\uzbyzbnz.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-09 20:25 - 2016-03-09 20:25 - 00020204 _____ C:\Users\Šimon\Desktop\FRST.txt
2016-03-09 20:14 - 2016-03-09 20:22 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-09 20:14 - 2016-03-09 20:14 - 01524224 _____ C:\Users\Šimon\Downloads\adwcleaner_5.101.exe
2016-03-09 18:45 - 2014-11-05 22:36 - 00000000 ____D C:\Users\Šimon\Desktop\ESET Fix SB 2.1.0
2016-03-09 18:39 - 2016-03-09 18:39 - 00000000 ____D C:\ProgramData\ESET
2016-03-09 18:39 - 2016-03-09 18:39 - 00000000 ____D C:\Program Files\ESET
2016-03-09 18:25 - 2016-03-09 18:25 - 00012247 _____ C:\Users\Šimon\Downloads\[CzT]ESET_NOD32_antivirus_v8_0_304_1_x86_x64_CZ_SK_.torrent
2016-03-09 18:07 - 2016-03-09 20:25 - 00000000 ____D C:\FRST
2016-03-09 18:06 - 2016-03-09 18:06 - 00112640 _____ (forum.viry.cz) C:\Users\Šimon\Desktop\FRSTLauncher.exe
2016-03-09 18:05 - 2016-03-09 18:05 - 02374144 _____ (Farbar) C:\Users\Šimon\Desktop\FRST64.exe
2016-03-09 17:56 - 2016-03-09 17:56 - 00002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-09 17:56 - 2016-03-09 17:56 - 00002293 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-09 17:56 - 2016-03-09 17:56 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Curiolab
2016-03-09 17:55 - 2016-03-09 20:19 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-09 17:55 - 2016-03-09 20:00 - 00000944 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-09 17:55 - 2016-03-09 17:55 - 00003916 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-09 17:55 - 2016-03-09 17:55 - 00003680 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-08 16:29 - 2016-03-08 16:29 - 00003840 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1457450946
2016-03-08 16:29 - 2016-03-08 16:29 - 00001151 _____ C:\Users\Public\Desktop\Opera.lnk
2016-03-08 16:29 - 2016-03-08 16:29 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-03-08 16:27 - 2016-03-08 16:29 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-07 20:32 - 2016-03-07 20:32 - 00001545 _____ C:\Users\Šimon\Desktop\ie.lnk
2016-03-06 19:47 - 2016-03-06 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-03-06 19:47 - 2016-03-06 19:47 - 00000000 ____D C:\Program Files\CPUID
2016-03-03 13:35 - 2016-03-03 13:35 - 00000000 ____D C:\Program Files (x86)\Eidos Interactive
2016-03-02 10:54 - 2016-03-02 10:54 - 00000000 ____D C:\Users\Šimon\Documents\Electronic Arts
2016-03-01 00:03 - 2016-03-01 00:13 - 00000000 ____D C:\Users\Šimon\AppData\Local\D2RM
2016-02-29 15:18 - 2016-03-03 19:54 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\SpinTires
2016-02-29 15:17 - 2016-02-29 15:18 - 00000000 ____D C:\Program Files (x86)\Spintires
2016-02-29 15:17 - 2016-02-29 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2016-02-27 11:05 - 2016-02-27 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software
2016-02-27 11:05 - 2016-02-27 11:05 - 00000000 ____D C:\Program Files\GIANTS Software
2016-02-25 18:42 - 2016-02-25 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\PDAppFlex
2016-02-22 19:49 - 2016-02-22 19:53 - 00000000 ____D C:\Program Files\Farming Simulator 15
2016-02-22 19:49 - 2016-02-22 19:49 - 00000873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15.lnk
2016-02-22 19:49 - 2016-02-22 19:49 - 00000873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15 (x64).lnk
2016-02-21 20:25 - 2016-02-21 20:25 - 00000290 __RSH C:\ProgramData\ntuser.pol
2016-02-21 20:23 - 2016-02-21 20:23 - 00000000 ____H C:\asc_rdflag
2016-02-21 19:41 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-21 19:41 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-21 19:41 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-21 19:40 - 2016-03-09 20:19 - 00000454 _____ C:\WINDOWS\Tasks\736F47384C_1002.job
2016-02-21 19:40 - 2016-03-09 20:19 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\736F47384C_1002
2016-02-21 19:40 - 2016-02-21 19:40 - 00003122 _____ C:\WINDOWS\System32\Tasks\736F47384C_1002
2016-02-20 20:04 - 2016-03-01 21:30 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Trove
2016-02-20 13:50 - 2016-02-20 13:50 - 00000000 ____D C:\Users\Šimon\AppData\Local\Skyrim
2016-02-13 17:02 - 2016-02-27 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net
2016-02-13 17:02 - 2016-02-21 20:26 - 00001420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-13 17:01 - 2016-03-09 20:19 - 00000454 _____ C:\WINDOWS\Tasks\3435377667_1024.job
2016-02-13 17:01 - 2016-02-13 17:01 - 00003122 _____ C:\WINDOWS\System32\Tasks\3435377667_1024
2016-02-13 17:01 - 2016-02-13 17:01 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\3435377667_1024
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-09 20:24 - 2014-11-22 23:35 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2504456539-958815627-3647854443-1002
2016-03-09 20:20 - 2014-12-04 15:23 - 00000000 ___DO C:\Users\Šimon\OneDrive
2016-03-09 20:18 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-09 20:18 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-09 19:44 - 2016-02-02 10:39 - 00000956 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002UA.job
2016-03-09 19:10 - 2015-08-28 20:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-09 18:50 - 2014-12-04 14:51 - 00000000 ____D C:\Users\Šimon
2016-03-09 18:41 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-09 18:38 - 2014-11-23 13:37 - 00000000 ____D C:\uTorrent
2016-03-09 18:26 - 2014-11-22 23:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-09 18:25 - 2014-11-23 22:27 - 00000000 ____D C:\Torrents
2016-03-09 18:05 - 2014-11-22 22:38 - 00000288 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Šimon.job
2016-03-09 17:56 - 2015-12-30 23:48 - 00000000 ____D C:\Users\Šimon\AppData\Local\CrashDumps
2016-03-09 17:56 - 2014-11-22 21:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-09 16:23 - 2014-02-02 15:02 - 00000000 ___RD C:\Users\Šimon\Desktop\programy
2016-03-09 15:21 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 15:21 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-09 14:21 - 2015-01-26 21:13 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3ACDC03A-E666-4F39-AE55-DB670C4007CD}
2016-03-08 19:00 - 2014-12-07 12:21 - 00000000 ____D C:\Users\Šimon\AppData\Local\Deployment
2016-03-08 16:29 - 2015-08-22 13:31 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Opera Software
2016-03-08 16:29 - 2015-08-22 13:31 - 00000000 ____D C:\Users\Šimon\AppData\Local\Opera Software
2016-03-06 15:41 - 2014-01-12 17:17 - 00000000 ___HD C:\Users\Šimon\Documents\Simon
2016-03-06 11:52 - 2014-11-22 22:38 - 00000000 ____D C:\ProgramData\ProductData
2016-03-06 10:56 - 2014-01-10 19:46 - 00000000 ____D C:\Users\Šimon\Documents\filmy
2016-03-06 10:44 - 2016-02-02 10:39 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002Core.job
2016-03-06 00:44 - 2015-08-28 20:05 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-05 13:23 - 2014-09-24 06:35 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-05 13:21 - 2014-01-09 16:54 - 10420736 ___SH C:\Users\Šimon\Desktop\Thumbs.db
2016-03-05 12:13 - 2015-12-29 19:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-02 20:05 - 2014-11-29 18:20 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-03-02 10:44 - 2015-01-31 11:46 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-03-02 10:44 - 2014-12-02 16:35 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-03-02 08:39 - 2014-11-29 20:42 - 00000000 ____D C:\Games
2016-03-02 08:38 - 2015-11-02 16:36 - 00000000 ____D C:\Hry
2016-03-01 21:33 - 2014-12-05 18:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-01 21:32 - 2014-12-04 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry
2016-02-29 09:54 - 2015-08-08 08:10 - 00000000 ____D C:\Users\Šimon\AppData\Local\SKIDROW
2016-02-28 15:00 - 2015-01-17 18:03 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2016-02-28 14:57 - 2015-01-17 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2016-02-27 21:09 - 2013-08-22 15:44 - 05158792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-27 10:49 - 2014-01-08 19:25 - 00000000 ____D C:\Users\Šimon\Documents\My Games
2016-02-26 14:31 - 2014-01-08 17:10 - 00668160 ___SH C:\Users\Šimon\Downloads\Thumbs.db
2016-02-26 10:38 - 2014-11-24 21:11 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\DAEMON Tools Lite
2016-02-26 08:21 - 2015-11-16 19:10 - 00000000 ____D C:\Users\Šimon\Documents\GTA San Andreas User Files
2016-02-25 18:42 - 2015-12-05 17:48 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-02-25 18:42 - 2013-05-23 05:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-25 17:12 - 2015-09-05 21:25 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-25 17:12 - 2015-09-05 21:21 - 00000000 ____D C:\ProgramData\Adobe
2016-02-25 16:53 - 2014-11-22 21:32 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Adobe
2016-02-25 12:27 - 2015-08-23 10:27 - 00000000 ____D C:\Users\Šimon\AppData\Local\Adobe
2016-02-21 20:26 - 2014-12-04 14:56 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-21 20:26 - 2013-07-15 22:04 - 00001972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-02-21 20:25 - 2015-12-28 22:24 - 00001276 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Správca zvuku s vysokým rozlíšením Realtek.lnk
2016-02-21 20:25 - 2015-08-20 08:33 - 00001446 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-21 20:25 - 2014-12-04 14:51 - 00000469 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-02-21 20:25 - 2014-12-04 14:51 - 00000467 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-02-21 20:23 - 2014-12-19 12:56 - 102760448 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2016-02-21 20:23 - 2014-12-19 12:56 - 00548864 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2016-02-21 20:23 - 2014-12-19 12:56 - 00098304 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2016-02-21 20:23 - 2014-12-19 12:56 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2016-02-21 19:42 - 2015-08-22 11:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-21 19:41 - 2015-08-22 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-21 19:41 - 2015-08-22 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-21 12:48 - 2014-11-22 21:41 - 00000000 ____D C:\Users\Šimon\AppData\Local\Google
2016-02-16 15:36 - 2015-12-31 14:31 - 00000000 ____D C:\Program Files (x86)\Counter Strike 1.6 Windows 8
2016-02-16 15:36 - 2015-10-25 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 Windows 8
2016-02-13 23:10 - 2014-12-07 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series
2016-02-13 18:19 - 2015-11-09 17:17 - 00000000 ____D C:\WINDOWS\system32\log
2016-02-13 18:18 - 2015-08-21 19:11 - 00000000 ____D C:\AdwCleaner
2016-02-13 18:18 - 2014-11-22 22:58 - 00000252 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_Šimon.job
2016-02-13 17:16 - 2016-01-05 19:34 - 00000000 ____D C:\ProgramData\MTA San Andreas All
2016-02-13 15:58 - 2015-12-10 15:00 - 00000000 ____D C:\Users\Šimon\Documents\Euro Truck Simulator 2
2016-02-12 19:48 - 2014-05-20 19:33 - 00000000 ____D C:\Users\Šimon\Desktop\foťák
2016-02-10 14:16 - 2015-08-28 20:05 - 00003848 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-02-10 14:16 - 2015-08-28 20:05 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-09 15:20 - 2014-01-10 19:55 - 00000000 ____D C:\Users\Šimon\Documents\Matúš
==================== Files in the root of some directories =======
2015-08-21 09:44 - 2015-08-21 09:44 - 3702878 _____ (E-Tech) C:\Program Files\Common Files\nchdxtid.exe
2014-11-26 17:16 - 2014-11-26 17:16 - 0000003 _____ () C:\Users\Šimon\AppData\Local\updater.log
2015-12-28 22:10 - 2015-12-28 22:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Šimon\AppData\Local\Temp\eauninstall.exe
C:\Users\Šimon\AppData\Local\Temp\GURB8CD.exe
C:\Users\Šimon\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe
C:\Users\Šimon\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
C:\Users\Šimon\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\1N9uswukYzchQtv.job => C:\Users\�imon\AppData\Roaming\1N9uswukYzchQtv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\3435377667_1024.job => C:\Users\Šimon\AppData\Roaming\3435377667_1024\wvFB22bCci.exe
Task: C:\WINDOWS\Tasks\42IvuB5gWSp.job => C:\Users\�imon\AppData\Roaming\42IvuB5gWSp.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\736F47384C_1002.job => C:\Users\Šimon\AppData\Roaming\736F47384C_1002\WQEcRjAJag.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Šimon.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\DdkrTIphI7tpSeHqb0QIoUA3.job => C:\Users\�imon\AppData\Roaming\DdkrTIphI7tpSeHqb0QIoUA3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\eVJm3hhYcZYUUyZvDR.job => C:\Users\�imon\AppData\Roaming\eVJm3hhYcZYUUyZvDR.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002Core.job => C:\Users\Šimon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002UA.job => C:\Users\Šimon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\isWi3E0vv.job => C:\Users\�imon\AppData\Roaming\isWi3E0vv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\kVMoTciHp3uFw.job => C:\Users\�imon\AppData\Roaming\kVMoTciHp3uFw.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Qf8atUYGBqNLVOvFC31b2T.job => C:\Users\�imon\AppData\Roaming\Qf8atUYGBqNLVOvFC31b2T.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RciQcM8hNuX7F.job => C:\Users\�imon\AppData\Roaming\RciQcM8hNuX7F.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Šimon.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\vDo6J3oYC704ipYnVxW7gRxJ.job => C:\Users\�imon\AppData\Roaming\vDo6J3oYC704ipYnVxW7gRxJ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VGuVZV7fnYeOrz2ljwGOfNw2.job => C:\Users\�imon\AppData\Roaming\VGuVZV7fnYeOrz2ljwGOfNw2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\xZVDiVLrFwuvBvfjsCq.job => C:\Users\�imon\AppData\Roaming\xZVDiVLrFwuvBvfjsCq.exe <==== ATTENTION
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\�imon\Desktop" je 9486 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Šimon (administrator) on HOME (09-03-2016 20:25:11)
Running from C:\Users\Šimon\Desktop
Loaded Profiles: Šimon (Available Profiles: Šimon & user-band & Administrator)
Platform: Windows 8.1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(forum.viry.cz) C:\Users\Šimon\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2014-12-04] (Dritek System Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WindowsDriverScan86] => C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk [1501 2014-08-10] ()
HKLM-x32\...\Run: [WindowsDriverScan64] => C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk [1419 2014-08-10] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Run: [Google Update] => C:\Users\Šimon\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {01b53d36-a96a-11e5-bf0f-208984c3ab5b} - "G:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {626b74e5-8c2e-11e5-bef7-208984c3ab5b} - "E:\Install.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {9b7217e7-7bbd-11e4-8250-208984c3ab5b} - "E:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {af0093a9-d4b3-11e5-bf39-208984c3ab5b} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\Common_Handset_USB_Driver.exe
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153392 2015-12-16] (NVIDIA Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B26C385-7A9D-49A9-BFFC-57EDC999C3CF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{417CBE7F-17AF-49A5-8DDD-2001A3F11F78}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab
FireFox:
========
FF ProfilePath: C:\Users\Šimon\AppData\Roaming\Mozilla\Firefox\Profiles\tcqxgcj3.default
FF DefaultSearchEngine: terra.im
FF SelectedSearchEngine: terra.im
FF Homepage: about:home
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-07] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-2504456539-958815627-3647854443-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Šimon\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2504456539-958815627-3647854443-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Šimon\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2504456539-958815627-3647854443-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Šimon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-04] (Unity Technologies ApS)
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://feed.baboom.audio/?st=ds&query={searchTerms}
CHR DefaultSearchKeyword: Default -> Baboom Search
CHR Profile: C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-09]
CHR Extension: (Dokumenty Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-09]
CHR Extension: (Disk Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (YouTube) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (MuzicInfo) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbgiinmeeapadlkkeiijikonhkdlkdb [2016-03-09]
CHR Extension: (Baboom.Audio) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnligehkhogpcngalffdoomehjcbecna [2016-03-09]
CHR Extension: (Tabuľky Google) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-09]
CHR Extension: (MSN Homepage) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2016-03-09]
CHR Extension: (Baboom Search) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe [2016-03-09]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-09]
CHR Extension: (Gmail) - C:\Users\Šimon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-09]
CHR HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR Extension: (MuzicInfo) - C:\Users\Šimon\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbgiinmeeapadlkkeiijikonhkdlkdb [2016-03-09]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
S3 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-20] (Acer Incorporated)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-16] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
S3 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-03] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-16] (NVIDIA Corporation)
R2 RfButtonDriverService; C:\WINDOWS\RfBtnSvc64.exe [96880 2015-12-28] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [X]
S2 itakhidsi; no ImagePath
S2 sohvifd; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2014-12-11] () [File not signed]
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-12-24] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2015-12-24] (Disc Soft Ltd)
S3 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-08-21] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-13] (REALiX(tm))
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2014-12-11] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-12-16] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-07-15] (Dritek System Inc.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 cpuz137; \??\C:\Users\IMON~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S1 uzbyzbnz; \??\C:\WINDOWS\system32\drivers\uzbyzbnz.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-09 20:25 - 2016-03-09 20:25 - 00020204 _____ C:\Users\Šimon\Desktop\FRST.txt
2016-03-09 20:14 - 2016-03-09 20:22 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-09 20:14 - 2016-03-09 20:14 - 01524224 _____ C:\Users\Šimon\Downloads\adwcleaner_5.101.exe
2016-03-09 18:45 - 2014-11-05 22:36 - 00000000 ____D C:\Users\Šimon\Desktop\ESET Fix SB 2.1.0
2016-03-09 18:39 - 2016-03-09 18:39 - 00000000 ____D C:\ProgramData\ESET
2016-03-09 18:39 - 2016-03-09 18:39 - 00000000 ____D C:\Program Files\ESET
2016-03-09 18:25 - 2016-03-09 18:25 - 00012247 _____ C:\Users\Šimon\Downloads\[CzT]ESET_NOD32_antivirus_v8_0_304_1_x86_x64_CZ_SK_.torrent
2016-03-09 18:07 - 2016-03-09 20:25 - 00000000 ____D C:\FRST
2016-03-09 18:06 - 2016-03-09 18:06 - 00112640 _____ (forum.viry.cz) C:\Users\Šimon\Desktop\FRSTLauncher.exe
2016-03-09 18:05 - 2016-03-09 18:05 - 02374144 _____ (Farbar) C:\Users\Šimon\Desktop\FRST64.exe
2016-03-09 17:56 - 2016-03-09 17:56 - 00002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-09 17:56 - 2016-03-09 17:56 - 00002293 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-09 17:56 - 2016-03-09 17:56 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Curiolab
2016-03-09 17:55 - 2016-03-09 20:19 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-09 17:55 - 2016-03-09 20:00 - 00000944 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-09 17:55 - 2016-03-09 17:55 - 00003916 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-09 17:55 - 2016-03-09 17:55 - 00003680 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-08 16:29 - 2016-03-08 16:29 - 00003840 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1457450946
2016-03-08 16:29 - 2016-03-08 16:29 - 00001151 _____ C:\Users\Public\Desktop\Opera.lnk
2016-03-08 16:29 - 2016-03-08 16:29 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-03-08 16:27 - 2016-03-08 16:29 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-07 20:32 - 2016-03-07 20:32 - 00001545 _____ C:\Users\Šimon\Desktop\ie.lnk
2016-03-06 19:47 - 2016-03-06 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-03-06 19:47 - 2016-03-06 19:47 - 00000000 ____D C:\Program Files\CPUID
2016-03-03 13:35 - 2016-03-03 13:35 - 00000000 ____D C:\Program Files (x86)\Eidos Interactive
2016-03-02 10:54 - 2016-03-02 10:54 - 00000000 ____D C:\Users\Šimon\Documents\Electronic Arts
2016-03-01 00:03 - 2016-03-01 00:13 - 00000000 ____D C:\Users\Šimon\AppData\Local\D2RM
2016-02-29 15:18 - 2016-03-03 19:54 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\SpinTires
2016-02-29 15:17 - 2016-02-29 15:18 - 00000000 ____D C:\Program Files (x86)\Spintires
2016-02-29 15:17 - 2016-02-29 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spintires
2016-02-27 11:05 - 2016-02-27 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software
2016-02-27 11:05 - 2016-02-27 11:05 - 00000000 ____D C:\Program Files\GIANTS Software
2016-02-25 18:42 - 2016-02-25 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-02-25 17:10 - 2016-02-25 17:10 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\PDAppFlex
2016-02-22 19:49 - 2016-02-22 19:53 - 00000000 ____D C:\Program Files\Farming Simulator 15
2016-02-22 19:49 - 2016-02-22 19:49 - 00000873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15.lnk
2016-02-22 19:49 - 2016-02-22 19:49 - 00000873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15 (x64).lnk
2016-02-21 20:25 - 2016-02-21 20:25 - 00000290 __RSH C:\ProgramData\ntuser.pol
2016-02-21 20:23 - 2016-02-21 20:23 - 00000000 ____H C:\asc_rdflag
2016-02-21 19:41 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-21 19:41 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-21 19:41 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-21 19:40 - 2016-03-09 20:19 - 00000454 _____ C:\WINDOWS\Tasks\736F47384C_1002.job
2016-02-21 19:40 - 2016-03-09 20:19 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\736F47384C_1002
2016-02-21 19:40 - 2016-02-21 19:40 - 00003122 _____ C:\WINDOWS\System32\Tasks\736F47384C_1002
2016-02-20 20:04 - 2016-03-01 21:30 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Trove
2016-02-20 13:50 - 2016-02-20 13:50 - 00000000 ____D C:\Users\Šimon\AppData\Local\Skyrim
2016-02-13 17:02 - 2016-02-27 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net
2016-02-13 17:02 - 2016-02-21 20:26 - 00001420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-13 17:01 - 2016-03-09 20:19 - 00000454 _____ C:\WINDOWS\Tasks\3435377667_1024.job
2016-02-13 17:01 - 2016-02-13 17:01 - 00003122 _____ C:\WINDOWS\System32\Tasks\3435377667_1024
2016-02-13 17:01 - 2016-02-13 17:01 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\3435377667_1024
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-09 20:24 - 2014-11-22 23:35 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2504456539-958815627-3647854443-1002
2016-03-09 20:20 - 2014-12-04 15:23 - 00000000 ___DO C:\Users\Šimon\OneDrive
2016-03-09 20:18 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-09 20:18 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-09 19:44 - 2016-02-02 10:39 - 00000956 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002UA.job
2016-03-09 19:10 - 2015-08-28 20:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-09 18:50 - 2014-12-04 14:51 - 00000000 ____D C:\Users\Šimon
2016-03-09 18:41 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-09 18:38 - 2014-11-23 13:37 - 00000000 ____D C:\uTorrent
2016-03-09 18:26 - 2014-11-22 23:33 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-09 18:25 - 2014-11-23 22:27 - 00000000 ____D C:\Torrents
2016-03-09 18:05 - 2014-11-22 22:38 - 00000288 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Šimon.job
2016-03-09 17:56 - 2015-12-30 23:48 - 00000000 ____D C:\Users\Šimon\AppData\Local\CrashDumps
2016-03-09 17:56 - 2014-11-22 21:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-09 16:23 - 2014-02-02 15:02 - 00000000 ___RD C:\Users\Šimon\Desktop\programy
2016-03-09 15:21 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 15:21 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-09 14:21 - 2015-01-26 21:13 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3ACDC03A-E666-4F39-AE55-DB670C4007CD}
2016-03-08 19:00 - 2014-12-07 12:21 - 00000000 ____D C:\Users\Šimon\AppData\Local\Deployment
2016-03-08 16:29 - 2015-08-22 13:31 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Opera Software
2016-03-08 16:29 - 2015-08-22 13:31 - 00000000 ____D C:\Users\Šimon\AppData\Local\Opera Software
2016-03-06 15:41 - 2014-01-12 17:17 - 00000000 ___HD C:\Users\Šimon\Documents\Simon
2016-03-06 11:52 - 2014-11-22 22:38 - 00000000 ____D C:\ProgramData\ProductData
2016-03-06 10:56 - 2014-01-10 19:46 - 00000000 ____D C:\Users\Šimon\Documents\filmy
2016-03-06 10:44 - 2016-02-02 10:39 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002Core.job
2016-03-06 00:44 - 2015-08-28 20:05 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-05 13:23 - 2014-09-24 06:35 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-05 13:21 - 2014-01-09 16:54 - 10420736 ___SH C:\Users\Šimon\Desktop\Thumbs.db
2016-03-05 12:13 - 2015-12-29 19:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-02 20:05 - 2014-11-29 18:20 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-03-02 10:44 - 2015-01-31 11:46 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-03-02 10:44 - 2014-12-02 16:35 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-03-02 08:39 - 2014-11-29 20:42 - 00000000 ____D C:\Games
2016-03-02 08:38 - 2015-11-02 16:36 - 00000000 ____D C:\Hry
2016-03-01 21:33 - 2014-12-05 18:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-01 21:32 - 2014-12-04 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry
2016-02-29 09:54 - 2015-08-08 08:10 - 00000000 ____D C:\Users\Šimon\AppData\Local\SKIDROW
2016-02-28 15:00 - 2015-01-17 18:03 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2016-02-28 14:57 - 2015-01-17 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2016-02-27 21:09 - 2013-08-22 15:44 - 05158792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-27 10:49 - 2014-01-08 19:25 - 00000000 ____D C:\Users\Šimon\Documents\My Games
2016-02-26 14:31 - 2014-01-08 17:10 - 00668160 ___SH C:\Users\Šimon\Downloads\Thumbs.db
2016-02-26 10:38 - 2014-11-24 21:11 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\DAEMON Tools Lite
2016-02-26 08:21 - 2015-11-16 19:10 - 00000000 ____D C:\Users\Šimon\Documents\GTA San Andreas User Files
2016-02-25 18:42 - 2015-12-05 17:48 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-02-25 18:42 - 2013-05-23 05:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-25 17:12 - 2015-09-05 21:25 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-25 17:12 - 2015-09-05 21:21 - 00000000 ____D C:\ProgramData\Adobe
2016-02-25 16:53 - 2014-11-22 21:32 - 00000000 ____D C:\Users\Šimon\AppData\Roaming\Adobe
2016-02-25 12:27 - 2015-08-23 10:27 - 00000000 ____D C:\Users\Šimon\AppData\Local\Adobe
2016-02-21 20:26 - 2014-12-04 14:56 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-21 20:26 - 2013-07-15 22:04 - 00001972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-02-21 20:25 - 2015-12-28 22:24 - 00001276 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Správca zvuku s vysokým rozlíšením Realtek.lnk
2016-02-21 20:25 - 2015-08-20 08:33 - 00001446 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-21 20:25 - 2014-12-04 14:51 - 00000469 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-02-21 20:25 - 2014-12-04 14:51 - 00000467 _____ C:\Users\Šimon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-02-21 20:23 - 2014-12-19 12:56 - 102760448 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2016-02-21 20:23 - 2014-12-19 12:56 - 00548864 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2016-02-21 20:23 - 2014-12-19 12:56 - 00098304 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2016-02-21 20:23 - 2014-12-19 12:56 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2016-02-21 19:42 - 2015-08-22 11:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-21 19:41 - 2015-08-22 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-21 19:41 - 2015-08-22 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-21 12:48 - 2014-11-22 21:41 - 00000000 ____D C:\Users\Šimon\AppData\Local\Google
2016-02-16 15:36 - 2015-12-31 14:31 - 00000000 ____D C:\Program Files (x86)\Counter Strike 1.6 Windows 8
2016-02-16 15:36 - 2015-10-25 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 Windows 8
2016-02-13 23:10 - 2014-12-07 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series
2016-02-13 18:19 - 2015-11-09 17:17 - 00000000 ____D C:\WINDOWS\system32\log
2016-02-13 18:18 - 2015-08-21 19:11 - 00000000 ____D C:\AdwCleaner
2016-02-13 18:18 - 2014-11-22 22:58 - 00000252 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_Šimon.job
2016-02-13 17:16 - 2016-01-05 19:34 - 00000000 ____D C:\ProgramData\MTA San Andreas All
2016-02-13 15:58 - 2015-12-10 15:00 - 00000000 ____D C:\Users\Šimon\Documents\Euro Truck Simulator 2
2016-02-12 19:48 - 2014-05-20 19:33 - 00000000 ____D C:\Users\Šimon\Desktop\foťák
2016-02-10 14:16 - 2015-08-28 20:05 - 00003848 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-02-10 14:16 - 2015-08-28 20:05 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-09 15:20 - 2014-01-10 19:55 - 00000000 ____D C:\Users\Šimon\Documents\Matúš
==================== Files in the root of some directories =======
2015-08-21 09:44 - 2015-08-21 09:44 - 3702878 _____ (E-Tech) C:\Program Files\Common Files\nchdxtid.exe
2014-11-26 17:16 - 2014-11-26 17:16 - 0000003 _____ () C:\Users\Šimon\AppData\Local\updater.log
2015-12-28 22:10 - 2015-12-28 22:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Šimon\AppData\Local\Temp\eauninstall.exe
C:\Users\Šimon\AppData\Local\Temp\GURB8CD.exe
C:\Users\Šimon\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe
C:\Users\Šimon\AppData\Local\Temp\sqlite-3.8.2-x86-sqlitejdbc.dll
C:\Users\Šimon\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\1N9uswukYzchQtv.job => C:\Users\�imon\AppData\Roaming\1N9uswukYzchQtv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\3435377667_1024.job => C:\Users\Šimon\AppData\Roaming\3435377667_1024\wvFB22bCci.exe
Task: C:\WINDOWS\Tasks\42IvuB5gWSp.job => C:\Users\�imon\AppData\Roaming\42IvuB5gWSp.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\736F47384C_1002.job => C:\Users\Šimon\AppData\Roaming\736F47384C_1002\WQEcRjAJag.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Šimon.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\DdkrTIphI7tpSeHqb0QIoUA3.job => C:\Users\�imon\AppData\Roaming\DdkrTIphI7tpSeHqb0QIoUA3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\eVJm3hhYcZYUUyZvDR.job => C:\Users\�imon\AppData\Roaming\eVJm3hhYcZYUUyZvDR.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002Core.job => C:\Users\Šimon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002UA.job => C:\Users\Šimon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\isWi3E0vv.job => C:\Users\�imon\AppData\Roaming\isWi3E0vv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\kVMoTciHp3uFw.job => C:\Users\�imon\AppData\Roaming\kVMoTciHp3uFw.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Qf8atUYGBqNLVOvFC31b2T.job => C:\Users\�imon\AppData\Roaming\Qf8atUYGBqNLVOvFC31b2T.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RciQcM8hNuX7F.job => C:\Users\�imon\AppData\Roaming\RciQcM8hNuX7F.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Šimon.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\vDo6J3oYC704ipYnVxW7gRxJ.job => C:\Users\�imon\AppData\Roaming\vDo6J3oYC704ipYnVxW7gRxJ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VGuVZV7fnYeOrz2ljwGOfNw2.job => C:\Users\�imon\AppData\Roaming\VGuVZV7fnYeOrz2ljwGOfNw2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\xZVDiVLrFwuvBvfjsCq.job => C:\Users\�imon\AppData\Roaming\xZVDiVLrFwuvBvfjsCq.exe <==== ATTENTION
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\�imon\Desktop" je 9486 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Ruské reklamy - presmerovanie na ruské stránky
Otevřte poznámkový blok a zkopírujte do něj:
Z logu:
Kromě toho doporučuji odinstalovat AdvancedSystemCare. Tento rádoby čistič vidí problémy tam, kde nejsou a laik si jím proto může poškodit systém.
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {01b53d36-a96a-11e5-bf0f-208984c3ab5b} - "G:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {626b74e5-8c2e-11e5-bef7-208984c3ab5b} - "E:\Install.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {9b7217e7-7bbd-11e4-8250-208984c3ab5b} - "E:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {af0093a9-d4b3-11e5-bf39-208984c3ab5b} - "C:\WINDOWS\system32\RunDLL32.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
S2 itakhidsi; no ImagePath
S2 sohvifd; no ImagePath
S1 uzbyzbnz; \??\C:\WINDOWS\system32\drivers\uzbyzbnz.sys [X]
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\Tasks\736F47384C_1002.job
C:\Users\Šimon\AppData\Roaming\736F47384C_1002
C:\WINDOWS\System32\Tasks\736F47384C_1002
C:\WINDOWS\Tasks\3435377667_1024.job
C:\WINDOWS\System32\Tasks\3435377667_1024
C:\Users\Šimon\AppData\Roaming\3435377667_1024
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002UA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002Core.job
C:\ProgramData\DP45977C.lfl
C:\Users\Šimon\AppData\Local\Temp
Task: C:\WINDOWS\Tasks\1N9uswukYzchQtv.job => C:\Users\�imon\AppData\Roaming\1N9uswukYzchQtv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\42IvuB5gWSp.job => C:\Users\�imon\AppData\Roaming\42IvuB5gWSp.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DdkrTIphI7tpSeHqb0QIoUA3.job => C:\Users\�imon\AppData\Roaming\DdkrTIphI7tpSeHqb0QIoUA3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\eVJm3hhYcZYUUyZvDR.job => C:\Users\�imon\AppData\Roaming\eVJm3hhYcZYUUyZvDR.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\isWi3E0vv.job => C:\Users\�imon\AppData\Roaming\isWi3E0vv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\kVMoTciHp3uFw.job => C:\Users\�imon\AppData\Roaming\kVMoTciHp3uFw.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Qf8atUYGBqNLVOvFC31b2T.job => C:\Users\�imon\AppData\Roaming\Qf8atUYGBqNLVOvFC31b2T.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RciQcM8hNuX7F.job => C:\Users\�imon\AppData\Roaming\RciQcM8hNuX7F.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\vDo6J3oYC704ipYnVxW7gRxJ.job => C:\Users\�imon\AppData\Roaming\vDo6J3oYC704ipYnVxW7gRxJ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VGuVZV7fnYeOrz2ljwGOfNw2.job => C:\Users\�imon\AppData\Roaming\VGuVZV7fnYeOrz2ljwGOfNw2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\xZVDiVLrFwuvBvfjsCq.job => C:\Users\�imon\AppData\Roaming\xZVDiVLrFwuvBvfjsCq.exe <==== ATTENTION
End
Z logu:
To je příliš mnoho a může to zpomalovat start systému. Vytvořte v C:\Users\šimon novou složku, přesuňte do ní všechna data z plochy (kromě zástupců) a na plochu si dejte pro snazší přístup jejího zástupce.Velikost slozky "C:\Users\šimon\Desktop" je 9486 MB.
Kromě toho doporučuji odinstalovat AdvancedSystemCare. Tento rádoby čistič vidí problémy tam, kde nejsou a laik si jím proto může poškodit systém.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
sitdowntragedy
- Návštěvník
- Příspěvky: 5
- Registrován: 09 bře 2016 18:14
Re: Ruské reklamy - presmerovanie na ruské stránky
Všetko som urobil podľa vás.
Log:
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Šimon (2016-03-10 18:26:56) Run:1
Running from C:\Users\Šimon\Desktop
Loaded Profiles: Šimon (Available Profiles: Šimon & user-band & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {01b53d36-a96a-11e5-bf0f-208984c3ab5b} - "G:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {626b74e5-8c2e-11e5-bef7-208984c3ab5b} - "E:\Install.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {9b7217e7-7bbd-11e4-8250-208984c3ab5b} - "E:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {af0093a9-d4b3-11e5-bf39-208984c3ab5b} - "C:\WINDOWS\system32\RunDLL32.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
S2 itakhidsi; no ImagePath
S2 sohvifd; no ImagePath
S1 uzbyzbnz; \??\C:\WINDOWS\system32\drivers\uzbyzbnz.sys [X]
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\Tasks\736F47384C_1002.job
C:\Users\Šimon\AppData\Roaming\736F47384C_1002
C:\WINDOWS\System32\Tasks\736F47384C_1002
C:\WINDOWS\Tasks\3435377667_1024.job
C:\WINDOWS\System32\Tasks\3435377667_1024
C:\Users\Šimon\AppData\Roaming\3435377667_1024
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002UA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002Core.job
C:\ProgramData\DP45977C.lfl
C:\Users\Šimon\AppData\Local\Temp
Task: C:\WINDOWS\Tasks\1N9uswukYzchQtv.job => C:\Users\Šimon\AppData\Roaming\1N9uswukYzchQtv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\42IvuB5gWSp.job => C:\Users\Šimon\AppData\Roaming\42IvuB5gWSp.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DdkrTIphI7tpSeHqb0QIoUA3.job => C:\Users\Šimon\AppData\Roaming\DdkrTIphI7tpSeHqb0QIoUA3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\eVJm3hhYcZYUUyZvDR.job => C:\Users\Šimon\AppData\Roaming\eVJm3hhYcZYUUyZvDR.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\isWi3E0vv.job => C:\Users\Šimon\AppData\Roaming\isWi3E0vv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\kVMoTciHp3uFw.job => C:\Users\Šimon\AppData\Roaming\kVMoTciHp3uFw.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Qf8atUYGBqNLVOvFC31b2T.job => C:\Users\Šimon\AppData\Roaming\Qf8atUYGBqNLVOvFC31b2T.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RciQcM8hNuX7F.job => C:\Users\Šimon\AppData\Roaming\RciQcM8hNuX7F.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\vDo6J3oYC704ipYnVxW7gRxJ.job => C:\Users\Šimon\AppData\Roaming\vDo6J3oYC704ipYnVxW7gRxJ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VGuVZV7fnYeOrz2ljwGOfNw2.job => C:\Users\Šimon\AppData\Roaming\VGuVZV7fnYeOrz2ljwGOfNw2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\xZVDiVLrFwuvBvfjsCq.job => C:\Users\Šimon\AppData\Roaming\xZVDiVLrFwuvBvfjsCq.exe <==== ATTENTION
End
*****************
"HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01b53d36-a96a-11e5-bf0f-208984c3ab5b}" => key removed successfully
HKCR\CLSID\{01b53d36-a96a-11e5-bf0f-208984c3ab5b} => key not found.
"HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{626b74e5-8c2e-11e5-bef7-208984c3ab5b}" => key removed successfully
HKCR\CLSID\{626b74e5-8c2e-11e5-bef7-208984c3ab5b} => key not found.
"HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b7217e7-7bbd-11e4-8250-208984c3ab5b}" => key removed successfully
HKCR\CLSID\{9b7217e7-7bbd-11e4-8250-208984c3ab5b} => key not found.
"HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af0093a9-d4b3-11e5-bf39-208984c3ab5b}" => key removed successfully
HKCR\CLSID\{af0093a9-d4b3-11e5-bf39-208984c3ab5b} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE}" => key removed successfully
HKCR\CLSID\{4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} => key not found.
itakhidsi => service removed successfully
sohvifd => service removed successfully
uzbyzbnz => service removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\Tasks\736F47384C_1002.job => moved successfully
C:\Users\Šimon\AppData\Roaming\736F47384C_1002 => moved successfully
C:\WINDOWS\System32\Tasks\736F47384C_1002 => moved successfully
C:\WINDOWS\Tasks\3435377667_1024.job => moved successfully
C:\WINDOWS\System32\Tasks\3435377667_1024 => moved successfully
C:\Users\Šimon\AppData\Roaming\3435377667_1024 => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002UA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002Core.job => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\Users\Šimon\AppData\Local\Temp" folder move:
Could not move "C:\Users\Šimon\AppData\Local\Temp" => Scheduled to move on reboot.
C:\WINDOWS\Tasks\1N9uswukYzchQtv.job => moved successfully
C:\WINDOWS\Tasks\42IvuB5gWSp.job => moved successfully
C:\WINDOWS\Tasks\DdkrTIphI7tpSeHqb0QIoUA3.job => moved successfully
C:\WINDOWS\Tasks\eVJm3hhYcZYUUyZvDR.job => moved successfully
C:\WINDOWS\Tasks\isWi3E0vv.job => moved successfully
C:\WINDOWS\Tasks\kVMoTciHp3uFw.job => moved successfully
C:\WINDOWS\Tasks\Qf8atUYGBqNLVOvFC31b2T.job => moved successfully
C:\WINDOWS\Tasks\RciQcM8hNuX7F.job => moved successfully
C:\WINDOWS\Tasks\vDo6J3oYC704ipYnVxW7gRxJ.job => moved successfully
C:\WINDOWS\Tasks\VGuVZV7fnYeOrz2ljwGOfNw2.job => moved successfully
C:\WINDOWS\Tasks\xZVDiVLrFwuvBvfjsCq.job => moved successfully
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-10 18:28:43)
C:\Users\Šimon\AppData\Local\Temp => moved successfully
==== End of Fixlog 18:28:44 ====
Log:
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Šimon (2016-03-10 18:26:56) Run:1
Running from C:\Users\Šimon\Desktop
Loaded Profiles: Šimon (Available Profiles: Šimon & user-band & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {01b53d36-a96a-11e5-bf0f-208984c3ab5b} - "G:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {626b74e5-8c2e-11e5-bef7-208984c3ab5b} - "E:\Install.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {9b7217e7-7bbd-11e4-8250-208984c3ab5b} - "E:\setup.exe"
HKU\S-1-5-21-2504456539-958815627-3647854443-1002\...\MountPoints2: {af0093a9-d4b3-11e5-bf39-208984c3ab5b} - "C:\WINDOWS\system32\RunDLL32.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2504456539-958815627-3647854443-1002 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
S2 itakhidsi; no ImagePath
S2 sohvifd; no ImagePath
S1 uzbyzbnz; \??\C:\WINDOWS\system32\drivers\uzbyzbnz.sys [X]
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\Tasks\736F47384C_1002.job
C:\Users\Šimon\AppData\Roaming\736F47384C_1002
C:\WINDOWS\System32\Tasks\736F47384C_1002
C:\WINDOWS\Tasks\3435377667_1024.job
C:\WINDOWS\System32\Tasks\3435377667_1024
C:\Users\Šimon\AppData\Roaming\3435377667_1024
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002UA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002Core.job
C:\ProgramData\DP45977C.lfl
C:\Users\Šimon\AppData\Local\Temp
Task: C:\WINDOWS\Tasks\1N9uswukYzchQtv.job => C:\Users\Šimon\AppData\Roaming\1N9uswukYzchQtv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\42IvuB5gWSp.job => C:\Users\Šimon\AppData\Roaming\42IvuB5gWSp.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DdkrTIphI7tpSeHqb0QIoUA3.job => C:\Users\Šimon\AppData\Roaming\DdkrTIphI7tpSeHqb0QIoUA3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\eVJm3hhYcZYUUyZvDR.job => C:\Users\Šimon\AppData\Roaming\eVJm3hhYcZYUUyZvDR.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\isWi3E0vv.job => C:\Users\Šimon\AppData\Roaming\isWi3E0vv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\kVMoTciHp3uFw.job => C:\Users\Šimon\AppData\Roaming\kVMoTciHp3uFw.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Qf8atUYGBqNLVOvFC31b2T.job => C:\Users\Šimon\AppData\Roaming\Qf8atUYGBqNLVOvFC31b2T.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RciQcM8hNuX7F.job => C:\Users\Šimon\AppData\Roaming\RciQcM8hNuX7F.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\vDo6J3oYC704ipYnVxW7gRxJ.job => C:\Users\Šimon\AppData\Roaming\vDo6J3oYC704ipYnVxW7gRxJ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VGuVZV7fnYeOrz2ljwGOfNw2.job => C:\Users\Šimon\AppData\Roaming\VGuVZV7fnYeOrz2ljwGOfNw2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\xZVDiVLrFwuvBvfjsCq.job => C:\Users\Šimon\AppData\Roaming\xZVDiVLrFwuvBvfjsCq.exe <==== ATTENTION
End
*****************
"HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01b53d36-a96a-11e5-bf0f-208984c3ab5b}" => key removed successfully
HKCR\CLSID\{01b53d36-a96a-11e5-bf0f-208984c3ab5b} => key not found.
"HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{626b74e5-8c2e-11e5-bef7-208984c3ab5b}" => key removed successfully
HKCR\CLSID\{626b74e5-8c2e-11e5-bef7-208984c3ab5b} => key not found.
"HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b7217e7-7bbd-11e4-8250-208984c3ab5b}" => key removed successfully
HKCR\CLSID\{9b7217e7-7bbd-11e4-8250-208984c3ab5b} => key not found.
"HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af0093a9-d4b3-11e5-bf39-208984c3ab5b}" => key removed successfully
HKCR\CLSID\{af0093a9-d4b3-11e5-bf39-208984c3ab5b} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2504456539-958815627-3647854443-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE}" => key removed successfully
HKCR\CLSID\{4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} => key not found.
itakhidsi => service removed successfully
sohvifd => service removed successfully
uzbyzbnz => service removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\Tasks\736F47384C_1002.job => moved successfully
C:\Users\Šimon\AppData\Roaming\736F47384C_1002 => moved successfully
C:\WINDOWS\System32\Tasks\736F47384C_1002 => moved successfully
C:\WINDOWS\Tasks\3435377667_1024.job => moved successfully
C:\WINDOWS\System32\Tasks\3435377667_1024 => moved successfully
C:\Users\Šimon\AppData\Roaming\3435377667_1024 => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002UA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2504456539-958815627-3647854443-1002Core.job => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\Users\Šimon\AppData\Local\Temp" folder move:
Could not move "C:\Users\Šimon\AppData\Local\Temp" => Scheduled to move on reboot.
C:\WINDOWS\Tasks\1N9uswukYzchQtv.job => moved successfully
C:\WINDOWS\Tasks\42IvuB5gWSp.job => moved successfully
C:\WINDOWS\Tasks\DdkrTIphI7tpSeHqb0QIoUA3.job => moved successfully
C:\WINDOWS\Tasks\eVJm3hhYcZYUUyZvDR.job => moved successfully
C:\WINDOWS\Tasks\isWi3E0vv.job => moved successfully
C:\WINDOWS\Tasks\kVMoTciHp3uFw.job => moved successfully
C:\WINDOWS\Tasks\Qf8atUYGBqNLVOvFC31b2T.job => moved successfully
C:\WINDOWS\Tasks\RciQcM8hNuX7F.job => moved successfully
C:\WINDOWS\Tasks\vDo6J3oYC704ipYnVxW7gRxJ.job => moved successfully
C:\WINDOWS\Tasks\VGuVZV7fnYeOrz2ljwGOfNw2.job => moved successfully
C:\WINDOWS\Tasks\xZVDiVLrFwuvBvfjsCq.job => moved successfully
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-10 18:28:43)
C:\Users\Šimon\AppData\Local\Temp => moved successfully
==== End of Fixlog 18:28:44 ====
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Ruské reklamy - presmerovanie na ruské stránky
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
sitdowntragedy
- Návštěvník
- Příspěvky: 5
- Registrován: 09 bře 2016 18:14
Re: Ruské reklamy - presmerovanie na ruské stránky
Skúšal som Operu, tá stále vykazovala to isté. Skúsil som Google Chrome a funguje ako má, Internet Explorer funguje stále, na ňom mi to šlo aj predtým, no používal som prehliadač Opera, preto som si nebol istý. Viete mi povedať, kde bola chyba?
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Ruské reklamy - presmerovanie na ruské stránky
Měl jste tam řadu AdWarů. Jsem rád, že je to už OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?