Vyskakovací reklamy, samovolné vypínání ntb

Mangifera · Příspěvekod **Mangifera** » 08 bře 2016 23:48

Dobrý den,

předem upozorňuji, že se v pc moc nevyznám.
Zakoupila jsem ntb acer, ten se mi začal samovolně vypínat- reklamace- objevili vadný hdd. Hned první den, co byl ntb znovu doma se začal opět vypínat - znovu reklamace- nic nezjistili a reklamaci zamítli. Momentálně mám tedy ntb doma a nejenže se vypíná, ale ještě při jakékoli činnosti na netu na mě začne vyskakovat obrovské množství reklam - používám google chrom - adblock mám zapnutý- ale zjevně to nemá absolutně vliv. V ntb není skoro nic nainstalované.. no ještě jsem tedy instalovala ccleaner a zkoušela to vyčistit tím- bez efektu.
No přikládám to, co mi vyjelo na HiJackThis.

Díky za jakékoli rady..

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:15:54, on 8. 3. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mandarinka\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{46F569F2-20A2-4B3C-8B4E-148EDD90ABAF}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{69989CFC-404F-4BBB-97B7-71F88F0183EC}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B53C350-C5C0-4C8F-8BF4-C04C3062BAF7}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{46F569F2-20A2-4B3C-8B4E-148EDD90ABAF}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

Reklama

Příspěvekod **jaro3** » 09 bře 2016 09:13

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Mangifera · Příspěvekod **Mangifera** » 09 bře 2016 19:25

ADw:

# AdwCleaner v5.101 - Logfile created 09/03/2016 at 18:14:42
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Mandarinka - ACER
# Running from : C:\Users\Mandarinka\Downloads\AdwCleaner (1).exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\DNS Unlocker
Folder Found : C:\ProgramData\simplitec
Folder Found : C:\ProgramData\68f2a352-20f3-0
Folder Found : C:\ProgramData\68f2a352-25d5-1
Folder Found : C:\ProgramData\73651a75
Folder Found : C:\ProgramData\a47f2c5a-43a3-0
Folder Found : C:\ProgramData\a47f2c5a-4457-0
Folder Found : C:\ProgramData\a47f2c5a-6345-0
Folder Found : C:\ProgramData\a47f2c5a-6477-0
Folder Found : C:\ProgramData\{012c8b47-512c-0}
Folder Found : C:\ProgramData\{012c8b47-512c-1}
Folder Found : C:\ProgramData\{1ba87ca7-512c-0}
Folder Found : C:\Users\Uzivatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfifjdodedppalolmhingbepdlogkfai

***** [ Files ] *****

File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_nps.pastaleads.com_0.localstorage
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_nps.pastaleads.com_0.localstorage-journal
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage-journal
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
File Found : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
File Found : C:\Users\Uzivatel\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_nfifjdodedppalolmhingbepdlogkfai_0.localstorage

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : DNSLOCKINGTON
Task Found : {0F0E0E47-040F-0F0F-0F11-79790C091108}
Task Found : {462048EB-CE20-FFD0-5B2C-7FA476B0C46A}

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Key Found : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{73651a75}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Key Found : HKLM\SOFTWARE\simplitec
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{46F569F2-20A2-4B3C-8B4E-148EDD90ABAF} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69989CFC-404F-4BBB-97B7-71F88F0183EC} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B53C350-C5C0-4C8F-8BF4-C04C3062BAF7} [NameServer] - 82.163.142.7 95.211.158.134

***** [ Web browsers ] *****

[C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : babylon.com
[C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : searchab.com
[C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://search.conduit.com/?SearchSource ... =CT2475029

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [5121 bytes] - [09/03/2016 18:14:42]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [5214 bytes] ##########

Malware:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 9. 3. 2016
Čas skenování: 18:20
Protokol: log.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.03.09.04
Databáze rootkitů: v2016.02.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Mandarinka

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 368062
Uplynulý čas: 10 min, 23 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 2
Adware.CloudGuard, C:\Program Files (x86)\DNS Unlocker\dnslockington.exe, 1420, , [7d3bcbbab3e64ee8ab9f756f867b11ef]
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\dnslockington.exe, 1420, , [8632ccb987126bcb5ecbb428788a817f]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 14
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [566231542a6ff73f9344b2e015ed8878],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [566231542a6ff73f9344b2e015ed8878],
PUP.Optional.Yontoo, HKU\S-1-5-21-3468730168-3982134831-2424057133-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C7C5384F-D9E9-4DB1-8C72-135ECCCBC571}, , [8c2c96ef9108f73f8654d7eea16147b9],
PUP.Optional.Yontoo, HKU\S-1-5-21-3468730168-3982134831-2424057133-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C7C5384F-D9E9-4DB1-8C72-135ECCCBC571}, , [8c2c96ef9108f73f8654d7eea16147b9],
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, , [2791e4a1bfdab482174f41f5e22256aa],
PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, , [e8d0295cb4e5e15544ffb8bcf311c13f],
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{97A77BAA-D360-4B26-83EC-F0A08C08897C}, , [199f186d356474c2a98ad5a910f4649c],
PUP.Optional.ClousdScout.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DNSLOCKINGTON, , [ae0a2560386189ad605fe92ea3608080],
PUP.Optional.DNSUnlocker.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, , [28907213c6d379bdcebff08ff80c60a0],
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, , [04b41c69a0f91521a3c3e84e867e7888],
PUP.Optional.DNSUnlocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, , [2296265f61385adc95ae3b399074eb15],
PUP.Optional.DNSUnlocker.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, , [4f69bbca079296a05181d6a832d27b85],
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{73651A75}, , [b3051d68663304323be17808f212649c],
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3468730168-3982134831-2424057133-1001\SOFTWARE\ONE SYSTEM CARE, , [77414b3a50496ccada3e68ade123857b],

Hodnoty registru: 8
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{97A77BAA-D360-4B26-83EC-F0A08C08897C}|Path, \DNSLOCKINGTON, , [199f186d356474c2a98ad5a910f4649c]
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{73651a75}|1, 1457474299, , [b3051d68663304323be17808f212649c]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{46F569F2-20A2-4B3C-8B4E-148EDD90ABAF}|NameServer, 82.163.142.7 95.211.158.134, , [645486ffd4c571c5f6636d09d232ee12]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{69989CFC-404F-4BBB-97B7-71F88F0183EC}|NameServer, 82.163.142.7 95.211.158.134, , [7a3e7213f9a047eff762a8cecb39db25]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{7B53C350-C5C0-4C8F-8BF4-C04C3062BAF7}|NameServer, 82.163.142.7 95.211.158.134, , [c0f8e99ccbce1521223792e4b351eb15]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3468730168-3982134831-2424057133-1001\SOFTWARE\ONE SYSTEM CARE|OSID, 6.2, , [77414b3a50496ccada3e68ade123857b]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3468730168-3982134831-2424057133-1001\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002110/DriverPro.exe, , [fbbd21648613a096b067a07535cfe11f]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3468730168-3982134831-2424057133-1001\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://od.onesaveservers.net/291002110/OneSaveSetup.exe, , [6f493e47e7b2a492af68769fb74da15f]

Data registru: 1
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, Dobré: (8.8.8.

, Špatné: (82.163.142.7 95.211.158.134),,[863242430f8a9b9bcfc2937c2cd916ea]

Složky: 6
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.Amonetize, C:\ProgramData\{012c8b47-512c-0}, , [fabe9de88d0cb2840c1827e67e85fd03],
PUP.Optional.Amonetize, C:\ProgramData\{012c8b47-512c-1}, , [8038a9dc6e2ba096bd673cd14fb436ca],
PUP.Optional.Amonetize, C:\ProgramData\{1ba87ca7-512c-0}, , [2f8995f02079fb3b6abacb4270933bc5],
PUP.Optional.Yontoo, C:\Users\Uzivatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfifjdodedppalolmhingbepdlogkfai\1.0.5877.34733_0, , [c9ef0e77afeae1552f248daceb1ae917],
PUP.Optional.Yontoo, C:\Users\Uzivatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfifjdodedppalolmhingbepdlogkfai, , [c9ef0e77afeae1552f248daceb1ae917],

Soubory: 39
Adware.CloudGuard, C:\Program Files (x86)\DNS Unlocker\dnslockington.exe, , [7d3bcbbab3e64ee8ab9f756f867b11ef],
PUP.Optional.ClousdScout.BrwsrFlsh, C:\Windows\System32\Tasks\DNSLOCKINGTON, , [7642f1946e2b8fa78a33d14620e36898],
PUP.Optional.PastaLeads, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_nps.pastaleads.com_0.localstorage, , [40782b5aa8f1ce6848a84aedd0346d93],
PUP.Optional.PastaLeads, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_nps.pastaleads.com_0.localstorage-journal, , [d5e3c1c4900990a609e777c038cc59a7],
PUP.Optional.PastaLeads, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, , [4b6d3a4b356443f35e9294a3bf45c43c],
PUP.Optional.PastaLeads, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, , [a414e79e2772fc3a17d93304828240c0],
PUP.Optional.BestPriceNinja, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, , [41779aebeaaf5ed869cfcfa008fc2fd1],
PUP.Optional.BestPriceNinja, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, , [00b887fe07927cba3cfc6c03e2227888],
PUP.Optional.BestPriceNinja, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, , [07b12a5b9009f0464fe93c33cf35ee12],
PUP.Optional.BestPriceNinja, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, , [e7d1582d5c3dab8b1c1c4c23867e43bd],
PUP.Optional.eShopComp, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage, , [c0f82b5a5346b48256c9babade2610f0],
PUP.Optional.eShopComp, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage-journal, , [8c2c3055bedbc27440dfc6ae7292738d],
PUP.Optional.eShopComp, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, , [76421e67afea8caa32edde964abaf907],
PUP.Optional.eShopComp, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, , [892fd9acd9c077bf76a9096b53b1966a],
PUP.Optional.CrossRider, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [8f29fd887b1e142225592354bf450cf4],
PUP.Optional.CrossRider, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [18a0bfc6ecad2b0b0d7198df778d27d9],
PUP.Optional.Amonetize.Gen, C:\ProgramData\a47f2c5a-6345-0\BITBDC6.tmp, , [1f99f98c52470a2c20d7265692727987],
PUP.Optional.Amonetize.Gen, C:\ProgramData\a47f2c5a-6477-0\BITC10E.tmp, , [e2d693f2debb73c3c92e7b01c440c13f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\config.ini, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\ConsoleApplication1.dll, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\DNSLOCKINGTON.cer, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\dnslockington.exe, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\Info.rtf, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\License.rtf, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoBlack.ico, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoGreen.ico, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\LogoYellow.ico, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\Microsoft.Win32.TaskScheduler.dll, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\settings.ini, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\unins000.dat, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\unins000.exe, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Program Files (x86)\DNS Unlocker\ZonaTools.XPlorerBar.dll, , [8632ccb987126bcb5ecbb428788a817f],
PUP.Optional.Amonetize, C:\ProgramData\{012c8b47-512c-0}\BITEC73.tmp, , [fabe9de88d0cb2840c1827e67e85fd03],
PUP.Optional.Amonetize, C:\ProgramData\{012c8b47-512c-1}\BITEC24.tmp, , [8038a9dc6e2ba096bd673cd14fb436ca],
PUP.Optional.Amonetize, C:\ProgramData\{1ba87ca7-512c-0}\BITED5F.tmp, , [2f8995f02079fb3b6abacb4270933bc5],
PUP.Optional.Yontoo, C:\Users\Uzivatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfifjdodedppalolmhingbepdlogkfai\1.0.5877.34733_0\manifest.json, , [c9ef0e77afeae1552f248daceb1ae917],
PUP.Optional.Yontoo, C:\Users\Uzivatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfifjdodedppalolmhingbepdlogkfai\1.0.5877.34733_0\background.js, , [c9ef0e77afeae1552f248daceb1ae917],
PUP.Optional.Yontoo, C:\Users\Uzivatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfifjdodedppalolmhingbepdlogkfai\1.0.5877.34733_0\content.js, , [c9ef0e77afeae1552f248daceb1ae917],
PUP.Optional.Yontoo, C:\Users\Uzivatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfifjdodedppalolmhingbepdlogkfai\1.0.5877.34733_0\icon.png, , [c9ef0e77afeae1552f248daceb1ae917],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **jaro3** » 10 bře 2016 09:45

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Cleaning (Vymazat)“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Mangifera · Příspěvekod **Mangifera** » 10 bře 2016 12:39

ADw

# AdwCleaner v5.101 - Logfile created 10/03/2016 at 11:58:42
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Mandarinka - ACER
# Running from : C:\Users\Mandarinka\Downloads\AdwCleaner (1).exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\DNS Unlocker
[-] Folder Deleted : C:\ProgramData\simplitec
[-] Folder Deleted : C:\ProgramData\68f2a352-20f3-0
[-] Folder Deleted : C:\ProgramData\68f2a352-25d5-1
[-] Folder Deleted : C:\ProgramData\73651a75
[-] Folder Deleted : C:\ProgramData\a47f2c5a-43a3-0
[-] Folder Deleted : C:\ProgramData\a47f2c5a-4457-0
[-] Folder Deleted : C:\ProgramData\a47f2c5a-6345-0
[-] Folder Deleted : C:\ProgramData\a47f2c5a-6477-0
[-] Folder Deleted : C:\ProgramData\{012c8b47-512c-0}
[-] Folder Deleted : C:\ProgramData\{012c8b47-512c-1}
[-] Folder Deleted : C:\ProgramData\{1ba87ca7-512c-0}
[-] Folder Deleted : C:\Users\Uzivatel\AppData\Roaming\Opera Software\Opera Stable\Extensions\nfifjdodedppalolmhingbepdlogkfai

***** [ Files ] *****

[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage-journal
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage
[-] File Deleted : C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal
[-] File Deleted : C:\Users\Uzivatel\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_nfifjdodedppalolmhingbepdlogkfai_0.localstorage

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : DNSLOCKINGTON
[-] Task Deleted : {0F0E0E47-040F-0F0F-0F11-79790C091108}
[-] Task Deleted : {462048EB-CE20-FFD0-5B2C-7FA476B0C46A}

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{73651a75}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
[-] Key Deleted : HKLM\SOFTWARE\simplitec
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{46F569F2-20A2-4B3C-8B4E-148EDD90ABAF} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69989CFC-404F-4BBB-97B7-71F88F0183EC} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7B53C350-C5C0-4C8F-8BF4-C04C3062BAF7} [NameServer]

***** [ Web browsers ] *****

[-] [C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.conduit.com/?SearchSource ... =CT2475029

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [5148 bytes] - [10/03/2016 11:58:42]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [5317 bytes] - [09/03/2016 18:14:42]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [5177 bytes] - [10/03/2016 11:57:38]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [5427 bytes] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 8.1 x64
Ran by Mandarinka (Administrator) on źt 10. 03. 2016 at 12:05:00,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 10. 03. 2016 at 12:06:03,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malware

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 10. 3. 2016
Čas skenování: 12:11
Protokol: malware.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.03.10.03
Databáze rootkitů: v2016.02.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Mandarinka

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 368069
Uplynulý čas: 10 min, 43 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 4
PUP.Optional.Yontoo, HKU\S-1-5-21-3468730168-3982134831-2424057133-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C7C5384F-D9E9-4DB1-8C72-135ECCCBC571}, Do karantény, [4ccf75118118330330f3c60180825ba5],
PUP.Optional.Yontoo, HKU\S-1-5-21-3468730168-3982134831-2424057133-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C7C5384F-D9E9-4DB1-8C72-135ECCCBC571}, Do karantény, [4ccf75118118330330f3c60180825ba5],
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Do karantény, [9b80d4b26f2a12240eacff38c63e837d],
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3468730168-3982134831-2424057133-1001\SOFTWARE\ONE SYSTEM CARE, Do karantény, [2deea1e52475a294e389fb1be71d6f91],

Hodnoty registru: 3
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3468730168-3982134831-2424057133-1001\SOFTWARE\ONE SYSTEM CARE|OSID, 6.2, Do karantény, [2deea1e52475a294e389fb1be71d6f91]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3468730168-3982134831-2424057133-1001\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002110/DriverPro.exe, Do karantény, [f62586000594f046620933e3848013ed]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-3468730168-3982134831-2424057133-1001\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://od.onesaveservers.net/291002110/OneSaveSetup.exe, Do karantény, [20fbbbcb059477bff07b72a426def10f]

Data registru: 1
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, Dobré: (8.8.8.

, Špatné: (82.163.142.7 95.211.158.134),Nahrazeno,[9487cabc772258deef6dcb4647be827e]

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
PUP.Optional.CrossRider, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Do karantény, [a774d5b1d8c1cf6720b278003aca4eb2],
PUP.Optional.CrossRider, C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Do karantény, [4fccef97900968cec60c7bfd12f26c94],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

RogueKiller

RogueKiller V12.0.1.0 (x64) [Mar 7 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Mandarinka [Práva správce]
Started from : C:\Users\Mandarinka\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 03/10/2016 12:32:49

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0x0]) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 +++++
--- User ---
[MBR] 4748be1dfa5502c12ce69c44291ec7d3
[BSP] d9dbeba7177c3ec6a3c0ad794c6fd56f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 476588 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **Orcus** » 10 bře 2016 18:29

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

+

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Mangifera · Příspěvekod **Mangifera** » 11 bře 2016 01:08

Zoek

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Mandarinka on p 11. 03. 2016 at 0:44:10,71.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mandarinka\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11. 3. 2016 0:44:33 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Users\Mandarinka\AppData\Roaming\Opera Software deleted successfully
C:\Users\Mandarinka\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Mandarinka\AppData\Local\EmieSiteList deleted successfully
C:\Users\Mandarinka\AppData\Local\EmieUserList deleted successfully
C:\Users\Mandarinka\AppData\Local\Opera Software deleted successfully
C:\Users\Uzivatel\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\MANDAR~1\AppData\Roaming\Mozilla\Firefox\Profiles\ecbcxxsj.default\prefs.js:

Added to C:\Users\MANDAR~1\AppData\Roaming\Mozilla\Firefox\Profiles\ecbcxxsj.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Mandarinka\AppData\LocalLow\Toolbar4 deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\MANDAR~1\AppData\Roaming\Mozilla\Firefox\Profiles\ecbcxxsj.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================

==== Chromium Look ======================

AdBlock - Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mandarinka\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mandarinka\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=27 folders=12 7171710 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Mandarinka\AppData\Local\Temp will be emptied at reboot
C:\Users\Uzivatel\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\MANDAR~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on p 11. 03. 2016 at 0:55:40,05 ======================

aswMBR

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-03-11 01:02:08
-----------------------------
01:02:08.154 OS Version: Windows x64 6.2.9200
01:02:08.154 Number of processors: 4 586 0x3A09
01:02:08.154 ComputerName: ACER UserName:
01:02:09.639 Initialize success
01:02:10.467 VM: initialized successfully
01:02:10.467 VM: Intel CPU supported
01:02:18.603 VM: supported disk I/O storport.sys
01:02:28.012 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002c
01:02:28.028 Disk 0 Vendor: ST500LT012-1DG142 0001SDM1 Size: 476940MB BusType: 11
01:02:28.200 VM: Disk 0 MBR read successfully
01:02:28.200 Disk 0 MBR scan
01:02:28.216 Disk 0 Windows 7 default MBR code
01:02:28.216 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
01:02:28.231 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476588 MB offset 718848
01:02:28.341 Disk 0 scanning C:\Windows\system32\drivers
01:02:36.810 Service scanning
01:02:53.764 Modules scanning
01:02:53.764 Disk 0 trace - called modules:
01:02:54.296 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys storahci.sys hal.dll
01:02:54.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00107e185e0]
01:02:54.311 3 CLASSPNP.SYS[fffff801e2d93f40] -> nt!IofCallDriver -> \Device\0000002c[0xffffe00107c3a210]
01:02:54.311 Disk 0 statistics 132260/0/9 @ 9,33 MB/s
01:02:54.327 Scan finished successfully
01:03:02.968 Disk 0 MBR has been saved successfully to "C:\Users\Mandarinka\Desktop\MBR.dat"
01:03:02.984 The log file has been saved successfully to "C:\Users\Mandarinka\Desktop\aswMBR.txt"

Příspěvekod **jaro3** » 11 bře 2016 11:29

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Mangifera · Příspěvekod **Mangifera** » 11 bře 2016 12:51

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Mandarinka (administrator) on ACER (11-03-2016 12:48:33)
Running from C:\Users\Mandarinka\Downloads
Loaded Profiles: Mandarinka (Available Profiles: Uzivatel & Mandarinka)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2016-01-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2016-01-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2016-01-27] (Dritek System Inc.)
HKU\S-1-5-21-3468730168-3982134831-2424057133-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-3468730168-3982134831-2424057133-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-21] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{46F569F2-20A2-4B3C-8B4E-148EDD90ABAF}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{46F569F2-20A2-4B3C-8B4E-148EDD90ABAF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{69989CFC-404F-4BBB-97B7-71F88F0183EC}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{7B53C350-C5C0-4C8F-8BF4-C04C3062BAF7}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7B53C350-C5C0-4C8F-8BF4-C04C3062BAF7}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3468730168-3982134831-2424057133-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: SMTTB2009 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll [2010-02-16] ()
Toolbar: HKLM-x32 - HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll [2010-02-16] ()

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-07] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-11]
CHR Extension: (Dokumenty Google) - C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-11]
CHR Extension: (Disk Google) - C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11]
CHR Extension: (YouTube) - C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11]
CHR Extension: (Tabulky Google) - C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-11]
CHR Extension: (Gmail) - C:\Users\Mandarinka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2016-01-27] (Dritek System INC.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2016-01-27] (Dritek System Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U3 aswMBR; \??\C:\Users\MANDAR~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\MANDAR~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-11 12:48 - 2016-03-11 12:48 - 00007694 _____ C:\Users\Mandarinka\Downloads\FRST.txt
2016-03-11 12:48 - 2016-03-11 12:48 - 00000000 ____D C:\FRST
2016-03-11 12:47 - 2016-03-11 12:47 - 02374144 _____ (Farbar) C:\Users\Mandarinka\Downloads\FRST64.exe
2016-03-11 01:03 - 2016-03-11 01:03 - 00001692 _____ C:\Users\Mandarinka\Desktop\aswMBR.txt
2016-03-11 01:03 - 2016-03-11 01:03 - 00000512 _____ C:\Users\Mandarinka\Desktop\MBR.dat
2016-03-11 00:59 - 2016-03-11 00:59 - 05200384 _____ (AVAST Software) C:\Users\Mandarinka\Downloads\aswmbr.exe
2016-03-11 00:55 - 2016-03-11 00:55 - 00006766 _____ C:\Users\Mandarinka\Desktop\zoek-results.txt
2016-03-11 00:54 - 2016-03-11 00:44 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-03-11 00:44 - 2016-03-11 00:53 - 00000000 ____D C:\zoek_backup
2016-03-10 23:39 - 2016-03-10 23:39 - 00040960 ___SH C:\Users\Mandarinka\Documents\Thumbs.db
2016-03-10 23:34 - 2016-03-10 23:34 - 01309184 _____ C:\Users\Mandarinka\Desktop\zoek.exe
2016-03-10 12:58 - 2016-03-10 12:58 - 00000000 ____D C:\Program Files (x86)\HyperCam Toolbar
2016-03-10 12:57 - 2016-03-10 12:57 - 02576256 _____ C:\Users\Mandarinka\Downloads\HC2Setup.exe
2016-03-10 12:49 - 2016-03-10 12:49 - 01364995 _____ C:\Users\Mandarinka\Downloads\CamStudio20.exe
2016-03-10 12:35 - 2016-03-10 12:35 - 00002432 _____ C:\Users\Mandarinka\Desktop\rk_3F5A.tmp.txt
2016-03-10 12:26 - 2016-03-10 12:35 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-10 12:26 - 2016-03-10 12:26 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-10 12:23 - 2016-03-10 12:23 - 00002975 _____ C:\Users\Mandarinka\Desktop\malware.txt
2016-03-10 12:16 - 2016-03-10 12:16 - 23680584 _____ C:\Users\Mandarinka\Desktop\RogueKillerX64.exe
2016-03-10 12:10 - 2016-03-10 12:10 - 00005528 _____ C:\Users\Mandarinka\Desktop\adw.txt
2016-03-10 12:06 - 2016-03-10 12:06 - 00000558 _____ C:\Users\Mandarinka\Desktop\JRT.txt
2016-03-10 12:02 - 2016-03-10 12:02 - 01609216 _____ (Malwarebytes) C:\Users\Mandarinka\Desktop\JRT.exe
2016-03-09 18:20 - 2016-03-10 12:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-09 18:19 - 2016-03-09 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-09 18:19 - 2016-03-09 18:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-09 18:19 - 2016-03-09 18:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-09 18:19 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-09 18:19 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-09 18:19 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-09 18:14 - 2016-03-10 12:08 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-09 18:12 - 2016-03-09 18:12 - 01524224 _____ C:\Users\Mandarinka\Downloads\AdwCleaner (1).exe
2016-03-09 17:25 - 2016-03-09 17:25 - 00448512 _____ (OldTimer Tools) C:\Users\Mandarinka\Downloads\TFC.exe
2016-03-08 23:17 - 2016-02-20 16:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-08 23:17 - 2016-02-20 16:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-08 23:17 - 2016-02-20 16:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-08 23:17 - 2016-02-20 16:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-08 23:17 - 2016-02-20 16:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-08 23:17 - 2016-02-20 16:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-08 23:17 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-08 23:17 - 2016-02-08 21:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-08 23:17 - 2016-02-08 19:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-08 23:17 - 2016-02-08 18:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-08 23:17 - 2016-02-05 20:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-08 23:17 - 2016-01-06 19:25 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-03-08 23:17 - 2015-12-30 22:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-08 23:16 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-08 23:16 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-08 23:16 - 2016-02-08 21:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-08 23:16 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-08 23:16 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-08 23:16 - 2016-02-08 21:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-08 23:16 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-08 23:16 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-08 23:16 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-08 23:16 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-08 23:16 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-08 23:16 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-08 23:16 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-08 23:16 - 2016-02-08 19:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-08 23:16 - 2016-02-08 19:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-08 23:16 - 2016-02-08 19:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-08 23:16 - 2016-02-08 19:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-08 23:16 - 2016-02-08 18:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-08 23:16 - 2016-02-08 18:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-08 23:16 - 2016-02-08 18:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-08 23:16 - 2016-02-08 18:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-08 23:16 - 2016-02-08 18:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-08 23:16 - 2016-02-08 18:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-08 23:16 - 2016-02-08 18:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-03-08 23:16 - 2016-02-08 18:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-08 23:16 - 2016-02-08 17:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-08 23:16 - 2016-01-24 19:19 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-03-08 23:16 - 2016-01-24 19:19 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-03-08 23:16 - 2016-01-24 19:19 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-03-08 23:16 - 2016-01-24 12:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-03-08 23:16 - 2016-01-24 12:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-03-08 23:16 - 2016-01-09 02:38 - 00091992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-03-08 23:15 - 2016-02-11 15:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-03-08 23:15 - 2016-02-11 15:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-03-08 23:15 - 2016-02-11 15:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-03-08 23:15 - 2016-02-11 15:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-03-08 23:15 - 2016-02-05 15:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-08 23:15 - 2016-02-05 15:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 23:15 - 2016-02-05 15:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-08 23:15 - 2016-02-05 15:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-08 23:15 - 2016-01-09 02:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-03-08 23:15 - 2016-01-09 02:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-03-08 23:14 - 2016-02-12 20:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-08 23:14 - 2016-02-12 16:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-08 23:14 - 2016-02-12 15:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-03-08 23:14 - 2016-02-12 15:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-08 23:14 - 2016-02-12 15:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-08 23:14 - 2016-02-12 15:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-08 23:14 - 2016-02-12 15:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-08 23:14 - 2016-02-12 15:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-08 23:14 - 2016-02-12 15:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-08 23:14 - 2016-02-12 15:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-08 23:14 - 2016-02-12 15:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-08 23:14 - 2016-02-12 15:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-08 23:14 - 2016-02-06 17:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-08 23:14 - 2016-02-06 17:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-08 23:14 - 2016-02-03 21:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-08 23:14 - 2016-02-03 21:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-08 23:14 - 2016-02-03 16:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-08 23:14 - 2016-02-03 16:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-08 23:14 - 2016-02-03 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-08 23:14 - 2016-01-07 00:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2016-03-08 23:14 - 2016-01-07 00:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-03-08 23:14 - 2016-01-06 17:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-03-08 23:13 - 2016-01-10 17:41 - 01707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-03-08 23:13 - 2016-01-10 17:31 - 01344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-03-08 23:13 - 2015-11-19 15:33 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-08 23:13 - 2015-11-19 15:26 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-08 23:12 - 2016-02-06 19:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-08 23:12 - 2016-02-05 20:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-08 23:12 - 2016-02-05 20:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-08 23:12 - 2016-02-05 16:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-08 23:12 - 2016-02-05 16:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-08 23:12 - 2016-01-31 20:16 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-08 23:12 - 2015-12-30 21:49 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-03-08 23:11 - 2016-02-04 19:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-08 23:11 - 2016-02-04 19:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-08 23:11 - 2016-02-04 19:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-08 23:11 - 2016-02-04 18:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-08 23:11 - 2016-02-04 18:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-08 23:11 - 2015-12-20 15:57 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-03-08 23:11 - 2015-12-20 15:43 - 00696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-03-08 23:10 - 2016-02-04 18:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-08 23:10 - 2016-02-04 18:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-08 23:10 - 2016-01-05 16:00 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-03-08 23:10 - 2015-12-20 15:56 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2016-03-08 23:09 - 2016-01-15 17:56 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-03-08 23:09 - 2016-01-15 17:45 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-03-08 23:05 - 2016-03-08 23:05 - 00002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-03-08 23:05 - 2016-03-08 23:05 - 00000000 ____D C:\Program Files\CCleaner
2016-03-07 23:17 - 2016-01-22 09:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-07 23:17 - 2016-01-22 08:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-07 23:17 - 2016-01-22 06:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-03-07 23:17 - 2016-01-22 06:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-03-07 23:17 - 2016-01-22 06:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-07 23:17 - 2016-01-22 05:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-03-07 23:17 - 2016-01-10 20:37 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-07 23:17 - 2016-01-10 19:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-07 23:17 - 2016-01-10 19:15 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-07 23:17 - 2016-01-10 19:15 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-07 23:17 - 2016-01-10 18:43 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-03-07 23:17 - 2016-01-10 18:09 - 01442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-07 23:17 - 2016-01-10 18:09 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-03-07 23:17 - 2016-01-10 17:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-03-07 23:16 - 2016-01-19 20:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-07 23:16 - 2016-01-19 20:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-03-07 23:16 - 2016-01-19 20:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-03-07 23:16 - 2016-01-19 20:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-07 23:16 - 2016-01-19 20:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-07 23:16 - 2016-01-19 19:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-03-07 23:16 - 2016-01-19 19:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-07 23:16 - 2016-01-19 19:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-03-07 23:16 - 2016-01-19 19:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-03-07 23:16 - 2016-01-19 18:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-07 23:16 - 2016-01-19 17:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-03-07 23:16 - 2016-01-06 19:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-03-07 23:14 - 2016-03-07 23:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mandarinka\Downloads\HijackThis.exe
2016-03-07 23:12 - 2016-03-11 00:55 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-07 23:12 - 2016-03-11 00:17 - 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-07 23:12 - 2016-03-07 23:12 - 00003942 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-07 23:12 - 2016-03-07 23:12 - 00003706 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-07 23:12 - 2016-03-07 23:12 - 00002291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-07 23:12 - 2016-03-07 23:12 - 00002279 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-07 22:43 - 2016-03-07 22:59 - 00000000 ____D C:\Users\Mandarinka\Downloads\backups
2016-03-04 21:30 - 2016-03-05 08:51 - 00000000 ____D C:\Users\Mandarinka\AppData\Roaming\Mozilla
2016-03-04 21:30 - 2016-03-04 21:30 - 00000000 ____D C:\Users\Mandarinka\AppData\Local\Mozilla
2016-02-12 10:56 - 2016-02-12 10:56 - 00000000 ____D C:\Users\Mandarinka\AppData\Local\GWX
2016-02-12 10:44 - 2015-12-28 22:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
2016-02-12 10:44 - 2015-12-28 21:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
2016-02-12 10:43 - 2016-01-10 18:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-02-12 10:43 - 2016-01-10 18:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-12 10:43 - 2016-01-10 18:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-12 10:43 - 2016-01-10 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-12 10:43 - 2016-01-10 18:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-12 10:43 - 2016-01-10 17:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-12 10:43 - 2016-01-10 17:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-12 10:43 - 2016-01-10 17:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-12 10:43 - 2016-01-10 17:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-12 10:43 - 2015-12-17 19:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-12 10:43 - 2015-12-17 17:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-11 01:01 - 2014-11-21 05:53 - 01658450 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-11 01:01 - 2014-11-21 05:10 - 00705506 _____ C:\Windows\system32\perfh005.dat
2016-03-11 01:01 - 2014-11-21 05:10 - 00143830 _____ C:\Windows\system32\perfc005.dat
2016-03-11 01:01 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-03-11 01:00 - 2016-02-05 08:58 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3468730168-3982134831-2424057133-1004
2016-03-11 00:55 - 2016-02-05 22:40 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-11 00:55 - 2016-02-05 08:53 - 00000000 __SHD C:\Users\Mandarinka\IntelGraphicsProfiles
2016-03-11 00:55 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-11 00:54 - 2016-02-05 08:53 - 00000000 ____D C:\Users\Mandarinka
2016-03-11 00:53 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-03-10 23:23 - 2016-02-05 08:59 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F5F37B82-F62B-48BB-AC00-4015F5830BC9}
2016-03-10 18:05 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-03-10 14:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-03-10 12:50 - 2016-02-05 08:53 - 00000000 ____D C:\Users\Mandarinka\AppData\Local\VirtualStore
2016-03-09 18:08 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 17:35 - 2013-08-22 15:44 - 00337768 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-09 17:34 - 2016-02-05 22:33 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-09 17:34 - 2014-11-21 05:34 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-09 17:34 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2016-03-09 17:34 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-09 17:33 - 2016-02-05 20:51 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 17:33 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-09 17:32 - 2016-02-05 20:51 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 17:27 - 2016-01-26 15:10 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-09 17:27 - 2016-01-26 15:10 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-08 23:10 - 2016-02-05 08:53 - 00000000 ____D C:\Users\Mandarinka\AppData\Local\Packages
2016-03-08 23:06 - 2016-01-11 09:46 - 00000000 ____D C:\Windows\Panther
2016-03-07 23:00 - 2016-01-26 15:11 - 00000000 ____D C:\Users\Uzivatel
2016-03-07 23:00 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-07 23:00 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Sysprep
2016-03-07 23:00 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\servicing
2016-03-07 22:59 - 2016-02-05 16:05 - 00000000 ____D C:\Users\Mandarinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-07 22:59 - 2016-02-05 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-07 22:59 - 2016-02-05 16:05 - 00000000 ____D C:\Program Files\WinRAR
2016-03-07 22:59 - 2016-02-05 09:26 - 00000000 ____D C:\KMPlayer
2016-03-07 22:55 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\registration
2016-03-07 22:51 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-03-07 20:54 - 2015-10-30 20:11 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-01 08:46 - 2016-02-05 09:03 - 00000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2016-01-27 08:17 - 2016-01-27 08:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-09 17:47

==================== End of FRST.txt ============================

Mangifera · Příspěvekod **Mangifera** » 11 bře 2016 12:52

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Mandarinka (2016-03-11 12:49:30)
Running from C:\Users\Mandarinka\Downloads
Windows 8.1 (X64) (2016-01-26 14:11:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3468730168-3982134831-2424057133-500 - Administrator - Disabled)
Guest (S-1-5-21-3468730168-3982134831-2424057133-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3468730168-3982134831-2424057133-1003 - Limited - Enabled)
Mandarinka (S-1-5-21-3468730168-3982134831-2424057133-1004 - Administrator - Enabled) => C:\Users\Mandarinka
Uzivatel (S-1-5-21-3468730168-3982134831-2424057133-1001 - Administrator - Enabled) => C:\Users\Uzivatel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.75 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HyperCam Toolbar (HKLM-x32\...\HyperCam Toolbar) (Version: - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 4.0.4.6 - PandoraTV)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2DBC24D5-5510-4A12-830C-1759FE2CD3C7} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-07-08] (Dolby Laboratories Inc.)
Task: {4AF07576-675A-4AD0-A06A-A3F853C6ED22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {A0486CDA-2E95-4C8E-B7D5-8A684EFEC656} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-07] (Google Inc.)
Task: {B47EBDFF-2600-4724-8AA8-D2CE41CB918A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-07] (Google Inc.)
Task: {D6DB9901-4E5A-4737-BD71-8AEC0F345231} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-09] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-07-08 18:53 - 2013-07-08 18:53 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-03-11 00:44 - 00000753 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3468730168-3982134831-2424057133-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandarinka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6CE42C79-8DE0-44EC-9D24-34312B018122}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-02-2016 10:45:58 Windows Update
01-03-2016 08:42:51 Instalační služba modulů systému Windows
07-03-2016 22:50:57 Operace obnovení
10-03-2016 12:05:01 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2016 07:26:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: dnslockington.exe, verze: 1.0.0.0, časové razítko: 0x56d2dda2
Název chybujícího modulu: KERNELBASE.dll, verze: 6.3.9600.18202, časové razítko: 0x569e7eb1
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000008a5c
ID chybujícího procesu: 0x58c
Čas spuštění chybující aplikace: 0xdnslockington.exe0
Cesta k chybující aplikaci: dnslockington.exe1
Cesta k chybujícímu modulu: dnslockington.exe2
ID zprávy: dnslockington.exe3
Úplný název chybujícího balíčku: dnslockington.exe4
ID aplikace související s chybujícím balíčkem: dnslockington.exe5

Error: (03/09/2016 07:26:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: dnslockington.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentException
Zásobník:
na System.Windows.Media.CompositionTarget.SetRootVisual(System.Windows.Media.Visual)
na System.Windows.Media.CompositionTarget.set_RootVisual(System.Windows.Media.Visual)
na System.Windows.Interop.HwndTarget.set_RootVisual(System.Windows.Media.Visual)
na System.Windows.Interop.HwndSource.set_RootVisualInternal(System.Windows.Media.Visual)
na System.Windows.Controls.Primitives.Popup.CreateWindow(Boolean)
na System.Windows.Controls.Primitives.Popup.OnIsOpenChanged(System.Windows.DependencyObject, System.Windows.DependencyPropertyChangedEventArgs)
na System.Windows.DependencyObject.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
na System.Windows.FrameworkElement.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
na System.Windows.DependencyObject.NotifyPropertyChange(System.Windows.DependencyPropertyChangedEventArgs)
na System.Windows.DependencyObject.UpdateEffectiveValue(System.Windows.EntryIndex, System.Windows.DependencyProperty, System.Windows.PropertyMetadata, System.Windows.EffectiveValueEntry, System.Windows.EffectiveValueEntry ByRef, Boolean, Boolean, System.Windows.OperationType)
na System.Windows.DependencyObject.SetValueCommon(System.Windows.DependencyProperty, System.Object, System.Windows.PropertyMetadata, Boolean, Boolean, System.Windows.OperationType, Boolean)
na System.Windows.DependencyObject.SetValue(System.Windows.DependencyProperty, System.Object)
na System.Windows.Data.BindingOperations.SetBinding(System.Windows.DependencyObject, System.Windows.DependencyProperty, System.Windows.Data.BindingBase)
na System.Windows.Controls.Primitives.Popup.CreateRootPopup(System.Windows.Controls.Primitives.Popup, System.Windows.UIElement)
na System.Windows.Controls.ToolTip.OnIsOpenChanged(System.Windows.DependencyObject, System.Windows.DependencyPropertyChangedEventArgs)
na System.Windows.DependencyObject.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
na System.Windows.FrameworkElement.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs)
na System.Windows.DependencyObject.NotifyPropertyChange(System.Windows.DependencyPropertyChangedEventArgs)
na System.Windows.DependencyObject.UpdateEffectiveValue(System.Windows.EntryIndex, System.Windows.DependencyProperty, System.Windows.PropertyMetadata, System.Windows.EffectiveValueEntry, System.Windows.EffectiveValueEntry ByRef, Boolean, Boolean, System.Windows.OperationType)
na System.Windows.DependencyObject.SetValueCommon(System.Windows.DependencyProperty, System.Object, System.Windows.PropertyMetadata, Boolean, Boolean, System.Windows.OperationType, Boolean)
na System.Windows.DependencyObject.SetValue(System.Windows.DependencyProperty, System.Object)
na -.l11iIIlIi1iI1.(Boolean)
na .(UInt32, IntPtr, IntPtr)
na .(IntPtr, UInt32, IntPtr, IntPtr)
na MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
na MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
na System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
na System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
na System.Windows.Application.RunInternal(System.Windows.Window)
na System.Windows.Application.Run()
na -.l1lilliIililI.()

Error: (03/08/2016 02:28:49 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1256) SRUJet: Při otevírání souboru protokolu C:\Windows\system32\SRU\SRU0002B.log došlo k chybě -1811 (0xfffff8ed).

Error: (03/07/2016 11:08:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Acer)
Description: Balíček DefaultBrowser_NOPUBLISHERID+Microsoft.InternetExplorer.Default se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (03/07/2016 08:41:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/06/2016 02:49:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/05/2016 12:03:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/05/2016 12:45:01 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/03/2016 09:51:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: regsvr32.exe, verze: 6.3.9600.17415, časové razítko: 0x54505249
Název chybujícího modulu: REI_Engine.DLL_unloaded, verze: 1.8.2.6, časové razítko: 0x5640b6d1
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000041dfe6
ID chybujícího procesu: 0xa70
Čas spuštění chybující aplikace: 0xregsvr32.exe0
Cesta k chybující aplikaci: regsvr32.exe1
Cesta k chybujícímu modulu: regsvr32.exe2
ID zprávy: regsvr32.exe3
Úplný název chybujícího balíčku: regsvr32.exe4
ID aplikace související s chybujícím balíčkem: regsvr32.exe5

Error: (03/02/2016 07:28:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

System errors:
=============
Error: (03/11/2016 12:53:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/11/2016 12:53:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/11/2016 12:53:11 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/11/2016 12:53:10 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/11/2016 12:53:10 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/10/2016 05:53:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (17:44:22, ‎10. ‎3. ‎2016) bylo neočekávané.

Error: (03/10/2016 05:48:54 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/10/2016 05:48:24 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/10/2016 12:47:36 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/10/2016 12:47:06 PM) (Source: DCOM) (EventID: 10010) (User: Acer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 19%
Total physical RAM: 6036.35 MB
Available physical RAM: 4865.79 MB
Total Virtual: 6996.35 MB
Available Virtual: 5793.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:427.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or

(Size: 465.8 GB) (Disk ID: 52AC7529)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Příspěvekod **jerabina** » 11 bře 2016 16:38

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:

HKU\S-1-5-21-3468730168-3982134831-2424057133-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-07] (Google Inc.)

C:\ProgramData\DP45977C.lfl

Task: {A0486CDA-2E95-4C8E-B7D5-8A684EFEC656} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-07] (Google Inc.)
Task: {B47EBDFF-2600-4724-8AA8-D2CE41CB918A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-07] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Google\Update

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Mangifera · Příspěvekod **Mangifera** » 11 bře 2016 17:57

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Mandarinka (2016-03-11 17:53:30) Run:1
Running from C:\Users\Mandarinka\Desktop
Loaded Profiles: Mandarinka (Available Profiles: Uzivatel & Mandarinka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:

HKU\S-1-5-21-3468730168-3982134831-2424057133-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-07] (Google Inc.)

C:\ProgramData\DP45977C.lfl

Task: {A0486CDA-2E95-4C8E-B7D5-8A684EFEC656} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-07] (Google Inc.)
Task: {B47EBDFF-2600-4724-8AA8-D2CE41CB918A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-07] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Google\Update

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-3468730168-3982134831-2424057133-1004\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => not found.
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0486CDA-2E95-4C8E-B7D5-8A684EFEC656}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0486CDA-2E95-4C8E-B7D5-8A684EFEC656}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B47EBDFF-2600-4724-8AA8-D2CE41CB918A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B47EBDFF-2600-4724-8AA8-D2CE41CB918A}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Program Files (x86)\Google\Update => moved successfully
EmptyTemp: => 38.7 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-11 17:54:34)

C:\ProgramData\DP45977C.lfl => Is moved successfully

==== End of Fixlog 17:54:34 ====

Vyskakovací reklamy, samovolné vypínání ntb Vyřešeno

Vyskakovací reklamy, samovolné vypínání ntb

Re: Vyskakovací reklamy, samovolné vypínání ntb

Re: Vyskakovací reklamy, samovolné vypínání ntb

Re: Vyskakovací reklamy, samovolné vypínání ntb

Re: Vyskakovací reklamy, samovolné vypínání ntb

Re: Vyskakovací reklamy, samovolné vypínání ntb

Re: Vyskakovací reklamy, samovolné vypínání ntb

Re: Vyskakovací reklamy, samovolné vypínání ntb

Re: Vyskakovací reklamy, samovolné vypínání ntb

Re: Vyskakovací reklamy, samovolné vypínání ntb

Re: Vyskakovací reklamy, samovolné vypínání ntb

Re: Vyskakovací reklamy, samovolné vypínání ntb

Kdo je online