Mozna policejni virus

Zpráva

Mareq · #1 Příspěvek od **Mareq** » 20 říj 2013 09:19

Zdravim,
potreboval bych pomoct s odvirovanim pocitace. Po prihlaseni se neobjevi plocha, ale bila obrazovka (driv pry fotka z webky, takze nejspis nepovedena oprava policejniho viru).

Udelal jsem FRST sken v nouzovem rezimu:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by Sašenka (administrator) on SAŠENKA-PC on 20-10-2013 10:07:19
Running from C:\Users\Sašenka\Desktop
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
(forum.viry.cz) C:\Users\Sašenka\Desktop\FRSTLauncher.exe
(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-16] (Intel Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [accrdsub] - c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [298536 2007-11-28] (ActivIdentity)
HKLM\...\Run: [PTHOSTTR] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [355896 2009-02-12] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] - rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [319000 2008-08-08] (PDF Complete Inc)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [506936 2009-03-10] (Hewlett-Packard)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM\...\Run: [File Sanitizer] - C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11223040 2009-01-14] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177720 2009-02-18] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Software Update] - c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-01-16] (Analog Devices, Inc.)
HKLM\...\Run: [HPCam_Menu] - c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54576 2007-09-04] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928 2010-02-24] (SweetIM Technologies Ltd.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [1461080 2009-10-07] (ESET)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1310720 2008-12-11] (Analog Devices, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2393376 2009-01-10] (Hewlett-Packard Company)
HKCU\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [Google Update] - C:\Users\Sašenka\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-06-24] (Google Inc.)
HKCU\...\Run: [Media Finder] - "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [T-Mobile CManager] - C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2144024 2013-08-26] (Gemfor s.r.o.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Sašenka\AppData\Roaming\cache.dat [70656 2010-10-15] () <==== ATTENTION
MountPoints2: {29d20b00-1afc-11df-a8a7-00247eb14e4e} - setupSNK.exe
MountPoints2: {5665d829-9d55-11e2-96dd-00247eb14e4e} - G:\Autorun.exe
MountPoints2: {5665d837-9d55-11e2-96dd-b5564664cdb6} - G:\Autorun.exe
MountPoints2: {9ba8c2df-c871-11e2-8fa1-00247eb14e4e} - H:\Autorun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [T-Mobile CManager] - C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [ 2013-08-26] (Gemfor s.r.o.)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [T-Mobile CManager] - C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [ 2013-08-26] (Gemfor s.r.o.)
AppInit_DLLs: APSHook.dll [ 2009-01-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTe ... 265e015011
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: BHO_Startup Class - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\SAENKA~1\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{1C5A4B1B-79C6-4104-B119-3ACB63F209C6}: [NameServer]10.111.0.1,62.240.161.226
Tcpip\..\Interfaces\{606ED8A4-6A82-41DA-BB98-E84718B84511}: [NameServer]213.46.172.36,8.8.8.8

Chrome:
=======
CHR HomePage: hxxp://isearch.babylon.com/?affID=117380&tt=4912_6&babsrc=HP_ss&mntrId=4390477900000000000000265e015011
CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=117380&tt=4912_6&babsrc=HP_ss&mntrId=4390477900000000000000265e015011"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Sa\u0161enka\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Sa\u0161enka\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Sa\u0161enka\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Sa\u0161enka\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Pooh and Friends) - C:\Users\SAENKA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aolegcfjoajggppfllcefghiigdkecjh\1_0
CHR Extension: (YouTube) - C:\Users\SAENKA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\SAENKA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (General Crawler) - C:\Users\SAENKA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\SAENKA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\SAENKA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Sašenka\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Sašenka\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Sašenka\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [185896 2007-11-28] (ActivIdentity)
S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
S2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [186640 2009-01-28] (Bioscrypt Inc.)
S2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [149776 2009-01-28] (Bioscrypt Inc.)
S2 ATService; c:\Program Files\Fingerprint Sensor\AtService.exe [1185016 2008-10-03] (AuthenTec, Inc.)
S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [20680 2009-10-07] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [472280 2009-10-07] (ESET)
S2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\bin\fbguard.exe [65536 2007-12-12] (The Firebird Project)
S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\bin\fbserver.exe [1531989 2007-12-12] (The Firebird Project)
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [349432 2008-08-07] (Hewlett-Packard Ltd)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard)
S3 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-02-12] (Hewlett-Packard Development Company, L.P)
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2008-10-02] (SafeBoot International)
S2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2009-01-14] (Hewlett-Packard)
S2 KoopPdfService; C:\Program Files\Kooperativa\Services\KoopPDFServer.exe [447488 2010-05-02] ()
S2 MbnExt; C:\Program Files\T-Mobile\Web'n'walk Manager\MbnExt.dll [414056 2013-08-15] (Gemfor s.r.o.)
S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [777240 2008-08-08] (PDF Complete Inc)
S2 0279091253551052mcinstcleanup; C:\Users\SAENKA~1\AppData\Local\Temp\027909~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [246840 2008-03-08] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [32256 2008-08-06] (Hewlett-Packard Development Company L.P.)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [40824 2009-10-07] (ESET)
S1 easdrv; C:\Windows\System32\DRIVERS\easdrv.sys [54184 2009-10-07] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [73760 2009-10-07] (ESET)
S3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [32072 2009-10-07] (ESET)
S1 epfwtdi; C:\Windows\System32\DRIVERS\epfwtdi.sys [55256 2009-10-07] (ESET)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-21] (Společnost Microsoft)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1081912 2008-01-21] (Společnost Microsoft)
S1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [12528 2008-10-02] (SafeBoot International)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [109216 2008-10-02] (SafeBoot International)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51408 2008-10-02] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [12960 2008-10-02] (SafeBoot International)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-03-26] ()
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249472 2012-04-20] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-20 10:07 - 2013-10-20 10:07 - 00000000 ____D C:\FRST
2013-10-20 10:06 - 2013-10-20 10:06 - 01087515 _____ (Farbar) C:\Users\Sašenka\Desktop\FRST.exe
2013-10-20 10:06 - 2013-10-20 10:06 - 00112128 _____ (forum.viry.cz) C:\Users\Sašenka\Desktop\FRSTLauncher.exe
2013-09-24 19:08 - 2013-10-20 10:02 - 00000004 _____ C:\Users\Sašenka\AppData\Roaming\cache.ini
2013-09-23 22:20 - 2013-09-23 22:41 - 191735072 _____ C:\Users\Sašenka\Downloads\The.Big.Bang.Theory.S06E11.DVDRip.x264-DEMAND.mkv
2013-09-23 21:55 - 2013-09-23 22:08 - 227599953 _____ C:\Users\Sašenka\Downloads\Teorie-velkého-třesku-VI-(10)---Technika-vykuchání-ryby.The-Big-Bang-Theory-S06E10---Technika-vykuchani-ryby.Lovok.DVB-T.x264.mp4

==================== One Month Modified Files and Folders =======

2013-10-20 10:07 - 2013-10-20 10:07 - 00000000 ____D C:\FRST
2013-10-20 10:06 - 2013-10-20 10:06 - 01087515 _____ (Farbar) C:\Users\Sašenka\Desktop\FRST.exe
2013-10-20 10:06 - 2013-10-20 10:06 - 00112128 _____ (forum.viry.cz) C:\Users\Sašenka\Desktop\FRSTLauncher.exe
2013-10-20 10:02 - 2013-09-24 19:08 - 00000004 _____ C:\Users\Sašenka\AppData\Roaming\cache.ini
2013-10-20 10:02 - 2009-09-15 17:40 - 01786275 _____ C:\windows\WindowsUpdate.log
2013-10-20 10:02 - 2009-09-15 17:40 - 00002140 _____ C:\windows\bthservsdp.dat
2013-10-20 10:02 - 2006-11-02 14:58 - 00032616 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-20 10:02 - 2006-11-02 14:58 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-20 10:01 - 2011-01-13 22:25 - 00000000 ____D C:\Users\Sašenka\AppData\Roaming\Skype
2013-10-20 09:59 - 2006-11-02 14:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 09:59 - 2006-11-02 14:45 - 00003216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 09:41 - 2009-06-22 12:28 - 00000000 ____D C:\ProgramData\PDFC
2013-09-24 20:53 - 2012-06-24 13:12 - 00000970 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004UA.job
2013-09-24 20:53 - 2012-06-24 13:12 - 00000918 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004Core.job
2013-09-24 18:59 - 2012-06-24 13:13 - 00002052 _____ C:\Users\Sašenka\Desktop\Google Chrome.lnk
2013-09-24 18:56 - 2012-06-21 20:17 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-23 22:41 - 2013-09-23 22:20 - 191735072 _____ C:\Users\Sašenka\Downloads\The.Big.Bang.Theory.S06E11.DVDRip.x264-DEMAND.mkv
2013-09-23 22:08 - 2013-09-23 21:55 - 227599953 _____ C:\Users\Sašenka\Downloads\Teorie-velkého-třesku-VI-(10)---Technika-vykuchání-ryby.The-Big-Bang-Theory-S06E10---Technika-vykuchani-ryby.Lovok.DVB-T.x264.mp4
2013-09-23 21:52 - 2011-01-13 22:25 - 00000000 ___RD C:\Program Files\Skype
2013-09-23 21:52 - 2011-01-13 22:25 - 00000000 ____D C:\ProgramData\Skype
2013-09-23 20:56 - 2012-06-21 20:17 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-23 20:56 - 2011-07-15 21:13 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 20:09 - 2006-11-02 12:33 - 01541174 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-23 20:05 - 2006-11-02 14:49 - 00289551 _____ C:\windows\setupact.log

Files to move or delete:
====================
C:\Users\Sašenka\AppData\Roaming\cache.dat
C:\Users\Sašenka\AppData\Roaming\cache.ini

Some content of TEMP:
====================
C:\Users\Sašenka\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe
C:\Users\Sašenka\AppData\Local\Temp\abd2bca3e572e998a09f73c81b93454a.exe
C:\Users\Sašenka\AppData\Local\Temp\AskInstallChecker.exe
C:\Users\Sašenka\AppData\Local\Temp\AskToolbarInstaller.exe
C:\Users\Sašenka\AppData\Local\Temp\AutoFix.exe
C:\Users\Sašenka\AppData\Local\Temp\DelayInst.exe
C:\Users\Sašenka\AppData\Local\Temp\HPQSi.exe
C:\Users\Sašenka\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Sašenka\AppData\Local\Temp\installservice.exe
C:\Users\Sašenka\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Sašenka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Sašenka\AppData\Local\Temp\NSISPromotion.dll
C:\Users\Sašenka\AppData\Local\Temp\setup_EOC_einstein_v280.exe
C:\Users\Sašenka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sašenka\AppData\Local\Temp\svicqyvggjcfmwylgujkvqk.exe
C:\Users\Sašenka\AppData\Local\Temp\SWFXXLRT.DLL
C:\Users\Sašenka\AppData\Local\Temp\vpnclient_setup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:454.76 GB) (Free:196.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:10 GB) (Free:1.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1 GB) (Free:0.97 GB) FAT32
Drive g: () (Removable) (Total:1.89 GB) (Free:1.89 GB) FAT32

Available physical RAM: 2465.73 MB
Total physical RAM: 3035.27 MB
Percentage of memory in use: 18%

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004Core.job => C:\Users\Saaenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004UA.job => C:\Users\Saaenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\User_Feed_Synchronization-{F1E478D5-3E44-47D1-B4D4-C7B61318DB89}.job => C:\windows\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:BAEDC81B
AlternateDataStreams: C:\Users\Sašenka\Downloads\zprava_3769.eml:OECustomProperty

==================== Security Center ==================

AV: ESET Smart Security 3.0 (Enabled - Out of date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET Smart Security 3.0 (Enabled - Out of date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {F3340042-195E-BB41-42D1-CDB495BB46DE}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Sa�enka\Desktop" je 121259 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001

==================== End Of Log ==============================

Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013
Ran by Sašenka at 2013-10-20 10:09:08
Running from C:\Users\Sašenka\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Security Center ========================

AV: ESET Smart Security 3.0 (Enabled - Out of date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET Smart Security 3.0 (Enabled - Out of date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {F3340042-195E-BB41-42D1-CDB495BB46DE}

==================== Installed Programs ======================

ActivClient 6.1 x86 (Version: 6.1.100)
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0)
Activision(R) (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader 9.1.3 - Czech (Version: 9.1.3)
Adresní modul UIR-ADR
Agere Systems HDA Modem
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.710.0)
AuthenTec Fingerprint System (Version: 8.0.200.33)
Bing Bar (Version: 7.0.850.0)
BIOS Configuration for HP ProtectTools (Version: 4.00 C1)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.10.91.8)
BS.Player FREE (Version: 2.34.980)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0203.2228.40314)
Catalyst Control Center Graphics Full Existing (Version: 2009.0203.2228.40314)
Catalyst Control Center Graphics Full New (Version: 2009.0203.2228.40314)
Catalyst Control Center Graphics Light (Version: 2009.0203.2228.40314)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0203.2228.40314)
Catalyst Control Center InstallProxy (Version: 2009.0203.2228.40314)
Catalyst Control Center Localization All (Version: 2009.0203.2228.40314)
CCC Help Czech (Version: 2009.0203.2227.40314)
CCC Help Danish (Version: 2009.0203.2227.40314)
CCC Help Dutch (Version: 2009.0203.2227.40314)
CCC Help English (Version: 2009.0203.2227.40314)
CCC Help Finnish (Version: 2009.0203.2227.40314)
CCC Help French (Version: 2009.0203.2227.40314)
CCC Help German (Version: 2009.0203.2227.40314)
CCC Help Greek (Version: 2009.0203.2227.40314)
CCC Help Hungarian (Version: 2009.0203.2227.40314)
CCC Help Chinese Standard (Version: 2009.0203.2227.40314)
CCC Help Chinese Traditional (Version: 2009.0203.2227.40314)
CCC Help Italian (Version: 2009.0203.2227.40314)
CCC Help Japanese (Version: 2009.0203.2227.40314)
CCC Help Korean (Version: 2009.0203.2227.40314)
CCC Help Norwegian (Version: 2009.0203.2227.40314)
CCC Help Polish (Version: 2009.0203.2227.40314)
CCC Help Portuguese (Version: 2009.0203.2227.40314)
CCC Help Russian (Version: 2009.0203.2227.40314)
CCC Help Spanish (Version: 2009.0203.2227.40314)
CCC Help Swedish (Version: 2009.0203.2227.40314)
CCC Help Thai (Version: 2009.0203.2227.40314)
CCC Help Turkish (Version: 2009.0203.2227.40314)
ccc-core-static (Version: 2009.0203.2228.40314)
ccc-utility (Version: 2009.0203.2228.40314)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.6)
Clayside 1.01 (HKCU Version: 1.01)
Codec Pack - All In 1 6.0.3.0
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Credential Manager for HP ProtectTools (Version: 4.0.14.1259.36)
Dáma 2
Der Schatz des Pharao XXL
Device Access Manager for HP ProtectTools (Version: 3.0.0.12)
Drive Encryption for HP ProtectTools (Version: 4.0.14)
DVD Shrink 3.2
Einstein - program pro poradce (Version: v2.80)
ESET Smart Security (Version: 3.0.695.0)
ESU for Microsoft Vista SP1 (Version: 2.00.1.1)
File Sanitizer For HP ProtectTools (Version: 1.0.1.3)
Firebird 1.5.5
FreeDVD Codec Installer Version 1.0
FreeDVD Codec Installer Version 1.0 (C:\Program Files\CodecInstaller\)
GOM Player
Google Chrome (HKCU Version: 29.0.1547.76)
Graph 3.1.5
HP 3D DriveGuard (Version: 3.10 D2)
HP Active Support Library (Version: 3.1.10.1)
HP Common Access Service Library (Version: 2.0.6.1)
HP Help and Support (Version: 2.1.3.0)
HP JavaCard for HP ProtectTools (Version: 04.00.10.0006)
HP ProtectTools Security Manager (Version: 4.00 J6)
HP ProtectTools Security Manager Suite (Version: 04.00.10.0006)
HP Quick Launch Buttons (Version: 6.40 N1)
HP QuickLook 2 (Version: 2.0.0.12)
HP Software Setup 5.00.A.9 (Version: 5.00.A.9)
HP Update (Version: 4.000.013.003)
HP User Guides 0136 (Version: 1.01.0000)
HP Wallpaper (Version: 1.0.1.6)
HP Webcam (Version: 1.0.2710)
HP Webcam Driver (Version: 5.8.50004.1)
HP Wireless Assistant (Version: 3.50.5.1)
HPAsset component for HP Active Support Library (Version: 2.0.64.3)
HPNetworkAssistant (Version: 1.1.70)
Huawei Drivers (Version: 4.25.00.00)
HuffYUV AVI v2.11 lossless video codec
Hypoteční kalkulačka (Version: 1.0.0)
Changes
Ice Age(TM) 4 - Continental Drift - Arctic Games Demo (Version: 1.00.0000)
ICQ7.2 (Version: 7.2)
Indeo® XP Software
Intel® Matrix Storage Manager
InterBase 6 Client Open Edition - 6.0.2.0
ISOS 3.3.8 (Externí síť, XP/Vista)
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.5.1)
Java(TM) 6 Update 26 (Version: 6.0.260)
JOS - WEPOS
Junk Mail filter update (Version: 14.0.8089.726)
Kodek 0.16 CZ (Version: 0.16)
LightScribe System Software (Version: 1.17.151.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - csy (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Modelová hypotéka
Moorhuhn 2 V1.1
Moorhuhn 3
Moorhuhn Invasion Vollversion
Moorhuhn Kart 2 XXL
Moorhuhn Kart Extra XXL
Moorhuhn Kart XXL
Moorhuhn Mah-Jongg (Version: 1.00.0000)
Moorhuhn Pinball XXL
Moorhuhn Piraten (Version: 1.00.0000)
Moorhuhn Remake (Version: 1.00.0000)
Moorhuhn Soccer (Version: 1.00.0000)
Moorhuhn Tennis
Moorhuhn Wanted XXL
Moorhuhn Winter-Edition
Moorhuhn X - XXL
Moorhuhnjagd
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nástroj pro odesílání služby Windows Live (Version: 14.0.8014.1029)
Ogg Vorbis ACM Codec
OLYMPUS Master 2 (Version: 1.0.6)
Opera 12.00 (Version: 12.00.1467)
PDF Complete (Version: 3.5.57)
Pomocník pro přihlášení ke službě Windows Live ID (Version: 6.500.3165.0)
Poradce - makléř FAC, verze 1.26/1 (Version: 1.26/1)
QuickTime Alternative 2.8.0 (Version: 2.8.0)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Business (Version: 10.1)
Roxio Creator Business v10 (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.1.048)
scilab-5.3.3
Schatzjäger
Skins (Version: 2009.0203.2228.40314)
Skype Toolbars (Version: 5.0.4137)
Skype™ 6.7 (Version: 6.7.102)
Software Bluetooth WIDCOMM (Version: 6.2.0.8000)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SoundMAX (Version: 6.10.1.7240)
Stellarium 0.10.4
Sven - Gut zu Vögeln (Version: 1.00.0000)
Sven 004 XXL
Sven 2 XXL
Sven Bomwollen (Version: 1.00.0000)
Sven Kommt (Version: 1.00.0000)
Sven XXX - XXL
SweetIM for Messenger 3.0 (Version: 3.0.0004)
SweetIM Toolbar for Internet Explorer 3.6 (Version: 3.6.0009)
Synaptics Pointing Device Driver (Version: 12.2.2.0)
T-Mobile Internet Manager (Version: 2013-08-26@2013-08-15)
TNod User & Password Finder (Version: 1.4.0.15)
Total Commander (Remove or Repair)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Vista Default Settings (Version: 2.0.1.1)
VLC media player 0.9.9 (Version: 0.9.9)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live Zabezpečení rodiny (Version: 14.0.8093.805)
WinRAR
X264 H.264/AVC Video Codec (remove only)
Xvid CZ 1.01 (Version: 1.01)
Zoner Photo Studio 10

==================== Restore Points =========================

10-05-2013 08:13:38 Windows Update
11-05-2013 11:22:17 Naplánovaný kontrolní bod
12-05-2013 09:23:34 Naplánovaný kontrolní bod
13-05-2013 08:46:37 Naplánovaný kontrolní bod
16-05-2013 08:13:28 Windows Update
17-05-2013 15:21:50 Windows Update
17-05-2013 15:30:09 Windows Update
22-05-2013 18:39:36 Windows Update
27-05-2013 05:52:42 Windows Update
28-05-2013 08:03:53 Windows Update
03-06-2013 09:45:27 Windows Update
07-06-2013 13:51:50 Windows Update
09-06-2013 08:06:45 Naplánovaný kontrolní bod
10-06-2013 09:03:15 Naplánovaný kontrolní bod
13-06-2013 13:49:20 Windows Update
14-06-2013 07:21:17 Windows Update
14-06-2013 11:59:29 Windows Update
18-06-2013 19:01:46 Windows Update
03-07-2013 06:39:50 Windows Update
22-08-2013 18:53:38 Windows Update
23-08-2013 16:04:56 Windows Update
23-08-2013 16:13:28 Windows Update
24-08-2013 11:09:11 Naplánovaný kontrolní bod
30-08-2013 14:04:36 Windows Update
14-09-2013 07:16:21 Windows Update
15-09-2013 08:01:34 Windows Update
15-09-2013 08:14:07 Windows Update
16-09-2013 21:06:22 Naplánovaný kontrolní bod
23-09-2013 18:28:43 Windows Update
24-09-2013 16:25:02 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {15E87A62-CEA4-4C3A-B497-D1E85D5C4028} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004Core => C:\Users\Sašenka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-24] (Google Inc.)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1A08B9C6-E8F7-4DB8-8BCC-5BFF55FC3A9C} - System32\Tasks\{5DAA4A0D-54B5-4B4C-8B90-4DD5F743DE4A} => C:\Program Files\Skype\\Phone\Skype.exe [2013-07-25] (Skype Technologies S.A.)
Task: {3768599B-CB82-49BE-8C82-21156B7B13DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {6D7609BB-A95F-4B29-8D88-6C5A9DB9593E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-23] (Adobe Systems Incorporated)
Task: {7A4EDB56-4F65-40DA-8B00-9F099A0043F0} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Společnost Microsoft)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9DB01514-C8FF-47EF-AB73-6739270F857B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004UA => C:\Users\Sašenka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-24] (Google Inc.)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {ABB326A2-0B4E-4F23-B8EE-F423E628E895} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2008-01-21] (Microsoft Corporation)
Task: {B8E5CA02-B196-4484-AA7B-9A6DFED273C5} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04] (Hewlett-Packard)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004Core.job => C:\Users\Saaenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004UA.job => C:\Users\Saaenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\User_Feed_Synchronization-{F1E478D5-3E44-47D1-B4D4-C7B61318DB89}.job => C:\windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2009-09-16 19:39 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2009-09-16 19:39 - 2008-10-11 22:18 - 00319488 _____ () C:\Program Files\WinRAR\rarlng.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:BAEDC81B
AlternateDataStreams: C:\Users\Sašenka\Downloads\zprava_3769.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2013 10:05:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 10:04:47 AM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/20/2013 09:59:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 09:59:17 AM) (Source: Application Error) (User: )
Description: Chybující aplikace Explorer.EXE, verze 6.0.6001.18164, časové razítko 0x4907e242, chybující modul ntdll.dll, verze 6.0.6001.22777, časové razítko 0x4cb72ffe, kód výjimky 0xc0000420, posun chyby 0x000b0fb4,
ID procesu 0xa70, čas spuštění aplikace 0xExplorer.EXE0.

Error: (10/20/2013 09:54:47 AM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/20/2013 09:52:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 09:49:08 AM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/20/2013 09:41:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 09:41:08 AM) (Source: Application Error) (User: )
Description: Chybující aplikace Explorer.EXE, verze 6.0.6001.18164, časové razítko 0x4907e242, chybující modul ntdll.dll, verze 6.0.6001.22777, časové razítko 0x4cb72ffe, kód výjimky 0xc0000005, posun chyby 0x0006590f,
ID procesu 0xb28, čas spuštění aplikace 0xExplorer.EXE0.

Error: (09/24/2013 08:14:24 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/m ... stl.cabPři ověření se systémovými hodinami nebo časovým razítkem podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

System errors:
=============
Error: (10/20/2013 10:05:32 AM) (Source: Service Control Manager) (User: )
Description: Služba seznamu sítíSledování umístění v síti (NLA)%%1068

Error: (10/20/2013 10:05:25 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/20/2013 10:05:22 AM) (Source: Service Control Manager) (User: )
Description: Služba seznamu sítíSledování umístění v síti (NLA)%%1068

Error: (10/20/2013 10:05:20 AM) (Source: Service Control Manager) (User: )
Description: Služba seznamu sítíSledování umístění v síti (NLA)%%1068

Error: (10/20/2013 10:05:20 AM) (Source: Service Control Manager) (User: )
Description: Služba seznamu sítíSledování umístění v síti (NLA)%%1068

Error: (10/20/2013 10:05:20 AM) (Source: Service Control Manager) (User: )
Description: AFD
DfsC
easdrv
epfwtdi
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
RsvLock
Smb
spldr
Tcpip
tdx
Wanarpv6

Error: (10/20/2013 10:05:20 AM) (Source: Service Control Manager) (User: )
Description: Služba seznamu sítíSledování umístění v síti (NLA)%%1068

Error: (10/20/2013 10:05:20 AM) (Source: Service Control Manager) (User: )
Description: TCP/IP Registry CompatibilityOvladač protokolu TCP/IP%%31

Error: (10/20/2013 10:05:20 AM) (Source: Service Control Manager) (User: )
Description: Sledování umístění v síti (NLA)Ovladač protokolu TCP/IP%%31

Error: (10/20/2013 10:05:20 AM) (Source: Service Control Manager) (User: )
Description: Pomocník IPSlužba rozhraní síťového úložiště%%1068

Microsoft Office Sessions:
=========================
Error: (10/20/2013 10:05:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 10:04:47 AM) (Source: EventSystem)(User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/20/2013 09:59:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 09:59:17 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6001.181644907e242ntdll.dll6.0.6001.227774cb72ffec0000420000b0fb4a7001cecd6a3fd110ad

Error: (10/20/2013 09:54:47 AM) (Source: EventSystem)(User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/20/2013 09:52:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 09:49:08 AM) (Source: EventSystem)(User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/20/2013 09:41:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/20/2013 09:41:08 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.0.6001.181644907e242ntdll.dll6.0.6001.227774cb72ffec00000050006590fb2801cecd67b6d01ae3

Error: (09/24/2013 08:14:24 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/m ... stl.cabPři ověření se systémovými hodinami nebo časovým razítkem podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

CodeIntegrity Errors:
===================================
Date: 2013-10-20 10:08:25.562
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 10:08:25.406
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 10:08:25.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 10:08:25.078
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 10:08:24.938
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 10:08:24.766
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 10:08:24.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 10:08:24.438
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-12 22:00:24.920
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-12 22:00:24.730
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3035.27 MB
Available physical RAM: 2465.73 MB
Total Pagefile: 6272.79 MB
Available Pagefile: 5911.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:454.76 GB) (Free:196.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:10 GB) (Free:1.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1 GB) (Free:0.97 GB) FAT32
Drive g: () (Removable) (Total:1.89 GB) (Free:1.89 GB) FAT32

#2 Příspěvek od **vyosek** » 20 říj 2013 09:21

Zdravim a pekny den preji
Vas log se studuje Obrázek

a pracuje se na nem Obrázek

.
Prosim o strpeni! Obrázek

#3 Příspěvek od **vyosek** » 20 říj 2013 09:25

Antivir od ESETu je uz hooodne zastaraly, predpokladam, ze legalni (= zakoupena licence) nebude, je tak??

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [] - [x]
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [319000 2008-08-08] (PDF Complete Inc)
HKLM\...\Run: [HP Software Update] - c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54576 2007-09-04] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928 2010-02-24] (SweetIM Technologies Ltd.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKCU\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [Google Update] - C:\Users\Sašenka\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-06-24] (Google Inc.)
HKCU\...\Run: [Media Finder] - "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Sašenka\AppData\Roaming\cache.dat [70656 2010-10-15] () <==== ATTENTION
MountPoints2: {29d20b00-1afc-11df-a8a7-00247eb14e4e} - setupSNK.exe
MountPoints2: {5665d829-9d55-11e2-96dd-00247eb14e4e} - G:\Autorun.exe
MountPoints2: {5665d837-9d55-11e2-96dd-b5564664cdb6} - G:\Autorun.exe
MountPoints2: {9ba8c2df-c871-11e2-8fa1-00247eb14e4e} - H:\Autorun.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=117380&tt=4912_6&babsrc=SP_ss&mntrId=4390477900000000000000265e015011
BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\SAENKA~1\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL ()
BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

CHR HomePage: hxxp://isearch.babylon.com/?affID=11738 ... 265e015011
CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=117380&tt=4912_6&babsrc=HP_ss&mntrId=4390477900000000000000265e015011"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Sašenka\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Sašenka\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx

S2 0279091253551052mcinstcleanup; C:\Users\SAENKA~1\AppData\Local\Temp\027909~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service

C:\Users\Sašenka\AppData\Roaming\cache.dat
C:\Users\Sašenka\AppData\Roaming\cache.ini
C:\Users\Sašenka\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe
C:\Users\Sašenka\AppData\Local\Temp\abd2bca3e572e998a09f73c81b93454a.exe
C:\Users\Sašenka\AppData\Local\Temp\AskInstallChecker.exe
C:\Users\Sašenka\AppData\Local\Temp\AskToolbarInstaller.exe
C:\Users\Sašenka\AppData\Local\Temp\AutoFix.exe
C:\Users\Sašenka\AppData\Local\Temp\DelayInst.exe
C:\Users\Sašenka\AppData\Local\Temp\HPQSi.exe
C:\Users\Sašenka\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Sašenka\AppData\Local\Temp\installservice.exe
C:\Users\Sašenka\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Sašenka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Sašenka\AppData\Local\Temp\NSISPromotion.dll
C:\Users\Sašenka\AppData\Local\Temp\setup_EOC_einstein_v280.exe
C:\Users\Sašenka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sašenka\AppData\Local\Temp\svicqyvggjcfmwylgujkvqk.exe
C:\Users\Sašenka\AppData\Local\Temp\SWFXXLRT.DLL
C:\Users\Sašenka\AppData\Local\Temp\vpnclient_setup.exe

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004Core.job => C:\Users\Saaenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004UA.job => C:\Users\Saaenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\User_Feed_Synchronization-{F1E478D5-3E44-47D1-B4D4-C7B61318DB89}.job => C:\windows\system32\msfeedssync.exe

AlternateDataStreams: C:\ProgramData\Temp:BAEDC81B
AlternateDataStreams: C:\Users\Sašenka\Downloads\zprava_3769.eml:OECustomProperty

Hosts:

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Mareq · #4 Příspěvek od **Mareq** » 20 říj 2013 09:31

Je to notebook kamaradky, takze nevim jaky ma (ne)legalni programy - klidne ho odinstaluju, jestli ma licenci, tak si ho pak muze vratit. I kdyz samozrejme chapu, ze jsem to sem postnul ja - ale alespon legalni Windows jsem si overoval

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-10-2013
Ran by Sašenka at 2013-10-20 10:27:47 Run:1
Running from C:\Users\Sašenka\Desktop
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [] - [x]
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [319000 2008-08-08] (PDF Complete Inc)
HKLM\...\Run: [HP Software Update] - c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54576 2007-09-04] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe [111928 2010-02-24] (SweetIM Technologies Ltd.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKCU\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [Google Update] - C:\Users\Sašenka\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-06-24] (Google Inc.)
HKCU\...\Run: [Media Finder] - "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Sašenka\AppData\Roaming\cache.dat [70656 2010-10-15] () <==== ATTENTION
MountPoints2: {29d20b00-1afc-11df-a8a7-00247eb14e4e} - setupSNK.exe
MountPoints2: {5665d829-9d55-11e2-96dd-00247eb14e4e} - G:\Autorun.exe
MountPoints2: {5665d837-9d55-11e2-96dd-b5564664cdb6} - G:\Autorun.exe
MountPoints2: {9ba8c2df-c871-11e2-8fa1-00247eb14e4e} - H:\Autorun.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTe ... 265e015011
BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\SAENKA~1\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL ()
BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

CHR HomePage: hxxp://isearch.babylon.com/?affID=11738 ... 265e015011
CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=117380&tt=4912_6&babsrc=HP_ss&mntrId=4390477900000000000000265e015011"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Sašenka\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Sašenka\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx

S2 0279091253551052mcinstcleanup; C:\Users\SAENKA~1\AppData\Local\Temp\027909~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service

C:\Users\Sašenka\AppData\Roaming\cache.dat
C:\Users\Sašenka\AppData\Roaming\cache.ini
C:\Users\Sašenka\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe
C:\Users\Sašenka\AppData\Local\Temp\abd2bca3e572e998a09f73c81b93454a.exe
C:\Users\Sašenka\AppData\Local\Temp\AskInstallChecker.exe
C:\Users\Sašenka\AppData\Local\Temp\AskToolbarInstaller.exe
C:\Users\Sašenka\AppData\Local\Temp\AutoFix.exe
C:\Users\Sašenka\AppData\Local\Temp\DelayInst.exe
C:\Users\Sašenka\AppData\Local\Temp\HPQSi.exe
C:\Users\Sašenka\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Sašenka\AppData\Local\Temp\installservice.exe
C:\Users\Sašenka\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Sašenka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Sašenka\AppData\Local\Temp\NSISPromotion.dll
C:\Users\Sašenka\AppData\Local\Temp\setup_EOC_einstein_v280.exe
C:\Users\Sašenka\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sašenka\AppData\Local\Temp\svicqyvggjcfmwylgujkvqk.exe
C:\Users\Sašenka\AppData\Local\Temp\SWFXXLRT.DLL
C:\Users\Sašenka\AppData\Local\Temp\vpnclient_setup.exe

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004Core.job => C:\Users\Saaenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004UA.job => C:\Users\Saaenka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\User_Feed_Synchronization-{F1E478D5-3E44-47D1-B4D4-C7B61318DB89}.job => C:\windows\system32\msfeedssync.exe

AlternateDataStreams: C:\ProgramData\Temp:BAEDC81B
AlternateDataStreams: C:\Users\Sašenka\Downloads\zprava_3769.eml:OECustomProperty

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PDF Complete => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\OM2_Monitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\OM2_Monitor => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Media Finder => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29d20b00-1afc-11df-a8a7-00247eb14e4e} => Key deleted successfully.
HKCR\CLSID\{29d20b00-1afc-11df-a8a7-00247eb14e4e} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5665d829-9d55-11e2-96dd-00247eb14e4e} => Key deleted successfully.
HKCR\CLSID\{5665d829-9d55-11e2-96dd-00247eb14e4e} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5665d837-9d55-11e2-96dd-b5564664cdb6} => Key deleted successfully.
HKCR\CLSID\{5665d837-9d55-11e2-96dd-b5564664cdb6} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba8c2df-c871-11e2-8fa1-00247eb14e4e} => Key deleted successfully.
HKCR\CLSID\{9ba8c2df-c871-11e2-8fa1-00247eb14e4e} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
Default URLSearchHook was restored successfully .
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} => Key deleted successfully.
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Value deleted successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.
CHR HomePage: hxxp://isearch.babylon.com/?affID=11738 ... 265e015011 ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=117380&tt=4912_6&babsrc=HP_ss&mntrId=4390477900000000000000265e015011" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel => Key deleted successfully.
C:\Users\Sašenka\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai => Key deleted successfully.
"C:\Users\Sašenka\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx" => File/Directory not found.
0279091253551052mcinstcleanup => Service deleted successfully.
C:\Users\Sašenka\AppData\Roaming\cache.dat => Moved successfully.
C:\Users\Sašenka\AppData\Roaming\cache.ini => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\0a50e25a83046228c11dcaa7eeed09bb.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\abd2bca3e572e998a09f73c81b93454a.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\AskInstallChecker.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\AskToolbarInstaller.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\AutoFix.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\DelayInst.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\HPQSi.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\IcqUpdater.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\installservice.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\NSISPromotion.dll => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\setup_EOC_einstein_v280.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\svicqyvggjcfmwylgujkvqk.exe => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\SWFXXLRT.DLL => Moved successfully.
C:\Users\Sašenka\AppData\Local\Temp\vpnclient_setup.exe => Moved successfully.
C:\windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004Core.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4002735193-2770088978-537202848-1004UA.job => Moved successfully.
C:\windows\Tasks\User_Feed_Synchronization-{F1E478D5-3E44-47D1-B4D4-C7B61318DB89}.job => Moved successfully.
C:\ProgramData\Temp => ":BAEDC81B" ADS removed successfully.
C:\Users\Sašenka\Downloads\zprava_3769.eml => ":OECustomProperty" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

#5 Příspěvek od **vyosek** » 20 říj 2013 10:23

Odinstalujte ESET, naistalujte Avast Free nebo BitDefender Free

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

Ulozte nejlepe na Plochu
Spustte tradicne dvouklikem a postupujte dle pokynu utility
Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

Stahnete WIGI http://tigzy.geekstogo.com/Tools/WhyIGotInfected.exe

Pokud pouzivate Win Vista ci W7, kliknete na WIGI pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Scan
Po dokonceni scanu (obdelnik vedle bude cely zeleny) kliknete na Report
Otevre se log, ten sem vlozte

Mareq · #6 Příspěvek od **Mareq** » 20 říj 2013 11:05

Jrt.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Windows Vista (TM) Home Basic x86
Ran by Saçenka on ne 20.10.2013 at 11:42:49,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetie.ietoolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetie.ietoolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetim_urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\toolbar3.sweetie
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\toolbar3.sweetie.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mediafinder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\download with &media finder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4002735193-2770088978-537202848-1004\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\gencrawler_gc.gencrawler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\sweetim.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{cd95d125-2992-4858-b3ef-5f6fb52fbad6}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\Users\Saçenka\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Saçenka\AppData\Roaming\media finder"
Successfully deleted: [Folder] "C:\Users\Saçenka\appdata\locallow\sweetim"
Successfully deleted: [Folder] "C:\Program Files\sweetim"

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Saçenka\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 20.10.2013 at 11:47:07,18
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wigireport.txt
WhyIGotInfected 1.8.0.0(by Tigzy)
********************************

Run : 20.10.2013 11:58:47 [Normal Mode]
Machine : SAŠENKA-PC (2 CPUs) [Sašenka : ADMIN]
OS: Windows Vista Service Pack 1 (x86)

~~ Plugins check: ~~

XXXXXXXX [Windows Vista Service Pack 1] Current : Service Pack 1 -- Latest : ERROR
XXXXXXXX [Internet Explorer] Current : 8.0.6001.19088 -- Latest : ERROR
XXXXXXXX [Java] Current : 1.6.0_26 -- Latest : ERROR
XXXXXXXX [Adobe Reader] Current : 9 -- Latest : ERROR
XXXXXXXX [Adobe Flash] Current : 11.8.800.175 -- Latest : ERROR
XXXXXXXX [Adobe Flash ActiveX] Current : 11.8.800.175 -- Latest : ERROR
XXXXXXXX [Adobe Flash FF Plugin] Current : 11.8.800.168 -- Latest : ERROR

Finished
<C:\Users\Sašenka\Desktop\WIGIReport[0].txt>
WIGIReport[0].txt

checkup.txt
Results of screen317's Security Check version 0.99.74
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 26
HP JavaCard for HP ProtectTools
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 29.0.1547.66
Google Chrome 29.0.1547.76
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

ADW-R.txt
# AdwCleaner v3.009 - Report created 20/10/2013 at 11:47:39
# Updated 19/10/2013 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
# Username : Sašenka - SAŠENKA-PC
# Running from : C:\Users\Sašenka\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found C:\Users\Sašenka\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Uniblue\DriverScanner
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Found : HKLM\Software\Uniblue\DriverScanner

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088

-\\ Google Chrome v

[ File : C:\Users\Sašenka\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup
Found : homepage
Found : urls_to_restore_on_startup
Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9719 octets] - [20/10/2013 11:47:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9779 octets] ##########

ADW-S.txt
# AdwCleaner v3.009 - Report created 20/10/2013 at 11:49:43
# Updated 19/10/2013 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
# Username : Sašenka - SAŠENKA-PC
# Running from : C:\Users\Sašenka\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Users\Sašenka\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Uniblue\DriverScanner
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088

-\\ Google Chrome v

[ File : C:\Users\Sašenka\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9859 octets] - [20/10/2013 11:47:39]
AdwCleaner[S0].txt - [9748 octets] - [20/10/2013 11:49:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9808 octets] ##########

#7 Příspěvek od **vyosek** » 20 říj 2013 11:20

Ten Avast tam stale neni, nedelate kroky ("ukoly") tak jak je pisu - ja si je tam nestrilim jen tak jak se mi zachce, ale ve smysluplnem poradi

Nainstalujte veskere aktualizace pres Windows Update - system je hoodne zastaraly

Udelejte aktualizaci programu - aktualizace Vam pohodlne pohlida programek FileHippo UpdateChecker - staci spustit cca jednou za 14 dni

Az bude vse hotovo, tak dejte novy log z RSIT

Mareq · #8 Příspěvek od **Mareq** » 20 říj 2013 13:15

- Instalace SP2 hlasila chyby a pak z Win Update uplne zmizela
- Avast jsem doinstaloval, omlouvam se, ze jsem ho predtim preskocil
- Aktualizoval jsem dulezite programy (ruzne pofiderni prehravace odinstaluju, takze nema smysl aktualizovat)

RSIT.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sašenka at 2013-10-20 14:10:19
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 269 GB (58%) free of 466 GB
Total RAM: 3035 MB (61% free)

HijackThis download failed

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
BHO_Startup Class - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-01-14 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-20 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-10-20 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-20 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2009-01-28 98064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-10-20 606544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-12-16 186904]
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-11-28 298536]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2009-02-12 355896]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2009-01-28 24848]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-03-10 506936]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04 75016]
"File Sanitizer"=C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2009-01-14 11223040]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-02-18 177720]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2009-01-16 3866624]
"HPCam_Menu"=c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-12-11 1310720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-10-20 3567800]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-09-05 958576]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-01-10 2393376]
"T-Mobile CManager"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2013-10-15 2148120]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
VPN Client.lnk - C:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\windows\system32\DeviceNP.dll [2008-08-07 69632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\windows\System32\Notepad.exe %1
.js - open - C:\windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2013-10-20 14:10:19 ----D---- C:\rsit
2013-10-20 14:10:19 ----D---- C:\Program Files\trend micro
2013-10-20 14:09:37 ----D---- C:\Program Files\Common Files\Java
2013-10-20 14:09:28 ----D---- C:\ProgramData\Oracle
2013-10-20 14:09:25 ----A---- C:\windows\system32\javaws.exe
2013-10-20 14:07:36 ----A---- C:\windows\system32\WindowsAccessBridge.dll
2013-10-20 14:07:36 ----A---- C:\windows\system32\javaw.exe
2013-10-20 14:07:36 ----A---- C:\windows\system32\java.exe
2013-10-20 13:13:58 ----D---- C:\Program Files\CCleaner
2013-10-20 12:51:52 ----D---- C:\Program Files\Common Files\Adobe
2013-10-20 12:51:52 ----D---- C:\Program Files\Adobe
2013-10-20 12:37:02 ----D---- C:\Program Files\FileHippo.com
2013-10-20 12:36:52 ----D---- C:\Users\Sašenka\AppData\Roaming\AVAST Software
2013-10-20 12:34:34 ----A---- C:\windows\system32\aswBoot.exe
2013-10-20 12:33:38 ----D---- C:\Program Files\AVAST Software
2013-10-20 12:32:01 ----D---- C:\ProgramData\AVAST Software
2013-10-20 11:47:34 ----D---- C:\AdwCleaner
2013-10-20 11:39:48 ----D---- C:\windows\ERUNT
2013-10-20 10:07:08 ----D---- C:\FRST
2013-08-23 18:10:13 ----D---- C:\windows\system32\MRT

======List of files/folders modified in the last 3 months======

2013-10-20 14:10:19 ----RD---- C:\Program Files
2013-10-20 14:10:19 ----D---- C:\windows\Temp
2013-10-20 14:09:37 ----SHD---- C:\windows\Installer
2013-10-20 14:09:37 ----D---- C:\Program Files\Common Files
2013-10-20 14:09:28 ----HD---- C:\ProgramData
2013-10-20 14:09:25 ----D---- C:\windows\System32
2013-10-20 14:07:04 ----D---- C:\Program Files\Java
2013-10-20 14:06:57 ----SHD---- C:\System Volume Information
2013-10-20 14:06:57 ----D---- C:\Windows
2013-10-20 14:06:14 ----D---- C:\windows\inf
2013-10-20 14:04:35 ----A---- C:\windows\system32\PerfStringBackup.INI
2013-10-20 13:59:33 ----A---- C:\windows\system32\FlashPlayerApp.exe
2013-10-20 13:51:06 ----A---- C:\ProgramData\HPWALog.txt
2013-10-20 13:26:15 ----D---- C:\Users\Sašenka\AppData\Roaming\Skype
2013-10-20 13:25:02 ----D---- C:\windows\Panther
2013-10-20 13:25:02 ----D---- C:\windows\ModemLogs
2013-10-20 13:25:02 ----D---- C:\windows\Minidump
2013-10-20 13:25:02 ----D---- C:\windows\Logs
2013-10-20 13:25:02 ----D---- C:\windows\Debug
2013-10-20 13:14:05 ----D---- C:\windows\system32\Tasks
2013-10-20 13:13:56 ----D---- C:\ProgramData\PDFC
2013-10-20 13:11:44 ----D---- C:\Program Files\T-Mobile
2013-10-20 13:06:52 ----D---- C:\Program Files\Microsoft Silverlight
2013-10-20 13:04:26 ----A---- C:\windows\win.ini
2013-10-20 12:59:07 ----D---- C:\windows\Tasks
2013-10-20 12:52:16 ----D---- C:\ProgramData\Adobe
2013-10-20 12:34:50 ----D---- C:\windows\system32\drivers
2013-10-20 12:34:34 ----D---- C:\windows\winsxs
2013-10-20 11:40:18 ----D---- C:\windows\system32\catroot
2013-09-24 20:13:21 ----D---- C:\windows\Prefetch
2013-09-24 19:12:48 ----D---- C:\windows\system32\catroot2
2013-09-23 21:52:07 ----D---- C:\ProgramData\Skype
2013-09-23 21:52:02 ----RD---- C:\Program Files\Skype
2013-09-15 10:03:26 ----A---- C:\windows\system32\mrt.exe
2013-09-03 14:35:12 ----N---- C:\windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; \??\C:\windows\system32\drivers\aswRdr.sys [2013-10-20 54832]
R1 aswSnx;aswSnx; \??\C:\windows\system32\drivers\aswSnx.sys [2013-10-20 774392]
R1 aswSP;aswSP; \??\C:\windows\system32\drivers\aswSP.sys [2013-10-20 403440]
R1 aswTdi;aswTdi; \??\C:\windows\system32\drivers\aswTdi.sys [2013-10-20 57672]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2008-10-02 12528]
R2 aswFsBlk;aswFsBlk; \??\C:\windows\system32\drivers\aswFsBlk.sys [2013-10-20 35656]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2013-10-20 70384]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\windows\system32\Drivers\CVPNDRVA.sys [2010-03-23 308859]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2008-08-27 34608]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2009-01-16 381440]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\windows\system32\drivers\AtiHdmi.sys [2009-02-19 95760]
R3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2009-02-03 4303360]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2009-09-15 1665016]
R3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2011-05-18 23040]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-05-18 30208]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-03-11 84008]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2009-03-11 109608]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-03-11 29736]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-03-11 18344]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DNE;Deterministic Network Enhancer Miniport; C:\windows\system32\DRIVERS\dne2000.sys [2008-11-16 131984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 76544]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2008-04-17 149504]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2009-03-26 1765168]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk60x86.sys [2008-11-23 310272]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-05-18 507904]
S3 CVirtA;Cisco Systems VPN Adapter; C:\windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv.sys [2008-08-06 32256]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 huawei_cdcacm;huawei_cdcacm; C:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 95616]
S3 huawei_cdcecm;huawei_cdcecm; C:\windows\system32\DRIVERS\ew_jucdcecm.sys [2012-04-23 70016]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 27520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-31 4232704]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2012-07-09 44032]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640]
R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 ASBroker;Logon Session Broker; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 Ati External Event Utility;Ati External Event Utility; C:\windows\system32\Ati2evxx.exe [2009-02-03 729088]
R2 ATService;AuthenTec Fingerprint Service; c:\Program Files\Fingerprint Sensor\AtService.exe [2008-10-03 1185016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-10-20 50344]
R2 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-03-01 567848]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2010-03-23 1528616]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\bin\fbguard.exe [2007-12-12 65536]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-12-04 94208]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-10-02 256544]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-01-14 77824]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2008-08-27 24880]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-12-16 354840]
R2 KoopPdfService;KoopPdfService; C:\Program Files\Kooperativa\Services\KoopPDFServer.exe [2010-05-02 447488]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-01-10 79136]
R2 MbnExt;Mobile Broadband Extension Service; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-08-08 777240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-05 222512]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\bin\fbserver.exe [2007-12-12 1531989]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232]
S2 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-20 257416]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\system32\flcdlock.exe [2008-08-07 349432]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-02-12 45056]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 821648]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WPFFontCache_v0400;@c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

#9 Příspěvek od **vyosek** » 20 říj 2013 14:24

Zkuste si SP2 stahnout odsud http://www.microsoft.com/downloads/deta ... ff6f22448d

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Mareq · #10 Příspěvek od **Mareq** » 20 říj 2013 16:43

SP2 nainstalovany

MBAM neco nasel:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.10.20.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19088
Sašenka :: SAŠENKA-PC [administrátor]

20.10.2013 17:27:45
MBAM-log-2013-10-20 (17-42-00).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 209688
Uplynulý čas: 13 minut, 57 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Windows\Installer\451cf6.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Windows\Installer\451cfd.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.

(konec)

#11 Příspěvek od **vyosek** » 20 říj 2013 16:44

Nalezy MBAMu smazte

Udelejte uplnou\kompletni kontrolu v MBAMu

Mareq · #12 Příspěvek od **Mareq** » 20 říj 2013 20:11

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.10.20.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19088
Sašenka :: SAŠENKA-PC [administrátor]

20.10.2013 17:48:26
MBAM-log-2013-10-20 (21-10-27).txt

Typ: Kompletní kontrola (C:\|D:\|F:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 450503
Uplynulý čas: 3 hodin, 21 minut, 46 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TNod (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 6
C:\FRST\Quarantine\cache.dat (Malware.Packer.ORPC) -> Nebyla provedena žádná instrukce.
C:\FRST\Quarantine\svicqyvggjcfmwylgujkvqk.exe (Malware.Packer.ORPC) -> Nebyla provedena žádná instrukce.
C:\Program Files\ICQ7.2\upgrade\2dcd1d63cb45e6613582211c3d5f4b23 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Program Files\ICQ7.2\upgrade\53e83dd5315bfb1f928441c9b4618b68 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Program Files\TNod User & Password Finder\uninst-tnod.exe (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
C:\Users\Sašenka\Documents\My Downloads\TNODUP.zip (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.

(konec)

#13 Příspěvek od **vyosek** » 20 říj 2013 20:13

Tak to vse pomazte

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Mareq · #14 Příspěvek od **Mareq** » 21 říj 2013 08:43

Diky moc, docisteni dodelam az pristi vikend, ale zadny problemy nepredpokladam.

#15 Příspěvek od **vyosek** » 21 říj 2013 09:53

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Mozna policejni virus

Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus

Re: Mozna policejni virus