Zavirovaný NTBk virem Win32:Malware-gen.

Zpráva

Denisa · #16 Příspěvek od **Denisa** » 27 kvě 2016 18:25

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2016 02
Ran by PLANEO (administrator) on PLANEO-PC (27-05-2016 19:10:45)
Running from C:\Users\PLANEO\Desktop
Loaded Profiles: PLANEO (Available Profiles: PLANEO & Asined)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUSTeK Computer INC.) C:\Program Files\ASUS\ATK Media\DMedia.exe
( ) C:\Program Files\ASUS\ATK Media\GPSWatch.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-12] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE [484760 2009-12-15] (CANON INC.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [839648 2016-03-10] (DivX, LLC)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5565296 2015-10-28] (Western Digital Technologies, Inc.)
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295072 2013-03-29] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-4067374528-2909061595-2700989555-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4067374528-2909061595-2700989555-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4067374528-2909061595-2700989555-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4067374528-2909061595-2700989555-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8139264 2008-01-21] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-11] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PLANEO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PLANEO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PLANEO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PLANEO\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009-11-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D003C604-8EF5-412A-8446-85EB4FA30311}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.seznam.cz/?clid=22668
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ASUS
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4067374528-2909061595-2700989555-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4067374528-2909061595-2700989555-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4067374528-2909061595-2700989555-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... 1I7ASUS_cs
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: PDFXChange 2012 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll [2012-08-14] (Tracker Software Products (Canada) Ltd.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-19] (AVAST Software)
BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> C:\Program Files\StatSoft\STATISTICA 12\StaBHO.dll [2013-04-02] (StatSoft, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll [2012-08-14] (Tracker Software Products (Canada) Ltd.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_91-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0091-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_91-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_91-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\cpuof8o9.default-1443448626419
FF Homepage: hxxp://www.seznam.cz/
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2013-03-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-03-29] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2008-10-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-03-29] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-03-29] (RealPlayer)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-19] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-27]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-29] [not signed]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-23] [not signed]

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\PLANEO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adobe Acrobat) - C:\Users\PLANEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-01-03]
CHR Extension: (Avast Online Security) - C:\Users\PLANEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PLANEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-11] (AVAST Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-01-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-01-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 Achernar; C:\Windows\System32\Drivers\Achernar.sys [18432 2007-02-05] (NewSoft Technology Corporation) [File not signed]
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-05-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-11] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-05-11] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [35272 2013-10-24] (The OpenVPN Project)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-05-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-05-11] (AVAST Software)
S3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [6656 2008-04-07] (Generic)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [48640 2005-03-03] (Protection Technology) [File not signed]
R0 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [6656 2005-02-23] (Protection Technology) [File not signed]
R0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [20544 2004-12-03] (Protection Technology) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1772544 2008-07-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-09] () [File not signed]
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2013-10-28] () [File not signed]
U3 afg4b6bt; C:\Windows\system32\Drivers\afg4b6bt.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 19:10 - 2016-05-27 19:11 - 00024985 _____ C:\Users\PLANEO\Desktop\FRST.txt
2016-05-27 18:52 - 2016-05-11 19:56 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswDD60.tmp
2016-05-27 18:52 - 2016-05-11 19:56 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswE379.tmp
2016-05-27 18:52 - 2016-05-11 19:56 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswEC70.tmp
2016-05-27 18:52 - 2016-05-11 19:56 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF363.tmp
2016-05-27 18:52 - 2016-05-11 19:56 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswD8CD.tmp
2016-05-27 18:51 - 2016-05-11 19:56 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswCA9A.tmp
2016-05-27 18:51 - 2016-05-11 19:56 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswBD10.tmp
2016-05-27 18:51 - 2016-05-11 19:56 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswC0F8.tmp
2016-05-27 18:51 - 2016-05-11 19:55 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswB265.tmp
2016-05-27 18:51 - 2016-05-11 19:55 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswAF49.tmp
2016-05-27 18:50 - 2016-05-11 19:56 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-05-27 18:45 - 2016-05-27 18:45 - 00140256 _____ C:\Windows\Minidump\Mini052716-01.dmp
2016-05-18 23:02 - 2016-05-18 23:02 - 00123730 _____ C:\Users\PLANEO\Downloads\slevomat-cz-voucher-oslnujici-pece-o-vlasy-strih-melir-nebo-barva-3176018360B-892 (1).pdf
2016-05-18 23:02 - 2016-05-18 23:02 - 00118200 _____ C:\Users\PLANEO\Downloads\slevomat-cz-voucher-soukromy-kurz-liceni-ve-studiu-visage-8836824770A-451 (1).pdf
2016-05-18 23:02 - 2016-05-18 23:02 - 00114565 _____ C:\Users\PLANEO\Downloads\slevomat-cz-voucher-soukromy-kurz-liceni-ve-studiu-visage-8836824770A-451.pdf
2016-05-18 23:01 - 2016-05-18 23:02 - 00123729 _____ C:\Users\PLANEO\Downloads\slevomat-cz-voucher-oslnujici-pece-o-vlasy-strih-melir-nebo-barva-3176018360B-892.pdf
2016-05-15 00:48 - 2016-05-15 00:48 - 00002778 _____ C:\Users\PLANEO\Desktop\ESETlog.txt
2016-05-14 17:03 - 2016-05-14 17:03 - 00000000 _____ C:\Users\PLANEO\AppData\Local\{3BEBB2F3-004D-4505-930D-FD3DE26C1F6A}
2016-05-14 14:25 - 2016-05-27 16:59 - 00000000 ____D C:\Users\PLANEO\AppData\Local\Temp(28)
2016-05-14 14:17 - 2016-05-27 19:10 - 00000000 ____D C:\Users\PLANEO\Desktop\FRST-OlderVersion
2016-05-14 14:17 - 2016-05-25 20:22 - 00002148 _____ C:\Users\PLANEO\Desktop\Fixlog.txt
2016-05-12 16:54 - 2016-05-27 19:00 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-12 16:54 - 2016-05-27 18:47 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-11 21:38 - 2016-05-11 21:38 - 00000450 _____ C:\Users\PLANEO\Desktop\view.php_soubory – zástupce.lnk
2016-05-11 21:08 - 2016-05-11 21:08 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-05-11 21:08 - 2016-05-11 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-11 21:04 - 2016-05-11 21:04 - 00738880 _____ (Oracle Corporation) C:\Users\PLANEO\Desktop\jxpiinstall.exe
2016-05-11 20:47 - 2016-05-27 18:46 - 00008192 _____ C:\Windows\system32\WDPABKP.dat
2016-05-11 20:45 - 2016-05-11 20:45 - 00143888 _____ C:\Windows\Minidump\Mini051116-01.dmp
2016-05-11 19:56 - 2016-05-11 19:56 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-05-10 20:54 - 2016-05-10 20:54 - 00006260 _____ C:\Users\PLANEO\Desktop\Addition.zip
2016-05-10 20:03 - 2016-05-27 19:10 - 00000000 ____D C:\FRST
2016-05-10 20:03 - 2016-05-10 20:03 - 00015327 _____ C:\Users\PLANEO\Desktop\LM.bat
2016-05-10 19:44 - 2016-05-27 19:10 - 01734144 _____ (Farbar) C:\Users\PLANEO\Desktop\FRST.exe
2016-05-10 19:10 - 2016-05-10 19:10 - 03640384 _____ C:\Users\PLANEO\Desktop\adwcleaner_5.116.exe
2016-05-09 20:05 - 2016-05-09 20:38 - 733308928 _____ C:\Users\PLANEO\Downloads\Olga Šípkova Aerobic pro všechny - Nová řada.avi
2016-05-09 10:29 - 2016-05-09 10:29 - 00143888 _____ C:\Windows\Minidump\Mini050916-01.dmp
2016-05-08 19:55 - 2016-05-08 20:03 - 1042073600 _____ C:\Users\PLANEO\Downloads\Dovolená za trest [Blended] (2014) CZ dabing.avi
2016-05-08 19:33 - 2016-05-08 19:39 - 787892224 _____ C:\Users\PLANEO\Downloads\Mysli jako on Think Like a Man (2012) CZdub.avi
2016-05-08 19:20 - 2016-05-08 19:24 - 787892224 _____ C:\Users\PLANEO\Downloads\Mysli jako on Think Like a Man (2012)CZdabing.avi
2016-05-08 00:56 - 2016-05-08 00:56 - 01107968 _____ C:\Users\PLANEO\Desktop\RSIT(1).exe
2016-05-07 19:42 - 2016-05-11 21:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-29 00:14 - 2016-04-29 00:14 - 00143888 _____ C:\Windows\Minidump\Mini042916-01.dmp
2016-04-28 21:34 - 2016-04-28 21:35 - 00143888 _____ C:\Windows\Minidump\Mini042816-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-28 04:44 - 2006-11-02 12:22 - 74186752 _____ C:\Windows\system32\config\software_previous
2016-05-28 04:43 - 2016-04-09 13:53 - 00000000 ____D C:\AdwCleaner
2016-05-28 04:43 - 2013-10-27 18:31 - 00000000 ____D C:\Program Files\trend micro
2016-05-28 04:43 - 2013-07-01 14:59 - 00000000 ____D C:\Users\Asined
2016-05-28 04:43 - 2012-04-06 03:21 - 00000000 ____D C:\Users\PLANEO\AppData\Roaming\vlc
2016-05-28 04:43 - 2009-10-01 22:09 - 00000000 ____D C:\Users\PLANEO
2016-05-28 04:43 - 2009-05-05 08:07 - 00000000 ____D C:\ProgramData\P4G
2016-05-28 04:43 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2016-05-28 04:43 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-05-28 04:43 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2016-05-28 04:43 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2016-05-28 04:43 - 2006-11-02 12:22 - 43253760 _____ C:\Windows\system32\config\system_previous
2016-05-28 04:40 - 2006-11-02 12:22 - 49020928 _____ C:\Windows\system32\config\components_previous
2016-05-28 04:40 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-05-27 18:54 - 2015-02-26 18:31 - 00001796 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-05-27 18:46 - 2014-04-29 12:46 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2016-05-27 18:46 - 2009-10-04 21:34 - 00027934 _____ C:\ProgramData\nvModes.001
2016-05-27 18:45 - 2010-10-03 11:00 - 00000000 ____D C:\Windows\Minidump
2016-05-27 18:45 - 2009-10-05 20:34 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-05-27 18:45 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-27 18:45 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 18:45 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-27 18:44 - 2015-10-13 16:35 - 219661270 _____ C:\Windows\MEMORY.DMP
2016-05-27 17:01 - 2006-11-02 12:22 - 01310720 _____ C:\Windows\system32\config\default_previous
2016-05-27 17:01 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-05-26 05:07 - 2009-10-04 21:31 - 00027934 _____ C:\ProgramData\nvModes.dat
2016-05-14 14:18 - 2013-11-13 09:31 - 00000000 ____D C:\Users\PLANEO\AppData\Local\CrashDumps
2016-05-14 13:59 - 2006-11-02 15:01 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-14 13:30 - 2015-01-31 00:28 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-13 18:30 - 2013-02-19 11:08 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-13 18:30 - 2012-11-03 13:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-12 19:34 - 2011-10-29 09:54 - 00000000 ____D C:\Program Files\Opera
2016-05-11 22:00 - 2009-11-15 14:33 - 00000000 ____D C:\Program Files\QuickTime
2016-05-11 21:59 - 2009-11-15 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-05-11 21:28 - 2009-10-05 20:33 - 00209408 _____ C:\Users\PLANEO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-11 21:22 - 2013-10-07 13:27 - 00000000 ____D C:\ProgramData\Oracle
2016-05-11 21:10 - 2015-12-20 20:37 - 00000000 ____D C:\Users\PLANEO\.oracle_jre_usage
2016-05-11 21:08 - 2015-01-31 00:39 - 00268352 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-05-11 21:07 - 2010-03-01 16:06 - 00000000 ____D C:\Program Files\Java
2016-05-11 19:56 - 2015-09-30 19:30 - 00187208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-05-11 19:56 - 2014-04-28 17:35 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-05-11 19:56 - 2013-04-21 11:50 - 00221368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-05-11 19:56 - 2013-04-21 11:50 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-05-11 19:56 - 2010-01-05 12:30 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-05-11 19:56 - 2010-01-05 12:30 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-05-11 19:56 - 2010-01-05 12:30 - 00067216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-05-11 19:56 - 2010-01-05 12:30 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-05-11 19:55 - 2016-04-19 18:39 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-05-11 19:55 - 2011-10-25 08:02 - 00815792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-05-10 07:38 - 2008-04-17 12:34 - 00692028 _____ C:\Windows\system32\perfh005.dat
2016-05-10 07:38 - 2008-04-17 12:34 - 00155480 _____ C:\Windows\system32\perfc005.dat
2016-05-10 07:38 - 2006-11-02 12:33 - 01663968 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-09 09:14 - 2009-10-01 22:09 - 00112488 _____ C:\Users\PLANEO\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-08 10:31 - 2012-04-25 18:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2002-08-29 18:33 - 2002-08-29 18:33 - 0319488 _____ () C:\Users\PLANEO\AppData\Roaming\MafiaSetup.exe
2010-09-28 20:42 - 2015-10-07 19:39 - 0001356 _____ () C:\Users\PLANEO\AppData\Local\d3d9caps.dat
2009-10-05 20:33 - 2016-05-11 21:28 - 0209408 _____ () C:\Users\PLANEO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-14 17:03 - 2016-05-14 17:03 - 0000000 _____ () C:\Users\PLANEO\AppData\Local\{3BEBB2F3-004D-4505-930D-FD3DE26C1F6A}
2013-06-22 17:00 - 2013-06-23 00:35 - 0000000 _____ () C:\ProgramData\g252qs.txt
2009-11-03 19:31 - 2010-03-30 20:34 - 0001854 _____ () C:\ProgramData\hpzinstall.log
2009-10-04 21:34 - 2016-05-27 18:46 - 0027934 _____ () C:\ProgramData\nvModes.001
2009-10-04 21:31 - 2016-05-26 05:07 - 0027934 _____ () C:\ProgramData\nvModes.dat

Files to move or delete:
====================
C:\Users\PLANEO\setup_av_free_cnet.exe
C:\Users\PLANEO\winmail.dat
C:\Users\PLANEO\WMDecode.exe

Some files in TEMP:
====================
C:\Users\PLANEO\AppData\Local\temp\libeay32.dll
C:\Users\PLANEO\AppData\Local\temp\msvcr120.dll
C:\Users\PLANEO\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-27 19:09

==================== End of FRST.txt ============================

#17 Příspěvek od **altrok** » 28 kvě 2016 11:21

Zadny aktivni malware v logu nevidim.

Slozku C:\WINDOWS\Minidump zkopirujte na plochu a nasledne tuto slozku zabalte do raru/zipu a upnete ji na leteckaposta.cz - link ke stazeni dejte do pristiho postu (pripadne muzete archiv k pristimu prispevku pridat jako prilohu).

Stahnete Crystal Disk Info (CDI) https://osdn.jp/frs/redir.php?m=cznic&f ... o6_7_5.zip
archiv extrahujte a spustte vyextrahovany soubor DiskInfo.exe
ve spustenem programu kliknete nahore na Upravy -> Kopirovat (log mate nyni zkopirovany ve schrance)
log vlozte do dalsi odpovedi (Ctrl + V)

Denisa · #18 Příspěvek od **Denisa** » 01 čer 2016 18:25

Odkaz na leteckou poštu: http://leteckaposta.cz/502618148

----------------------------------------------------------------------------
CrystalDiskInfo 6.7.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows Vista Home Premium SP2 [6.0 Build 6002] (x86)
Date : 2016/06/01 19:22:25

-- Controller Map ----------------------------------------------------------
+ Standardní řadič AHCI 1.0 s rozhraním Serial ATA [ATA]
+ Kanál IDE (0)
- ST9320320AS ATA Device
+ Kanál IDE (1)
- HL-DT-ST DVDRAM GSA-T50N ATA Device
+ AXZTPP6M IDE Controller [SCSI]
- CDY IROHU741UN SCSI CdRom Device
- Iniciátor iSCSI společnosti Microsoft [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST9320320AS : 320,0 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST9320320AS
----------------------------------------------------------------------------
Model : ST9320320AS
Firmware : 0303
Serial Number : 5SX39P7R
Disk Size : 320,0 GB (8,4/137,4/320,0/320,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : ---- | SATA/300
Power On Hours : 11901 hod.
Power On Count : 4377 krát
Temperature : 38 C (100 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 114 _99 __6 0000043C1F6D Počet chyb čtení
03 _98 _97 __0 000000000000 Čas na roztočení ploten
04 _96 _96 _20 000000001125 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _87 _60 _30 00001C146297 Počet chybných hledání
09 _87 _87 __0 000000002E7D Hodin v činnosti
0A 100 100 _97 000000000060 Počet opakovaných pokusů o roztočení ploten
0C _96 _96 _20 000000001119 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB _97 _97 __0 000000000003 Ohlášeno neopravitelných chyb
BC 100 _96 __0 00000000000A Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _62 _39 _45 040F26170026 Teplota toku vzduchu
BF 100 100 __0 0000000000CA Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 0000000003A7 Počet vypnutí disku
C1 _71 _71 __0 00000000E765 Počet cyklů načítání/vymazání
C2 _38 _61 __0 000900000026 Teplota
C3 _54 _37 __0 0000043C1F6D Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 3553 5833 3950 3752
020: 0000 4000 0004 3033 3033 2020 2020 5354 3933 3230
030: 3332 3041 5320 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0407 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0506 0000 0048 0040
080: 01F0 0029 346B 7D09 61E3 3469 BC09 61E3 407F 0034
090: 0034 8080 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: EAB0 2542 0000 0000 0000 0000 0000 0000 5000 C500
110: 1243 A863 0000 0000 0000 0000 0000 0000 0000 400E
120: 400E 0000 0000 0000 0000 0000 0000 0000 0029 EAB0
130: 2542 EAB0 2542 0000 0002 0140 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 000F 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 3400 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 103F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0002 0000 1010 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 FBA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 72 63 6D 1F 3C 04 00 00 00 03 03
010: 00 62 61 00 00 00 00 00 00 00 04 32 00 60 60 25
020: 11 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 57 3C 97 62 14 1C 00 00 00 09 32
040: 00 57 57 7D 2E 00 00 00 00 00 0A 13 00 64 64 60
050: 00 00 00 00 00 00 0C 32 00 60 60 19 11 00 00 00
060: 00 00 B8 32 00 64 64 00 00 00 00 00 00 00 BB 32
070: 00 61 61 03 00 00 00 00 00 00 BC 32 00 64 60 0A
080: 00 00 00 00 00 00 BD 3A 00 64 64 00 00 00 00 00
090: 00 00 BE 22 00 3E 27 26 00 17 26 0F 04 00 BF 32
0A0: 00 64 64 CA 00 00 00 00 00 00 C0 32 00 64 64 A7
0B0: 03 00 00 00 00 00 C1 32 00 47 47 65 E7 00 00 00
0C0: 00 00 C2 22 00 26 3D 26 00 00 00 09 00 00 C3 1A
0D0: 00 36 25 6D 1F 3C 04 00 00 00 C5 12 00 64 64 00
0E0: 00 00 00 00 00 00 C6 10 00 64 64 00 00 00 00 00
0F0: 00 00 C7 3E 00 C8 C8 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 C8 02 00 73
170: 03 00 01 00 01 77 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 ED 0E 00 00 01 03 03 01 03 03 03 03
190: 03 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 CA 00 00 00 F4 9A 7C 00 F8 26 00 00
1B0: 00 00 00 00 01 00 E6 02 42 09 C5 5F 0E 4C 06 00
1C0: 26 D1 82 F8 D4 71 46 00 00 00 00 00 B8 A1 10 00
1D0: 00 00 00 00 00 00 00 00 B7 22 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B8 63 00 00 00 00 00 00 00 00 00 00 BB 00
070: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
090: 00 00 BE 2D 00 00 00 00 00 00 00 00 00 00 BF 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0D0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0E0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0F0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A1

#19 Příspěvek od **altrok** » 02 čer 2016 11:43

Nekolik padu systemu (modrych smrti neboli BSOD) pravdepodobne zpusobil ovladac bezdratoveho sitoveho adapteru athr.sys - doporucuju jej aktualizovat.

Kód: Vybrat vše

01 114 _99 __6 0000043C1F6D Počet chyb čtení
07 _87 _60 _30 00001C146297 Počet chybných hledání
BB _97 _97 __0 000000000003 Ohlášeno neopravitelných chyb
BF 100 100 __0 0000000000CA Počet udalostí zaznamenaných otřesovým senzorem
C3 _54 _37 __0 0000043C1F6D Počet oprav chybného čtení

Toto nejsou hodnoty uplne zdraveho disku. Doporucuju casteji zalohovat.

V PC jinak malware nevidim, takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

VIRY.CZ

Zavirovaný NTBk virem Win32:Malware-gen.

Re: Zavirovaný NTBk virem Win32:Malware-gen.

Re: Zavirovaný NTBk virem Win32:Malware-gen.

Re: Zavirovaný NTBk virem Win32:Malware-gen.

Re: Zavirovaný NTBk virem Win32:Malware-gen.