Trojan.Win32.Generic!BT

Zpráva

Hrabka · #1 Příspěvek od **Hrabka** » 17 říj 2013 15:26

Zdravím, během posledních dnů se mi hodně zpomalil můj notebook, tak jsem si stáhnul Ad-Aware Antivirus a udělal hloubkový scan, který objevil kromě jiného také virus "Trojan.Win32.Generic!BT" ve 4 složkách. Můžete mi poradit zda-li mám pomocí Ad-Aware tento virus odstranit nebo dát do karantény, popř. jestli by nebyl vhodný nějaký jiný prográmek ke zbavení se této havěti. Děkuji za odpověď, Jirka

#2 Příspěvek od **vyosek** » 17 říj 2013 15:37

Zdravim

Ad-Aware odinstalujte - uz ma davno nejlepsi leta za sebou a neni schopen celit aktualnim hrozbam

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784 a podivame se na to

Hrabka · #3 Příspěvek od **Hrabka** » 17 říj 2013 19:48

Díky moc za pomoc, tady je ten log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Hrabo at 2013-10-17 20:37:33
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 10 GB (6%) free of 153 GB
Total RAM: 3070 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:44, on 17.10.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Program Files\MSI\TotalMedia 3.5\TotalMedia.exe
C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Hrabo\Desktop\RSIT.exe
C:\Program Files\trend micro\Hrabo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Alta Sticker Light] "C:\Program Files\Alta Softworks\Alta Sticker Light\aslight.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SBRegRebootCleaner] "C:\Program Files\Ad-Aware Antivirus\SBRC.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hrabo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3927109529-1046740972-2868666797-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - HKUS\S-1-5-21-3927109529-1046740972-2868666797-1001\..\Run: [] (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Guard-ICQ\GuardICQ.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: postgresql-9.0 - PostgreSQL Server 9.0 (postgresql-9.0) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe

--
End of file - 10342 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{927A7841-FA4F-46DF-81EA-548619EF2CCC}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Hrabo\AppData\Roaming\Mozilla\Firefox\Profiles\h11r17en.default-1381922482765

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"RayVExtension@RayV.com"=C:\Program Files\RayV\RayV\RayVExtension@RayV.com
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
"Description"=Delivery Network Acceleration by BitTorrent™
"Path"=C:\Program Files\DNA\plugins\npbtdna.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npbittorrent.dll
npdivx32.dll
npdivx32.xpt
npDivxPlayerPlugin.dll
NPOFF12.DLL
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nsIDivxPlayerPlugin.xpt
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
Search_Results.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-23 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-10-15 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-23 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-10-15 606544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2008-01-12 98304]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"Alta Sticker Light"=C:\Program Files\Alta Softworks\Alta Sticker Light\aslight.exe []
"DATAMNGR"=C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE [2012-03-06 1694608]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2013-10-15 3568312]
"SBRegRebootCleaner"=C:\Program Files\Ad-Aware Antivirus\SBRC.exe [2011-12-19 200560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Google Update"=C:\Users\Hrabo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 136176]
""= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"vidc.tscc"=tsccvid.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave2"=serwvdrv.dll
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer5"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-10-17 16:38:04 ----A---- C:\Windows\system32\SBRC.dat
2013-10-17 16:14:25 ----D---- C:\Users\Hrabo\AppData\Roaming\Malwarebytes
2013-10-17 16:13:43 ----D---- C:\ProgramData\Malwarebytes
2013-10-17 16:13:42 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-10-17 16:13:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-10-16 15:25:11 ----D---- C:\ProgramData\Ad-Aware Browsing Protection
2013-10-16 15:24:16 ----A---- C:\Windows\system32\drivers\sbhips.sys
2013-10-16 15:24:14 ----D---- C:\ProgramData\Lavasoft
2013-10-16 15:24:11 ----D---- C:\Windows\system32\drivers\VDD
2013-10-16 15:24:11 ----D---- C:\Program Files\Ad-Aware Antivirus
2013-10-16 15:21:59 ----D---- C:\Users\Hrabo\AppData\Roaming\Ad-Aware Antivirus
2013-10-15 20:49:54 ----D---- C:\Users\Hrabo\AppData\Roaming\AVAST Software
2013-10-15 20:14:50 ----D---- C:\ProgramData\AVAST Software
2013-10-15 20:11:20 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2013-10-15 20:11:12 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2013-10-15 14:16:41 ----D---- C:\Program Files\PC Tools
2013-10-15 14:13:07 ----A---- C:\Windows\system32\drivers\Cat.DB
2013-10-15 14:12:49 ----D---- C:\Program Files\Common Files\PC Tools
2013-10-15 14:12:49 ----A---- C:\Windows\system32\drivers\PCTSD.sys
2013-10-15 14:12:20 ----D---- C:\Users\Hrabo\AppData\Roaming\TestApp
2013-10-15 14:12:20 ----D---- C:\ProgramData\PC Tools
2013-10-09 14:35:51 ----A---- C:\Windows\system32\FlashPlayerInstaller.exe
2013-09-30 21:29:11 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2013-10-17 20:37:34 ----D---- C:\Program Files\trend micro
2013-10-17 20:37:00 ----D---- C:\Windows\Temp
2013-10-17 20:35:28 ----D---- C:\Windows\System32
2013-10-17 20:35:28 ----D---- C:\Windows\inf
2013-10-17 20:35:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-17 20:20:35 ----D---- C:\Windows\tracing
2013-10-17 16:20:37 ----D---- C:\Windows\system32\drivers
2013-10-17 16:13:43 ----HD---- C:\ProgramData
2013-10-17 16:13:41 ----RD---- C:\Program Files
2013-10-16 16:37:28 ----D---- C:\Windows\system32\Tasks
2013-10-16 15:25:14 ----SHD---- C:\Windows\Installer
2013-10-16 11:44:54 ----SHD---- C:\System Volume Information
2013-10-16 11:42:38 ----AD---- C:\ProgramData\Temp
2013-10-16 11:41:42 ----D---- C:\Windows
2013-10-15 23:16:07 ----D---- C:\Program Files\DAEMON Tools Toolbar
2013-10-15 23:11:44 ----A---- C:\Windows\system32\acovcnt.exe
2013-10-15 23:10:32 ----D---- C:\Program Files\Ask.com
2013-10-15 23:04:53 ----D---- C:\Windows\Prefetch
2013-10-15 20:34:27 ----D---- C:\Windows\winsxs
2013-10-15 20:32:41 ----A---- C:\Windows\system32\aswBoot.exe
2013-10-15 15:35:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2013-10-15 14:12:49 ----D---- C:\Program Files\Common Files
2013-10-12 18:19:59 ----A---- C:\Windows\system32\PnkBstrB.exe
2013-10-09 13:36:57 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-10-07 20:21:32 ----D---- C:\Windows\system32\catroot2
2013-10-02 10:55:26 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-09-28 17:50:52 ----D---- C:\Users\Hrabo\AppData\Roaming\ICQ
2013-09-26 19:49:56 ----D---- C:\Windows\Minidump
2013-09-25 12:45:14 ----D---- C:\Program Files\Microsoft Silverlight
2013-09-23 23:01:19 ----D---- C:\Windows\Tasks
2013-09-23 22:50:51 ----D---- C:\Users\Hrabo\AppData\Roaming\OpenCandy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-10-15 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-10-15 178304]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-05-07 317976]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-09-24 717296]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr.sys [2013-10-15 54832]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-10-15 774392]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-10-15 403440]
R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-10-15 57672]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2011-06-21 32768]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-10-15 35656]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-10-15 70384]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-06-24 47104]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 sbapifs;sbapifs; C:\Windows\system32\DRIVERS\sbapifs.sys [2011-11-29 77816]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-06-17 146824]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-12-19 54784]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-15 7680]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-25 43040]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-25 7534720]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 37280]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-07-06 91168]
R3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-07-06 32800]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-05-13 1772544]
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2005-08-10 50688]
S0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [2011-10-26 101112]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer; \??\E:\I386\AsProcOb.sys []
S3 avt2v4ap;avt2v4ap; C:\Windows\system32\drivers\avt2v4ap.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-03-17 81960]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-03-17 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-03-17 17320]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2010-03-06 17408]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sbhips;sbhips; C:\Windows\system32\drivers\sbhips.sys [2011-12-19 93816]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-12-15 26624]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ad-Aware Service;Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 ArcGIS License Manager;ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [2008-08-02 1431440]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-10-15 50344]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-10 518696]
R2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [2013-01-05 1564368]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2010-04-07 99896]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-25 196608]
R2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-12-28 75064]
R2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w []
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2012-09-07 587472]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 SBAMSvc;Ad-Aware; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-09-30 118680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2011-12-15 14848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 17 říj 2013 19:53

Pokud pozadam o odintalovani, tak to prosim udelejte, nepisu to zbytecne. Bud budeme lecit dle meho, nebo si budete lecit sam...

Odinstalujte nasledujici veci - nic z toho neni ucinne, avast je dostatecna ochrana. Navic pri vice bezpecnostnich SW dochazi ke kolizi a nestabilite systemu

Spybot - Search & Destroy
McAfee Security Scan
Ad-Aware Antivirus
Pandora.TV
Spyware Terminator

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbar
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Hrabka · #5 Příspěvek od **Hrabka** » 17 říj 2013 22:05

Udělal jsem vše podle vašeho návodu, ale "Malwarebytes" žádnou závadu neobjevil. Když jsem předtím dělal scan v tom Ad-Aware, tak to kromě "Genericu" našlo i další problémy různé závažnosti, takže tento výsledek moc nechápu. Ještě jsem chtěl poznamenat, že předtím než se mi začal notebook zpomalovat, tak jsem měl na mozille potíže se searchnu.com/406, která neustále naskakovala jako domovská stránka. Tento problém by měl být snad vyřešen a zdá se mi, že ntb s současné době nejede nijak výrazně zpomaleněji, jak tomu bylo před dvěma dny, nicméně mi stále vrtá hlavou ten výsledek scanu z Ad-Aware.

#6 Příspěvek od **vyosek** » 18 říj 2013 06:41

Tak na to mrknete jeste hloubeji, MBAR byl jen prvotni krok

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Hrabka · #7 Příspěvek od **Hrabka** » 18 říj 2013 13:57

Log JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows Vista (TM) Home Premium x86
Ran by Hrabo on p 18.10.2013 at 14:28:12,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchqu toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Program Files\ask.com"

~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search_results.xml"
Failed to delete: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Emptied folder: C:\Users\Hrabo\AppData\Roaming\mozilla\firefox\profiles\h11r17en.default-1381922482765\minidumps [3 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Hrabo\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 18.10.2013 at 14:34:39,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log AdwCleaner:

# AdwCleaner v3.008 - Report created 18/10/2013 at 14:42:33
# Updated 17/10/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Hrabo - HRABO-PC
# Running from : C:\Users\Hrabo\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Users\Hrabo\AppData\Local\PackageAware
Folder Deleted : C:\Users\Hrabo\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
File Deleted : C:\Program Files\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v24.0 (cs)

[ File : C:\Users\Hrabo\AppData\Roaming\Mozilla\Firefox\Profiles\h11r17en.default-1381922482765\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Hrabo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url

*************************

AdwCleaner[R0].txt - [3459 octets] - [18/10/2013 14:36:56]
AdwCleaner[S0].txt - [3378 octets] - [18/10/2013 14:42:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3438 octets] ##########

Hrabka · #8 Příspěvek od **Hrabka** » 18 říj 2013 15:00

Jak jsem včera psal, že notebook není příliš zpomalený, tak to bylo zřejmě nějaké mylné zdání. Dnes se tomu vůbec nechce a vše trvá než se načte či plně objeví (přes internet až po obyčejné složky a programy (word apod.)).

#9 Příspěvek od **vyosek** » 19 říj 2013 08:36

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

Ulozte nejlepe na Plochu
Spustte tradicne dvouklikem a postupujte dle pokynu utility
Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

Poprosim o FRSTL http://forum.viry.cz/viewtopic.php?f=13&t=133100

Hrabka · #10 Příspěvek od **Hrabka** » 19 říj 2013 10:00

SecurityCheck:

Results of screen317's Security Check version 0.99.74
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SUPERAntiSpyware
JavaFX 2.1.1
Java(TM) 6 Update 31
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader XI (KB403742..)
Mozilla Firefox (24.0)
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Hrabo (administrator) on HRABO-PC on 19-10-2013 10:49:07
Running from C:\Users\Hrabo\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(Acresso Software Inc.) C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
() C:\Program Files\Guard-ICQ\GuardICQ.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\system32\PnkBstrA.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
(ATK0100) C:\Program Files\ATK Hotkey\Hcontrol.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUS) C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Program Files\ATK Hotkey\WDC.exe
() C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\Users\Hrabo\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(forum.viry.cz) C:\Users\Hrabo\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HControlUser] - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-01-12] ()
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [Alta Sticker Light] - "C:\Program Files\Alta Softworks\Alta Sticker Light\aslight.exe"
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3567800 2013-10-18] (AVAST Software)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Hrabo\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-25] (Google Inc.)
HKCU\...\Run: [] - [x]
MountPoints2: {6b2fe25a-26ee-11df-b365-806e6f6e6963} - setupSNK.exe
MountPoints2: {9bcbcb0d-2c5e-11df-8a60-002243a3fbf4} - H:\LaunchU3.exe -a
MountPoints2: {e1b40566-f288-11e0-87f8-a613b8c0a59f} - G:\SISetup.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
BootExecute: autocheck autochk * SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Definitions

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Hrabo\AppData\Roaming\Mozilla\Firefox\Profiles\h11r17en.default-1381922482765
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Hrabo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hrabo\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hrabo\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: No Name - C:\Users\Hrabo\AppData\Roaming\Mozilla\Firefox\Profiles\h11r17en.default-1381922482765\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: support - C:\Program Files\Mozilla Firefox\extensions\support@daemon-tools.cc
FF HKLM\...\Firefox\Extensions: [RayVExtension@RayV.com] - C:\Program Files\RayV\RayV\RayVExtension@RayV.com
FF Extension: RayV Mozilla Extension - C:\Program Files\RayV\RayV\RayVExtension@RayV.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

Chrome:
=======
CHR HomePage: hxxp://seznam.cz/
CHR DefaultSearchURL: (Search Results) - http://www.google.com
CHR DefaultSuggestURL: (Search Results) - "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Users\Hrabo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Hrabo\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Hrabo\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Google Update) - C:\Users\Hrabo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Facebook Plugin) - C:\Users\Hrabo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [1431440 2008-08-02] (Acresso Software Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-03] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-10-15] (AVAST Software)
R2 Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2013-01-05] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2010-12-28] ()
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
R2 postgresql-9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w [x]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-10-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-10-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-10-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-10-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-10-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-10-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-10-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-10-15] ()
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-17] (AuthenTec, Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2007-12-19] (ITE Tech. Inc. )
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R0 lullaby; C:\Windows\System32\DRIVERS\lullaby.sys [15416 2008-05-29] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-15] (ATK0100)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1083880 2009-04-11] (Společnost Microsoft)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1083520 2006-11-02] (Philips Semiconductors GmbH)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [91168 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [37280 2009-07-13] (Realtek)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [63488 2005-11-03] (Protection Technology)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1772544 2008-05-13] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-09-24] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
U3 a8rdub31; C:\Windows\System32\Drivers\a8rdub31.sys [0 ] (Microsoft Corporation)
S3 ASUSProcObsrv; \??\E:\I386\AsProcOb.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-19 10:48 - 2013-10-19 10:48 - 00000000 ____D C:\FRST
2013-10-19 10:46 - 2013-10-19 10:46 - 00112128 _____ (forum.viry.cz) C:\Users\Hrabo\Desktop\FRSTLauncher.exe
2013-10-19 10:45 - 2013-10-19 10:45 - 01087213 _____ (Farbar) C:\Users\Hrabo\Desktop\FRST.exe
2013-10-19 10:43 - 2013-10-19 10:43 - 00112107 _____ (forum.viry.cz) C:\Users\Hrabo\Desktop\VerzeOS.exe
2013-10-19 10:40 - 2013-10-19 10:40 - 00891167 _____ C:\Users\Hrabo\Desktop\SecurityCheck.exe
2013-10-18 18:22 - 2013-10-18 18:22 - 00027368 _____ C:\Users\Hrabo\Desktop\The.Big.Bang.Theory.S07E05.HDTV.x264-LOL.srt
2013-10-18 15:46 - 2013-10-18 16:02 - 132021998 _____ C:\Users\Hrabo\Desktop\The.Big.Bang.Theory.S07E05.HDTV.x264-LOL.mp4
2013-10-18 14:36 - 2013-10-18 14:42 - 00000000 ____D C:\AdwCleaner
2013-10-18 14:35 - 2013-10-18 14:36 - 01050644 _____ C:\Users\Hrabo\Desktop\adwcleaner.exe
2013-10-18 14:34 - 2013-10-18 14:34 - 00003003 _____ C:\Users\Hrabo\Desktop\JRT.txt
2013-10-18 13:53 - 2013-10-18 13:53 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 13:52 - 2013-10-18 13:52 - 01033335 _____ (Thisisu) C:\Users\Hrabo\Desktop\JRT.exe
2013-10-17 21:07 - 2013-10-17 22:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-17 21:06 - 2013-10-17 22:54 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-17 21:06 - 2013-10-17 22:54 - 00000000 ____D C:\Users\Hrabo\Desktop\mbar
2013-10-17 21:05 - 2013-10-17 21:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Hrabo\Desktop\mbar-1.07.0.1007.exe
2013-10-17 21:03 - 2013-10-17 21:03 - 00000000 ____D C:\ProgramData\GFI Software
2013-10-17 20:36 - 2013-10-17 20:36 - 00781383 _____ C:\Users\Hrabo\Desktop\RSIT.exe
2013-10-17 16:38 - 2013-10-17 16:38 - 00000104 _____ C:\Windows\system32\SBRC.dat
2013-10-17 16:14 - 2013-10-17 16:14 - 00000000 ____D C:\Users\Hrabo\AppData\Roaming\Malwarebytes
2013-10-17 16:13 - 2013-10-17 16:13 - 00000913 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-17 16:13 - 2013-10-17 16:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-17 16:13 - 2013-10-17 16:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-17 16:13 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-16 16:40 - 2013-10-16 16:40 - 00001188 _____ C:\Windows\system32\ServiceConfig.xml
2013-10-16 15:25 - 2013-10-16 15:25 - 00000000 ____D C:\Users\Hrabo\AppData\Local\adaware
2013-10-16 15:25 - 2013-10-16 15:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-10-16 15:24 - 2013-10-17 21:03 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-10-16 13:12 - 2013-10-16 13:12 - 00511488 _____ C:\Users\Hrabo\Downloads\3_GATP.ppt
2013-10-15 23:04 - 2013-10-15 23:04 - 00000000 ____D C:\Users\Hrabo\AppData\Local\Threat Expert
2013-10-15 20:49 - 2013-10-15 20:49 - 00000000 ____D C:\Users\Hrabo\AppData\Roaming\AVAST Software
2013-10-15 20:14 - 2013-10-15 20:14 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-15 20:11 - 2013-10-15 20:33 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-15 20:11 - 2013-10-15 20:33 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-15 14:16 - 2013-10-15 14:16 - 00000000 ____D C:\Program Files\PC Tools
2013-10-15 14:13 - 2013-10-15 14:15 - 02258720 _____ C:\Windows\system32\Drivers\Cat.DB
2013-10-15 14:12 - 2013-10-16 11:44 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2013-10-15 14:12 - 2013-10-16 11:41 - 00000000 ____D C:\ProgramData\PC Tools
2013-10-15 14:12 - 2013-10-15 14:12 - 00000000 ____D C:\Users\Hrabo\AppData\Roaming\TestApp
2013-10-15 14:12 - 2012-11-01 15:35 - 00202280 _____ (PC Tools) C:\Windows\system32\Drivers\PCTSD.sys
2013-10-09 14:35 - 2013-10-09 20:36 - 17750408 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-09-30 21:29 - 2013-09-30 21:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-30 16:21 - 2013-10-18 17:24 - 00000000 ____D C:\Users\Hrabo\Desktop\SGRR - 3. semestr
2013-09-28 23:27 - 2013-10-05 23:54 - 00009771 _____ C:\Users\Hrabo\Documents\Nejvyšší výhry BWIN.xlsx
2013-09-26 19:49 - 2013-09-26 19:50 - 00139400 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-22 18:34 - 2013-09-22 18:34 - 00139400 _____ C:\Windows\Minidump\Mini092213-01.dmp
2013-09-19 20:16 - 2013-09-19 20:16 - 00139400 _____ C:\Windows\Minidump\Mini091913-02.dmp
2013-09-19 14:00 - 2013-09-19 14:00 - 00139400 _____ C:\Windows\Minidump\Mini091913-01.dmp

==================== One Month Modified Files and Folders =======

2013-10-19 10:48 - 2013-10-19 10:48 - 00000000 ____D C:\FRST
2013-10-19 10:46 - 2013-10-19 10:46 - 00112128 _____ (forum.viry.cz) C:\Users\Hrabo\Desktop\FRSTLauncher.exe
2013-10-19 10:45 - 2013-10-19 10:45 - 01087213 _____ (Farbar) C:\Users\Hrabo\Desktop\FRST.exe
2013-10-19 10:43 - 2013-10-19 10:43 - 00112107 _____ (forum.viry.cz) C:\Users\Hrabo\Desktop\VerzeOS.exe
2013-10-19 10:40 - 2013-10-19 10:40 - 00891167 _____ C:\Users\Hrabo\Desktop\SecurityCheck.exe
2013-10-19 10:35 - 2012-07-30 21:47 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-19 10:34 - 2008-08-28 05:28 - 01376667 _____ C:\Windows\WindowsUpdate.log
2013-10-19 10:33 - 2012-02-25 17:29 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000UA.job
2013-10-19 10:33 - 2012-02-25 17:29 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000Core.job
2013-10-19 10:33 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing
2013-10-19 10:30 - 2008-09-12 16:47 - 00027839 _____ C:\ProgramData\nvModes.001
2013-10-19 10:30 - 2008-08-28 07:25 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-10-19 10:28 - 2009-05-11 15:39 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-19 10:28 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-19 10:28 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-19 10:28 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-19 00:14 - 2008-08-28 05:29 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-19 00:14 - 2006-11-02 15:01 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-18 22:30 - 2010-07-04 20:49 - 00000000 ____D C:\Users\Hrabo\Desktop\Filmy
2013-10-18 20:01 - 2008-09-12 16:44 - 00027839 _____ C:\ProgramData\nvModes.dat
2013-10-18 20:00 - 2013-02-15 22:43 - 00000000 ____D C:\Users\Hrabo\Documents\FIFA 13
2013-10-18 18:22 - 2013-10-18 18:22 - 00027368 _____ C:\Users\Hrabo\Desktop\The.Big.Bang.Theory.S07E05.HDTV.x264-LOL.srt
2013-10-18 18:10 - 2006-11-02 12:33 - 01421314 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-18 17:24 - 2013-09-30 16:21 - 00000000 ____D C:\Users\Hrabo\Desktop\SGRR - 3. semestr
2013-10-18 16:02 - 2013-10-18 15:46 - 132021998 _____ C:\Users\Hrabo\Desktop\The.Big.Bang.Theory.S07E05.HDTV.x264-LOL.mp4
2013-10-18 16:01 - 2009-11-06 23:10 - 00002675 _____ C:\Users\Hrabo\Desktop\Word 2007.lnk
2013-10-18 14:42 - 2013-10-18 14:36 - 00000000 ____D C:\AdwCleaner
2013-10-18 14:42 - 2009-07-14 18:06 - 00000000 ____D C:\ProgramData\ICQ
2013-10-18 14:36 - 2013-10-18 14:35 - 01050644 _____ C:\Users\Hrabo\Desktop\adwcleaner.exe
2013-10-18 14:34 - 2013-10-18 14:34 - 00003003 _____ C:\Users\Hrabo\Desktop\JRT.txt
2013-10-18 13:53 - 2013-10-18 13:53 - 00000000 ____D C:\Windows\ERUNT
2013-10-18 13:52 - 2013-10-18 13:52 - 01033335 _____ (Thisisu) C:\Users\Hrabo\Desktop\JRT.exe
2013-10-18 09:38 - 2009-11-12 22:52 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-18 09:38 - 2008-01-21 04:47 - 00135140 _____ C:\Windows\PFRO.log
2013-10-17 23:42 - 2008-09-12 23:07 - 00094720 _____ C:\Users\Hrabo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-17 22:54 - 2013-10-17 21:06 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-17 22:54 - 2013-10-17 21:06 - 00000000 ____D C:\Users\Hrabo\Desktop\mbar
2013-10-17 22:47 - 2013-10-17 21:07 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-17 21:05 - 2013-10-17 21:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Hrabo\Desktop\mbar-1.07.0.1007.exe
2013-10-17 21:03 - 2013-10-17 21:03 - 00000000 ____D C:\ProgramData\GFI Software
2013-10-17 21:03 - 2013-10-16 15:24 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-10-17 20:59 - 2009-11-12 22:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-17 20:37 - 2013-02-13 00:16 - 00000000 ____D C:\Program Files\trend micro
2013-10-17 20:36 - 2013-10-17 20:36 - 00781383 _____ C:\Users\Hrabo\Desktop\RSIT.exe
2013-10-17 16:38 - 2013-10-17 16:38 - 00000104 _____ C:\Windows\system32\SBRC.dat
2013-10-17 16:14 - 2013-10-17 16:14 - 00000000 ____D C:\Users\Hrabo\AppData\Roaming\Malwarebytes
2013-10-17 16:13 - 2013-10-17 16:13 - 00000913 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-17 16:13 - 2013-10-17 16:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-17 16:13 - 2013-10-17 16:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-16 16:57 - 2009-02-23 14:27 - 00000000 ____D C:\Users\Hrabo\Desktop\Seriály
2013-10-16 16:40 - 2013-10-16 16:40 - 00001188 _____ C:\Windows\system32\ServiceConfig.xml
2013-10-16 15:25 - 2013-10-16 15:25 - 00000000 ____D C:\Users\Hrabo\AppData\Local\adaware
2013-10-16 15:25 - 2013-10-16 15:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-10-16 15:23 - 2009-12-04 23:21 - 00000000 ____D C:\Users\Hrabo\AppData\Local\Downloaded Installations
2013-10-16 15:16 - 2008-09-12 21:24 - 00000680 _____ C:\Users\Hrabo\AppData\Local\d3d9caps.dat
2013-10-16 13:12 - 2013-10-16 13:12 - 00511488 _____ C:\Users\Hrabo\Downloads\3_GATP.ppt
2013-10-16 11:44 - 2013-10-15 14:12 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2013-10-16 11:41 - 2013-10-15 14:12 - 00000000 ____D C:\ProgramData\PC Tools
2013-10-15 23:04 - 2013-10-15 23:04 - 00000000 ____D C:\Users\Hrabo\AppData\Local\Threat Expert
2013-10-15 20:49 - 2013-10-15 20:49 - 00000000 ____D C:\Users\Hrabo\AppData\Roaming\AVAST Software
2013-10-15 20:37 - 2010-09-01 14:35 - 00001891 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-15 20:33 - 2013-10-15 20:11 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-15 20:33 - 2013-10-15 20:11 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-15 20:33 - 2011-07-01 17:29 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-15 20:33 - 2009-07-03 16:59 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-15 20:33 - 2009-07-03 16:59 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-15 20:33 - 2009-07-03 16:59 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-15 20:33 - 2009-07-03 16:58 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-15 20:32 - 2010-09-01 14:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-15 20:32 - 2009-07-03 16:59 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-10-15 20:32 - 2009-07-03 16:58 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-15 20:14 - 2013-10-15 20:14 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-15 20:10 - 2006-11-02 12:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-15 16:24 - 2009-11-06 23:10 - 00002593 _____ C:\Users\Hrabo\Desktop\PowerPoint 2007.lnk
2013-10-15 16:17 - 2009-11-06 23:10 - 00002589 _____ C:\Users\Hrabo\Desktop\Excel 2007.lnk
2013-10-15 15:35 - 2008-09-24 23:10 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-10-15 14:16 - 2013-10-15 14:16 - 00000000 ____D C:\Program Files\PC Tools
2013-10-15 14:15 - 2013-10-15 14:13 - 02258720 _____ C:\Windows\system32\Drivers\Cat.DB
2013-10-15 14:12 - 2013-10-15 14:12 - 00000000 ____D C:\Users\Hrabo\AppData\Roaming\TestApp
2013-10-14 21:38 - 2013-08-17 19:49 - 00000000 ____D C:\Users\Hrabo\Desktop\Flachau 2013
2013-10-12 18:20 - 2011-04-16 13:39 - 00137464 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2013-10-12 18:19 - 2011-04-16 13:38 - 00214520 _____ C:\Windows\system32\PnkBstrB.exe
2013-10-12 18:19 - 2009-03-04 22:04 - 00214520 _____ C:\Windows\system32\PnkBstrB.xtr
2013-10-09 20:36 - 2013-10-09 14:35 - 17750408 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-10-09 13:36 - 2012-07-30 21:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 13:36 - 2011-06-28 13:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 01:17 - 2012-10-26 18:40 - 00000000 ____D C:\Users\Hrabo\Desktop\Diplomka
2013-10-05 23:54 - 2013-09-28 23:27 - 00009771 _____ C:\Users\Hrabo\Documents\Nejvyšší výhry BWIN.xlsx
2013-10-02 10:55 - 2012-04-26 15:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-01 14:21 - 2010-03-04 17:40 - 00000000 ____D C:\Users\Hrabo\Documents\WORD.ECXEL
2013-09-30 21:29 - 2013-09-30 21:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-29 22:53 - 2013-07-21 22:33 - 00000000 ____D C:\Users\Hrabo\Desktop\FreeRapid-0.9u2
2013-09-28 17:50 - 2008-09-15 22:03 - 00000000 ____D C:\Users\Hrabo\AppData\Roaming\ICQ
2013-09-26 19:50 - 2013-09-26 19:49 - 00139400 _____ C:\Windows\Minidump\Mini092613-01.dmp
2013-09-26 19:49 - 2012-10-11 18:58 - 392592964 _____ C:\Windows\MEMORY.DMP
2013-09-26 19:49 - 2009-02-12 02:45 - 00000000 ____D C:\Windows\Minidump
2013-09-25 12:45 - 2010-06-13 16:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-23 22:51 - 2012-03-15 00:22 - 00001021 _____ C:\Users\Hrabo\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2013-09-23 22:51 - 2012-03-15 00:22 - 00000997 _____ C:\Users\Public\Desktop\GOM Player.lnk
2013-09-23 16:22 - 2009-07-07 15:19 - 00000000 ____D C:\Users\Hrabo\Documents\Photos
2013-09-22 18:34 - 2013-09-22 18:34 - 00139400 _____ C:\Windows\Minidump\Mini092213-01.dmp
2013-09-19 20:16 - 2013-09-19 20:16 - 00139400 _____ C:\Windows\Minidump\Mini091913-02.dmp
2013-09-19 14:00 - 2013-09-19 14:00 - 00139400 _____ C:\Windows\Minidump\Mini091913-01.dmp

Files to move or delete:
====================
C:\Users\Hrabo\AppData\Roaming\desktop.ini

Some content of TEMP:
====================
C:\Users\Hrabo\AppData\Local\Temp\AutoRun.exe
C:\Users\Hrabo\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Hrabo\AppData\Local\Temp\eauninstall.exe
C:\Users\Hrabo\AppData\Local\Temp\GomAudDnInstaller.exe
C:\Users\Hrabo\AppData\Local\Temp\installhelper.dll
C:\Users\Hrabo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Hrabo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Hrabo\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Hrabo\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Hrabo\AppData\Local\Temp\ose00000.exe
C:\Users\Hrabo\AppData\Local\Temp\Quarantine.exe
C:\Users\Hrabo\AppData\Local\Temp\setup.exe
C:\Users\Hrabo\AppData\Local\Temp\SHSetup.exe
C:\Users\Hrabo\AppData\Local\Temp\siinst.exe
C:\Users\Hrabo\AppData\Local\Temp\siuninst.exe
C:\Users\Hrabo\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Hrabo\AppData\Local\Temp\strings.dll
C:\Users\Hrabo\AppData\Local\Temp\The Battle for Middle-earth_uninst.exe
C:\Users\Hrabo\AppData\Local\Temp\_isCE42.exe
C:\Users\Hrabo\AppData\Local\Temp\~3312.exe
C:\Users\Hrabo\AppData\Local\Temp\~EC03.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-19 10:38

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (VistaOS) (Fixed) (Total:149.04 GB) (Free:7.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:139.28 GB) (Free:3.85 GB) NTFS

Available physical RAM: 1359.57 MB
Total physical RAM: 3070.17 MB
Percentage of memory in use: 55%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 298 GB) (Disk ID: 6860E0C3)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000Core.job => C:\Users\Hrabo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000UA.job => C:\Users\Hrabo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{927A7841-FA4F-46DF-81EA-548619EF2CCC}.job => C:\Windows\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Security Center ==================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Hrabo\Desktop" je 31112 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#11 Příspěvek od **vyosek** » 19 říj 2013 10:17

Odinstalujte jeste (a konecne) Ad-Aware a SUPERAntiSpyware

Doporucuji aktualizaci programu - aktualizace Vam pohodlne pohlida programek FileHippo UpdateChecker - staci spustit cca jednou za 14 dni

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Hrabo\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-25] (Google Inc.)
HKCU\...\Run: [] - [x]
MountPoints2: {6b2fe25a-26ee-11df-b365-806e6f6e6963} - setupSNK.exe
MountPoints2: {9bcbcb0d-2c5e-11df-8a60-002243a3fbf4} - H:\LaunchU3.exe -a
MountPoints2: {e1b40566-f288-11e0-87f8-a613b8c0a59f} - G:\SISetup.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Extension: support - C:\Program Files\Mozilla Firefox\extensions\support@daemon-tools.cc

R2 Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2013-01-05] ()

2013-10-19 10:43 - 2013-10-19 10:43 - 00112107 _____ (forum.viry.cz) C:\Users\Hrabo\Desktop\VerzeOS.exe
2013-10-19 10:40 - 2013-10-19 10:40 - 00891167 _____ C:\Users\Hrabo\Desktop\SecurityCheck.exe
2013-10-17 21:06 - 2013-10-17 22:54 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-17 21:06 - 2013-10-17 22:54 - 00000000 ____D C:\Users\Hrabo\Desktop\mbar
2013-10-17 21:05 - 2013-10-17 21:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Hrabo\Desktop\mbar-1.07.0.1007.exe
2013-10-17 21:03 - 2013-10-17 21:03 - 00000000 ____D C:\ProgramData\GFI Software
2013-10-16 15:25 - 2013-10-16 15:25 - 00000000 ____D C:\Users\Hrabo\AppData\Local\adaware
2013-10-16 15:25 - 2013-10-16 15:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-10-16 15:24 - 2013-10-17 21:03 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-10-18 09:38 - 2009-11-12 22:52 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-17 20:59 - 2009-11-12 22:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
C:\Users\Hrabo\AppData\Roaming\desktop.ini
C:\Program Files\Guard-ICQ

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000Core.job => C:\Users\Hrabo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000UA.job => C:\Users\Hrabo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{927A7841-FA4F-46DF-81EA-548619EF2CCC}.job => C:\Windows\system32\msfeedssync.exe

AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

Hosts:
CMD: shutdown /r /f /t 2
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Hrabka · #12 Příspěvek od **Hrabka** » 19 říj 2013 11:58

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Hrabo at 2013-10-19 12:53:08 Run:1
Running from C:\Users\Hrabo\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Hrabo\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-25] (Google Inc.)
HKCU\...\Run: [] - [x]
MountPoints2: {6b2fe25a-26ee-11df-b365-806e6f6e6963} - setupSNK.exe
MountPoints2: {9bcbcb0d-2c5e-11df-8a60-002243a3fbf4} - H:\LaunchU3.exe -a
MountPoints2: {e1b40566-f288-11e0-87f8-a613b8c0a59f} - G:\SISetup.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Extension: support - C:\Program Files\Mozilla Firefox\extensions\support@daemon-tools.cc

R2 Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2013-01-05] ()

2013-10-19 10:43 - 2013-10-19 10:43 - 00112107 _____ (forum.viry.cz) C:\Users\Hrabo\Desktop\VerzeOS.exe
2013-10-19 10:40 - 2013-10-19 10:40 - 00891167 _____ C:\Users\Hrabo\Desktop\SecurityCheck.exe
2013-10-17 21:06 - 2013-10-17 22:54 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-17 21:06 - 2013-10-17 22:54 - 00000000 ____D C:\Users\Hrabo\Desktop\mbar
2013-10-17 21:05 - 2013-10-17 21:05 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Hrabo\Desktop\mbar-1.07.0.1007.exe
2013-10-17 21:03 - 2013-10-17 21:03 - 00000000 ____D C:\ProgramData\GFI Software
2013-10-16 15:25 - 2013-10-16 15:25 - 00000000 ____D C:\Users\Hrabo\AppData\Local\adaware
2013-10-16 15:25 - 2013-10-16 15:25 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-10-16 15:24 - 2013-10-17 21:03 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-10-18 09:38 - 2009-11-12 22:52 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-17 20:59 - 2009-11-12 22:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
C:\Users\Hrabo\AppData\Roaming\desktop.ini
C:\Program Files\Guard-ICQ

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000Core.job => C:\Users\Hrabo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000UA.job => C:\Users\Hrabo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{927A7841-FA4F-46DF-81EA-548619EF2CCC}.job => C:\Windows\system32\msfeedssync.exe

AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

Hosts:
CMD: shutdown /r /f /t 2
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ehTray.exe => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b2fe25a-26ee-11df-b365-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{6b2fe25a-26ee-11df-b365-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bcbcb0d-2c5e-11df-8a60-002243a3fbf4} => Key deleted successfully.
HKCR\CLSID\{9bcbcb0d-2c5e-11df-8a60-002243a3fbf4} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1b40566-f288-11e0-87f8-a613b8c0a59f} => Key deleted successfully.
HKCR\CLSID\{e1b40566-f288-11e0-87f8-a613b8c0a59f} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => Value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA => Key deleted successfully.
C:\Program Files\DNA\plugins\npbtdna.dll => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\support@daemon-tools.cc => Moved successfully.
Guard.Mail.ru => Service deleted successfully.
C:\Users\Hrabo\Desktop\VerzeOS.exe => Moved successfully.
C:\Users\Hrabo\Desktop\SecurityCheck.exe => Moved successfully.
C:\Windows\system32\Drivers\mbamchameleon.sys => Moved successfully.
C:\Users\Hrabo\Desktop\mbar => Moved successfully.
C:\Users\Hrabo\Desktop\mbar-1.07.0.1007.exe => Moved successfully.
C:\ProgramData\GFI Software => Moved successfully.
"C:\Users\Hrabo\AppData\Local\adaware" => File/Directory not found.
"C:\ProgramData\Ad-Aware Browsing Protection" => File/Directory not found.
C:\Program Files\Ad-Aware Antivirus => Moved successfully.
C:\Program Files\Spybot - Search & Destroy => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
C:\Users\Hrabo\AppData\Roaming\desktop.ini => Moved successfully.
C:\Program Files\Guard-ICQ => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3927109529-1046740972-2868666797-1000UA.job => Moved successfully.
C:\Windows\Tasks\User_Feed_Synchronization-{927A7841-FA4F-46DF-81EA-548619EF2CCC}.job => Moved successfully.
C:\ProgramData\Temp => ":430C6D84" ADS removed successfully.
C:\ProgramData\Temp => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

The system needs a manual reboot.

==== End of Fixlog ====

#13 Příspěvek od **vyosek** » 19 říj 2013 12:12

Jak se chova PC

Hrabka · #14 Příspěvek od **Hrabka** » 19 říj 2013 12:43

Stále zpomaleně. Vše trvá nepřirozeně dlouhou dobu než to najede - složky, dokumenty (např. word), videa (měl jsem zapnutý seriál a ten se chvílemi sekal, to mi nedělalo ani předtím), atp.

#15 Příspěvek od **vyosek** » 19 říj 2013 13:24

Udelejte CDI dle kolegy

MiliNess píše:Stáhni CrystalDiskInfo, v nabídce Úpravy zvol Kopírovat a obsah schránky sem vlož pomocí Ctrl+V.

VIRY.CZ

Trojan.Win32.Generic!BT

Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT

Re: Trojan.Win32.Generic!BT