PC-HELP.CZ

Dobrý den, neni to ani den co jsem zde řešil otravné reklamy na mém prohlížeči, ale vrátili se. Poté co jsme nachvíli vypnul Avast tak se hned vrátili na své místo a dělají dál neplechu :(

Log z HIJ

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:30:39, on 14.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Svata\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Programy\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SystemStart] C:\Users\Public\System\game.vbs
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Programy\Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programy\Malwarebytes'\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8106 bytes

Ok, podíváme se na to. Jen takový dotaz, proč si vypínal Avast?

Poznáváš tento soubor?
C:\Users\Public\System\game.vbs

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na tlačícko „Vymazat-Clean“

===================================================

Vypni antivir
Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:


klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

===================================================

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Avast jsem vypnul omylem, když jsem proklikával veškerá nastavení (vím, jsem antitalent ).
C:\Users\Public\System\game.vbs : tento soubor by mohl mít něco společného s mojí složkou v disku D, na kterém mám uložené hry.

# AdwCleaner v4.201 - Log vytvořen 14/04/2015 v 17:52:04
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-08.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : Svata - SVATA-PC
# Spuštěno z : C:\Users\Svata\Desktop\adwcleaner_4.201.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Google Chrome v41.0.2272.118

[C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://websearch.coolsearches.info/?l=1&q={searchTerms}&pid=2252&r=2015/03/27&hid=15868545116559291174&lg=EN&cc=CZ&unqvl=85
[C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://websearch.coolsearches.info/?l=1&q={searchTerms}&pid=2252&r=2015/03/27&hid=15868545116559291174&lg=EN&cc=CZ&unqvl=85
[C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://mp3tubetoolbarsearch.com/?tmp=ne ... &keywords={searchTerms}
[C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://websearch.fastosearch.info/?l=1&q={searchTerms}&pid=625&r=2014/06/01&hid=5557620058822652860&lg=EN&cc=CZ&unqvl=55
[C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://mp3tubetoolbar.com/?tmp=toolbar_ ... &Keywords={searchTerms}&clid=d8043b5873564c628f73877e552b817f
[C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] : hxxp://www.mysearchresults.com/?c=3523&t=01
[C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Startup_URLs] : hxxp://isearch.omiga-plus.com/?type=hp& ... J1BQ901556

*************************

AdwCleaner[R0].txt - [6237 bytů] - [12/04/2015 23:26:51]
AdwCleaner[R1].txt - [2487 bytů] - [14/04/2015 17:48:55]
AdwCleaner[S0].txt - [5586 bytů] - [12/04/2015 23:33:14]
AdwCleaner[S1].txt - [2404 bytů] - [14/04/2015 17:52:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2462 bytů] ##########





Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Svata on Łt 14.04.2015 at 17:57:29,49.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Svata\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-04-13-203030.log 9502 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Svata\AppData\Roaming\appdataFr3.bin deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12.04.2015 20:56]

==== Chromium Look ======================

Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db]

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12.04.2015 20:56]

WOT - Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
Bookmark Manager - Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Avast Online Security - Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Blue Space Sunset Chrome Theme - Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog

==== Chromium Startpages ======================

C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.mysearchresults.com/?c=3523&t=01",
"startup_urls": [ "http://isearch.omiga-plus.com/?type=hp&ts=1421073340&from=ild&uid=SAMSUNGXHD642JJ_S1AFJ1BQ901556", "http://www.seznam.cz/", "http://www.mystartsearch.com/?type=hp&ts=1426685978&from=wpc&uid=SAMSUNGXHD642JJ_S1AFJ1BQ901556" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Svata\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Svata\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================


==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Svata\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Svata\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 14.04.2015 at 18:54:59,31 ======================



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Svata (administrator) on SVATA-PC on 14-04-2015 18:59:53
Running from C:\Users\Svata\Desktop
Loaded Profiles: Svata (Available profiles: Svata)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn Inc.) D:\Programy\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Programy\Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\Programy\Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(LogMeIn, Inc.) D:\Programy\Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Svata\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\bitsadmin.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programy\Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-12] (Avast Software s.r.o.)
HKU\S-1-5-21-2803435921-266408332-3178483983-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2803435921-266408332-3178483983-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2803435921-266408332-3178483983-1000\...\Run: [SystemStart] => C:\Users\Public\System\game.vbs [76 2014-09-06] ()
HKU\S-1-5-21-2803435921-266408332-3178483983-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-08] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2803435921-266408332-3178483983-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-12] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-12] (Avast Software s.r.o.)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-12]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-30]
CHR Extension: (Google Docs) - C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-30]
CHR Extension: (Google Drive) - C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-30]
CHR Extension: (YouTube) - C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-30]
CHR Extension: (Google Search) - C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Google Sheets) - C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-30]
CHR Extension: (Avast Online Security) - C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-12]
CHR Extension: (Google Wallet) - C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-30]
CHR Extension: (Gmail) - C:\Users\Svata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-12] (Avast Software s.r.o.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2015-02-09] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 Hamachi2Svc; D:\Programy\Hamachi\hamachi-2.exe [2490216 2015-03-30] (LogMeIn Inc.)
S2 MBAMService; D:\Programy\Malwarebytes'\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-12] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-12] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-12] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-12] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-12] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-12] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-02-10] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [31648 2015-03-11] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 18:59 - 2015-04-14 19:00 - 00012209 _____ () C:\Users\Svata\Desktop\FRST.txt
2015-04-14 18:59 - 2015-04-14 19:00 - 00000000 ____D () C:\FRST
2015-04-14 18:58 - 2015-04-14 18:58 - 02096640 _____ (Farbar) C:\Users\Svata\Desktop\FRST64.exe
2015-04-14 18:57 - 2015-04-14 18:57 - 00000020 _____ () C:\Users\Svata\AppData\Roaming\appdataFr3.bin
2015-04-14 18:56 - 2015-04-14 18:56 - 00006524 _____ () C:\Users\Svata\Desktop\zoek-results.txt
2015-04-14 18:53 - 2015-04-14 17:57 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-04-14 17:58 - 2015-04-13 22:30 - 00009502 _____ () C:\zoek-results2015-04-13-203030.log
2015-04-14 17:56 - 2015-04-14 17:56 - 01305600 _____ () C:\Users\Svata\Desktop\zoek.exe
2015-04-14 17:55 - 2015-04-14 17:55 - 00002541 _____ () C:\Users\Svata\Desktop\AdwCleaner[S1].txt
2015-04-14 14:01 - 2015-04-14 14:01 - 00000000 ____D () C:\Users\Svata\Downloads\backups
2015-04-13 22:36 - 2015-04-14 17:30 - 00008107 _____ () C:\Users\Svata\Downloads\hijackthis.log
2015-04-13 22:30 - 2015-04-13 22:35 - 00000000 ____D () C:\Users\Svata\AppData\Local\VirtualStore
2015-04-13 21:55 - 2015-04-14 18:54 - 00006524 _____ () C:\zoek-results.log
2015-04-13 21:53 - 2015-04-13 22:10 - 00000000 ____D () C:\zoek_backup
2015-04-13 20:39 - 2015-04-13 20:39 - 00004350 _____ () C:\Users\Svata\Desktop\RKreport_SCN_04132015_203858.log
2015-04-13 20:25 - 2015-04-13 21:38 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-13 20:24 - 2015-04-13 20:28 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-13 20:22 - 2015-04-13 20:24 - 20567640 _____ () C:\Users\Svata\Desktop\RogueKillerX64.exe
2015-04-13 20:11 - 2015-04-13 20:11 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SVATA-PC-Windows-7-Professional-(64-bit).dat
2015-04-13 20:11 - 2015-04-13 20:11 - 00000000 ____D () C:\RegBackup
2015-04-13 19:47 - 2015-04-13 19:48 - 02687136 _____ (Thisisu) C:\Users\Svata\Desktop\JRT.exe
2015-04-13 16:49 - 2015-04-13 16:54 - 54087798 _____ () C:\Users\Svata\Downloads\Sims4-DLC_Pack.exe
2015-04-13 16:46 - 2015-04-13 16:46 - 00001025 _____ () C:\Users\Svata\Desktop\Play The Sims 4.lnk
2015-04-13 16:25 - 2015-04-13 20:05 - 00003678 _____ () C:\Users\Svata\Desktop\text.txt
2015-04-13 16:10 - 2015-04-14 17:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 16:09 - 2015-04-13 16:09 - 00000875 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-13 16:09 - 2015-04-13 16:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-13 16:09 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-13 16:09 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-13 16:09 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 23:26 - 2015-04-14 17:52 - 00000000 ____D () C:\AdwCleaner
2015-04-12 23:25 - 2015-04-12 23:25 - 02217984 _____ () C:\Users\Svata\Desktop\adwcleaner_4.201.exe
2015-04-12 20:59 - 2015-04-12 20:59 - 00000000 ____D () C:\Users\Svata\AppData\Roaming\AVAST Software
2015-04-12 20:57 - 2015-04-13 15:42 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-12 20:57 - 2015-04-12 20:57 - 00001922 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-12 20:57 - 2015-04-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-12 20:56 - 2015-04-12 20:56 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-12 20:56 - 2015-04-12 20:56 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-12 20:56 - 2015-04-12 20:56 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-12 20:56 - 2015-04-12 20:56 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-12 20:56 - 2015-04-12 20:56 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-12 20:56 - 2015-04-12 20:56 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-12 20:56 - 2015-04-12 20:56 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-12 20:56 - 2015-04-12 20:56 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-12 20:56 - 2015-04-12 20:56 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-12 20:56 - 2015-04-12 20:56 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-12 20:52 - 2015-04-12 20:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-12 20:51 - 2015-04-12 20:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-12 20:50 - 2015-04-12 20:51 - 05481352 _____ (Avast Software s.r.o.) C:\Users\Svata\Downloads\avast_free_antivirus_setup_online.exe
2015-04-12 20:25 - 2015-04-12 20:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\Svata\Downloads\HijackThis.exe
2015-04-05 02:59 - 2015-04-05 02:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 02:59 - 2015-04-05 02:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 22:14 - 2015-04-04 22:15 - 00000000 ____D () C:\Users\Svata\AppData\Roaming\SpaceEngineers
2015-04-04 22:14 - 2015-04-04 22:14 - 00000939 _____ () C:\Users\Svata\Desktop\Space Engineers (64-Bit).lnk
2015-04-04 22:14 - 2015-04-04 22:14 - 00000927 _____ () C:\Users\Svata\Desktop\Space Engineers (32-Bit).lnk
2015-04-04 22:14 - 2015-04-04 22:14 - 00000809 _____ () C:\Users\Svata\Desktop\Coop-Land.ru.lnk
2015-04-04 22:14 - 2015-04-04 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coop-Land
2015-04-04 02:49 - 2015-04-04 02:49 - 00000000 ____D () C:\Users\Svata\Documents\Electronic Arts
2015-04-03 23:32 - 2015-04-03 23:32 - 00000000 ____D () C:\Users\Svata\Documents\Shiner
2015-04-03 23:32 - 2015-04-03 23:32 - 00000000 ____D () C:\Users\Svata\AppData\Local\FLT
2015-03-31 14:42 - 2015-03-31 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-31 14:41 - 2015-04-14 18:54 - 00007544 _____ () C:\Windows\PFRO.log
2015-03-30 17:39 - 2015-04-13 22:38 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-30 17:39 - 2015-03-30 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-30 17:35 - 2015-04-14 18:54 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-30 17:35 - 2015-04-14 18:36 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-30 17:35 - 2015-04-13 22:31 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-30 17:35 - 2015-04-13 22:31 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-30 17:35 - 2015-03-30 17:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-28 18:42 - 2015-03-28 18:42 - 00000208 _____ () C:\Users\Svata\Desktop\Ace of Spades.url
2015-03-28 18:10 - 2015-03-28 18:10 - 00000000 ____D () C:\Users\Svata\AppData\Roaming\gd.sos.McPixel
2015-03-25 19:00 - 2015-03-25 19:00 - 00000000 ____D () C:\Users\Svata\AppData\Local\Introversion
2015-03-25 14:53 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 14:53 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 14:53 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 14:53 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 14:53 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 14:53 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 14:53 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 14:53 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 22:44 - 2015-04-14 18:54 - 00008142 _____ () C:\Windows\setupact.log
2015-03-24 22:44 - 2015-03-24 22:44 - 00312704 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-24 22:44 - 2015-03-24 22:44 - 00071640 _____ () C:\Users\Svata\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-24 22:44 - 2015-03-24 22:44 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-24 17:36 - 2015-03-24 17:36 - 00002976 _____ () C:\Windows\System32\Tasks\{8BFCE28E-A19A-41A6-AC98-A86E416D0079}
2015-03-24 17:34 - 2015-03-24 17:34 - 00002972 _____ () C:\Windows\System32\Tasks\{71E1D9AC-BE09-4C6F-98E8-E905EF1275BF}
2015-03-23 17:48 - 2015-03-23 17:48 - 00000000 ____D () C:\Windows\Dir3ctX-update-patch
2015-03-23 17:04 - 2015-03-23 17:05 - 08340293 _____ () C:\Users\Svata\Downloads\SfBot-by-Kuba.zip
2015-03-19 22:58 - 2015-03-19 22:58 - 00000972 _____ () C:\Users\Svata\Desktop\Play SimCity 2013 Offline.lnk
2015-03-19 18:35 - 2015-03-19 22:41 - 3919095068 _____ () C:\Users\Svata\Downloads\SimCity-2013-Offline-CZ-Pikachu92.exe
2015-03-18 21:56 - 2015-03-18 21:56 - 00000000 ____D () C:\Users\Svata\Documents\SimCity
2015-03-18 21:26 - 2015-03-18 21:26 - 00000000 ____D () C:\ProgramData\Origin
2015-03-18 21:26 - 2015-03-18 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor1911
2015-03-18 21:06 - 2015-03-18 21:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-03-18 15:54 - 2015-03-18 15:54 - 01685072 _____ (BitTorrent Inc.) C:\Users\Svata\Downloads\uTorrent.exe
2015-03-18 15:25 - 2015-03-18 15:25 - 00000000 ____D () C:\ProgramData\{488c169a-ed82-2d7f-488c-c169aed85a6b}
2015-03-18 15:05 - 2015-04-14 14:43 - 00000000 ____D () C:\Users\Svata\AppData\Roaming\uTorrent
2015-03-15 19:15 - 2015-03-24 17:23 - 00007616 _____ () C:\Users\Svata\AppData\Local\Resmon.ResmonCfg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 18:58 - 2015-03-14 23:52 - 01443846 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 18:56 - 2015-02-09 21:20 - 00000000 ____D () C:\Users\Svata\AppData\Roaming\Skype
2015-04-14 18:55 - 2015-03-11 19:26 - 00000000 ____D () C:\Users\Svata\AppData\Local\LogMeIn Hamachi
2015-04-14 18:55 - 2015-02-10 14:55 - 00000000 ____D () C:\Users\Public\System
2015-04-14 18:54 - 2015-02-07 23:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-14 18:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 18:01 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 18:01 - 2009-07-14 06:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 17:26 - 2015-02-08 12:00 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-14 17:25 - 2015-02-09 21:16 - 00000000 ____D () C:\Users\Svata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-14 17:25 - 2015-02-09 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-14 17:25 - 2015-02-09 21:16 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-04-14 16:52 - 2009-07-14 17:18 - 00668866 _____ () C:\Windows\system32\perfh005.dat
2015-04-14 16:52 - 2009-07-14 17:18 - 00141526 _____ () C:\Windows\system32\perfc005.dat
2015-04-14 16:52 - 2009-07-14 07:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 15:09 - 2015-02-09 21:20 - 00000000 ____D () C:\ProgramData\Skype
2015-04-04 04:08 - 2015-02-10 14:56 - 00000000 ____D () C:\Users\Svata\AppData\Roaming\vlc
2015-04-03 23:18 - 2015-02-23 20:51 - 00026246 _____ () C:\Users\Svata\Desktop\Daisuke.odt
2015-03-30 17:39 - 2015-02-08 00:22 - 00000000 ____D () C:\Users\Svata\AppData\Local\Google
2015-03-30 15:25 - 2015-03-11 19:26 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-03-26 14:52 - 2015-02-08 00:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-26 14:52 - 2015-02-08 00:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-24 23:43 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-23 01:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-20 18:39 - 2015-02-10 15:02 - 00000000 ____D () C:\Users\Svata\AppData\Roaming\DAEMON Tools Lite
2015-03-19 21:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-18 15:47 - 2015-02-07 22:35 - 00000000 ____D () C:\Users\Svata
2015-03-18 15:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

==================== Files in the root of some directories =======

2015-04-14 18:57 - 2015-04-14 18:57 - 0000020 _____ () C:\Users\Svata\AppData\Roaming\appdataFr3.bin
2015-03-15 19:15 - 2015-03-24 17:23 - 0007616 _____ () C:\Users\Svata\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 15:16

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Svata at 2015-04-14 19:01:08
Running from C:\Users\Svata\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ace of Spades (HKLM-x32\...\Steam App 224540) (Version: - Jagex Limited)
Aktualizace NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Center'd Center the new YT (HKLM-x32\...\{AF992111-52BE-832B-5882-8477E4A3C99A}) (Version: - "") <==== ATTENTION
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware verze 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
Ovládací panel NVIDIA 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\{A542351A-2B51-2B42-44D3-6DDF3A865451}_is1) (Version: 01.064.007 - Keen Software House (Coop-Land))
SUGC Modpack For Simcity 2013 (HKLM-x32\...\SUGC Modpack For Simcity 2013) (Version: 1.0 - Sugc)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

25-03-2015 23:35:28 Windows Update
29-03-2015 10:53:14 Windows Update
01-04-2015 16:19:36 Windows Update
05-04-2015 02:59:27 Windows Update
09-04-2015 18:10:55 Windows Update
12-04-2015 19:57:21 Windows Update
12-04-2015 20:52:14 avast! antivirus system restore point
13-04-2015 21:55:28 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-14 17:58 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {24330134-3648-408D-BE08-3B8B9CD98B6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {29BB8ED6-EF94-40D4-A43F-AE565C83DAE6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {2FEBA921-D119-471A-A325-2847F70D1C73} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-12] (Avast Software s.r.o.)
Task: {353DC81B-AED2-4908-98DE-941DB0D24BAD} - System32\Tasks\{8BFCE28E-A19A-41A6-AC98-A86E416D0079} => D:\Games\Sim City\SimCity 2013 Offline\play-SimCity.exe [2014-03-20] ()
Task: {3A4AB94F-BD87-45BE-98B8-327C33794258} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30] (Google Inc.)
Task: {493DD872-0D0F-451F-A662-25C3B1AF75CC} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5DC1E148-EC39-45FC-923B-1956617B393D} - \avastBCLRestartS-1-5-21-2803435921-266408332-3178483983-1000 No Task File <==== ATTENTION
Task: {D72A25AB-2599-4D2D-9FA6-E0C29F63ACD6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30] (Google Inc.)
Task: {E4C0D063-1A9E-4D05-B53B-FEE756F69A5E} - System32\Tasks\{71E1D9AC-BE09-4C6F-98E8-E905EF1275BF} => D:\Games\Cities,Skylines\Cities Skylines\Launcher.exe
Task: {F80156F6-6FEB-4446-8B61-607C7D31DE21} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {FE45FC38-6EF5-41E5-AD2B-9F8BA9DE5763} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-07 23:13 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-09-08 11:19 - 2008-09-08 11:19 - 00022016 _____ () C:\Windows\System32\cl31cl6.dll
2015-01-21 04:06 - 2015-01-21 04:06 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2015-04-12 20:56 - 2015-04-12 20:56 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-12 20:56 - 2015-04-12 20:56 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-14 13:50 - 2015-04-14 13:50 - 02925568 _____ () C:\Program Files\AVAST Software\Avast\defs\15041400\algo.dll
2015-04-12 20:56 - 2015-04-12 20:56 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-13 22:38 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-13 22:38 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-13 22:38 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-13 22:38 - 2015-03-30 23:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2803435921-266408332-3178483983-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Svata\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.108.10.108 - 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2803435921-266408332-3178483983-500 - Administrator - Disabled)
Guest (S-1-5-21-2803435921-266408332-3178483983-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2803435921-266408332-3178483983-1002 - Limited - Enabled)
Svata (S-1-5-21-2803435921-266408332-3178483983-1000 - Administrator - Enabled) => C:\Users\Svata

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/14/2015 06:17:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (04/14/2015 06:17:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (04/14/2015 06:17:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (04/14/2015 06:17:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (04/14/2015 06:17:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (04/14/2015 05:52:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Windows Media Player Network Sharing neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (04/14/2015 05:52:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba WMPNetworkSvc se nemohla přihlásit jako NT AUTHORITY\NetworkService s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%50

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (04/14/2015 05:52:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (04/14/2015 05:52:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba WSearch se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%50

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (04/14/2015 05:52:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Phenom(tm) 9850 Quad-Core Processor
Percentage of memory in use: 59%
Total physical RAM: 4094.49 MB
Available physical RAM: 1661.35 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 5685.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.87 GB) (Free:241.03 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:303.19 GB) (Free:129.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 596.2 GB) (Disk ID: ED8AED8A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=303.2 GB) - (Type=OF Extended)

==================== End Of Log ============================

Ten soubor se mi pořád nelíbí ... Prosím otestuj na virustotal tento soubor:


Odinstaluj Microsoft Security Essentials, v počítači stačí mít jeden antivir a Avast stačí.

Microsoft Security Essentials odinstalován.

Otestování souboru :
SHA256: c581113c8abc1107242b3b02338bc8aaef75ee75a9ce589c0235394502b76ab8
File name: game.vbs
Detection ratio: 0 / 56
Analysis date: 2015-04-14 17:45:35 UTC ( 0 minut ago )


A odešel mi naprosto Google. Kliknutím na jakýkoliv odkaz mě to odkáže buď-to nějaké reklamy z online her nebo na nějaký Google test. Šipka zpět nic nevyřeší.

Předpokládám, že jde o Chrome?

Chrome prosím kompletně přeinstaluj.

A to je tedy vše ?

No, pomohlo to?

Jo Takže to beru jako že konec. Děkuju moc :)

Stáhni si DelFix: https://toolslib.net/downloads/viewdownload/2-delfix/

V něm označ Remove disinfection tools a klikni na Run.


To je vše.

Delfix trochu jinak. Mohly by tam zůstat body obnovy s pozůstatky malwaru.

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

# DelFix v10.9 - Logfile created 18/04/2015 at 11:53:46
# Updated 27/02/2015 by Xplode
# Username : Svata - SVATA-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2015-04-13-203030.log
Deleted : C:\Users\Svata\Desktop\Addition.txt
Deleted : C:\Users\Svata\Desktop\AdwCleaner[S1].txt
Deleted : C:\Users\Svata\Desktop\FRST.txt
Deleted : C:\Users\Svata\Desktop\RKreport_SCN_04132015_203858.log
Deleted : C:\Users\Svata\Desktop\zoek-results.txt
Deleted : C:\Users\Svata\Downloads\HijackThis.exe
Deleted : C:\Users\Svata\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #50 [Windows Update | 04/05/2015 00:59:27]
Deleted : RP #51 [Windows Update | 04/09/2015 16:10:55]
Deleted : RP #52 [Windows Update | 04/12/2015 17:57:21]
Deleted : RP #53 [avast! antivirus system restore point | 04/12/2015 18:52:14]
Deleted : RP #54 [zoek.exe restore point | 04/13/2015 19:55:28]
Deleted : RP #55 [Windows Update | 04/15/2015 20:15:23]

New restore point created !

########## - EOF - ##########