Útvar pro Boj proti Kyberkriminality

[lukbe]

Dobrý den, známí má v pc Windows Vista a dostal se mu tam tento vir : Útvar pro Boj proti Kyberkriminality více zde : http://www.anti-spyware-101.com/cz/odst ... lity-virus

Chtěl jsme se zeptat na možnosti odstranění, zda to lze odstranit podle toho návodu jak je na tech stránkách a nebo zda máte nějaký vlastní ověřený návod. Děkuj

[vyosek]

Zdravim

Navod na uvedene strance nedoporucuji, uz jen z duvodu, ze tam vidim SPyHUnter - coz je hooodne velky kram

Postupujte dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=132523

[lukbe]

tak super pomohlo to ...

[vyosek]

Super, to bylo ale jen prvotni procisteni

Nyni poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

[lukbe]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by sony (administrator) on SONY-PC on 01-12-2013 13:43:10
Running from C:\Users\sony\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sony Corporation) C:\Program Files\sony\VAIO Update 4\VAIOUpdt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Sony Corporation) C:\Program Files\sony\Network Utility\NSUService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files\sony\VAIO Media plus\SOHCImp.exe
(Sony Corporation) C:\Program Files\sony\VAIO Media plus\SOHDms.exe
(Sony Corporation) C:\Program Files\sony\VAIO Media plus\SOHDs.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files\sony\Marketing Tools\MarketingTools.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
() C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
(Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\sony\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6295552 2008-10-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.)
HKLM\...\Run: [ISBMgr.exe] - C:\Program Files\sony\ISB Utility\ISBMgr.exe [317280 2008-04-04] (Sony Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MarketingTools] - C:\Program Files\sony\Marketing Tools\MarketingTools.exe [24576 2009-06-17] (Sony Corporation)
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-08] (Nero AG)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [20131121] - C:\Program Files\Alwil Software\Avast5\Setup\emupdate\fddf5895-0f1c-47c5-b5e2-c6b7002dc54f.exe [180184 2013-11-23] (AVAST Software)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3568312 2013-12-01] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaOviSuite2] - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [703360 2011-01-31] (Nokia)
MountPoints2: {c232e69b-7c2d-11e2-ab10-001dbab22eaa} - G:\NokiaPCIA_Autorun.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [NSUFloatingUI] - C:\Program Files\sony\Network Utility\LANUtil.exe [ 2008-12-05] (Sony Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [NSUFloatingUI] - C:\Program Files\sony\Network Utility\LANUtil.exe [ 2008-12-05] (Sony Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sonystyle-europe.com?csint=140016340
http://partnerpage.google.com/eu.sony.com/uk
http://www.club-vaio.com/vbc
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
SearchScopes: HKLM - DefaultScope {5B353A30-95A5-49A4-877C-1DA3970D2F09} URL = http://www.google.co.uk/search?hl=en&q= ... rms}&meta=
SearchScopes: HKLM - {5B353A30-95A5-49A4-877C-1DA3970D2F09} URL = http://www.google.co.uk/search?hl=en&q= ... rms}&meta=
SearchScopes: HKCU - DefaultScope {5B353A30-95A5-49A4-877C-1DA3970D2F09} URL = http://www.google.co.uk/search?hl=en&q= ... meta=&rlz=
SearchScopes: HKCU - {5B353A30-95A5-49A4-877C-1DA3970D2F09} URL = http://www.google.co.uk/search?hl=en&q= ... meta=&rlz=
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.200.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U13) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U15) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (AdBlock) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

========================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-01] (AVAST Software)
R2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-12-05] (Sony Corporation)
R2 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-10-21] (Sony Corporation)
R2 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-10-21] (Sony Corporation)
R2 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-10-21] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-09-08] (Sony Corporation)
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2008-11-06] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [415584 2008-10-18] (Sony Corporation)
R2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-12] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-09-08] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-09-08] (Sony Corporation)
S2 HitmanPro37CrusaderBoot; "G:\HitmanPro.exe" /crusader:boot [x]

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-01] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-01] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-01] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-01 13:43 - 2013-12-01 13:43 - 00014685 _____ C:\Users\sony\Desktop\FRST.txt
2013-12-01 13:42 - 2013-12-01 13:42 - 00000000 ____D C:\FRST
2013-12-01 13:41 - 2013-12-01 13:41 - 01092187 _____ (Farbar) C:\Users\sony\Desktop\FRST.exe
2013-12-01 13:41 - 2013-12-01 13:41 - 00112640 _____ (forum.viry.cz) C:\Users\sony\Desktop\FRSTLauncher.exe
2013-12-01 11:42 - 2013-12-01 11:42 - 00000000 _____ C:\Windows\setuperr.log
2013-12-01 11:42 - 2013-12-01 11:42 - 00000000 _____ C:\Windows\setupact.log
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Update
2013-12-01 11:32 - 2013-12-01 11:32 - 00002700 _____ C:\Windows\PFRO.log
2013-12-01 11:13 - 2013-12-01 11:13 - 00123586 _____ C:\Users\sony\Documents\cc_20131201_111346.reg
2013-12-01 11:11 - 2013-12-01 11:12 - 04618136 _____ (Piriform Ltd) C:\Users\sony\Downloads\ccsetup408.exe
2013-12-01 11:10 - 2013-12-01 11:10 - 00000000 ____D C:\Users\sony\AppData\Local\Sun
2013-12-01 11:02 - 2013-12-01 10:47 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-01 11:02 - 2013-12-01 10:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-01 11:02 - 2013-12-01 10:47 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-01 10:59 - 2013-12-01 10:59 - 00000000 ____D C:\Users\sony\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-12-01 10:54 - 2013-12-01 10:54 - 00000000 ____D C:\Users\sony\AppData\Roaming\AVAST Software
2013-12-01 10:48 - 2013-12-01 10:48 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 10:47 - 2013-12-01 10:47 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-01 10:42 - 2013-12-01 10:42 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-01 10:28 - 2013-12-01 10:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-12-01 10:28 - 2013-12-01 10:28 - 00002164 _____ C:\Windows\system32\.crusader
2013-12-01 10:17 - 2013-12-01 10:28 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-29 16:54 - 2013-11-29 16:54 - 00000000 ____D C:\Users\sony\AppData\Local\ArcSoft
2013-11-28 22:44 - 2013-11-28 22:44 - 00000279 _____ C:\ProgramData\behjqod.reg
2013-11-28 22:43 - 2013-10-01 10:12 - 95025368 ____T C:\ProgramData\behjqod.bxx
2013-11-28 22:43 - 2013-10-01 10:12 - 00000000 _____ C:\ProgramData\behjqod.fvv
2013-11-13 18:18 - 2013-10-13 11:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 18:18 - 2013-10-13 11:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 18:18 - 2013-10-13 10:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 18:18 - 2013-10-13 10:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 18:18 - 2013-10-13 10:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-13 18:18 - 2013-10-13 10:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 18:18 - 2013-10-13 10:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-13 18:18 - 2013-10-13 10:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 18:18 - 2013-10-13 10:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 18:18 - 2013-10-13 10:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-13 18:18 - 2013-10-13 10:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-13 18:18 - 2013-10-13 10:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 18:18 - 2013-10-13 10:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 18:18 - 2013-10-13 10:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-13 18:18 - 2013-10-13 10:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 18:18 - 2013-10-13 10:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 18:02 - 2013-10-03 13:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 18:01 - 2013-10-11 03:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 18:01 - 2013-10-11 03:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 18:01 - 2013-10-11 01:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-13 18:01 - 2013-10-03 13:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

==================== One Month Modified Files and Folders =======

2013-12-01 13:43 - 2013-12-01 13:43 - 00014685 _____ C:\Users\sony\Desktop\FRST.txt
2013-12-01 13:42 - 2013-12-01 13:42 - 00000000 ____D C:\FRST
2013-12-01 13:41 - 2013-12-01 13:41 - 01092187 _____ (Farbar) C:\Users\sony\Desktop\FRST.exe
2013-12-01 13:41 - 2013-12-01 13:41 - 00112640 _____ (forum.viry.cz) C:\Users\sony\Desktop\FRSTLauncher.exe
2013-12-01 13:41 - 2009-06-17 21:25 - 01185329 _____ C:\Windows\WindowsUpdate.log
2013-12-01 13:40 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 13:40 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 13:35 - 2010-10-20 23:32 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 13:35 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 11:42 - 2013-12-01 11:42 - 00000000 _____ C:\Windows\setuperr.log
2013-12-01 11:42 - 2013-12-01 11:42 - 00000000 _____ C:\Windows\setupact.log
2013-12-01 11:42 - 2006-11-02 14:01 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-01 11:40 - 2013-12-01 11:40 - 00000000 ____D C:\Update
2013-12-01 11:32 - 2013-12-01 11:32 - 00002700 _____ C:\Windows\PFRO.log
2013-12-01 11:32 - 2008-12-09 00:30 - 00000000 ____D C:\Program Files\Google
2013-12-01 11:21 - 2011-08-22 22:56 - 00000000 ____D C:\Windows\Minidump
2013-12-01 11:21 - 2009-06-24 18:15 - 00000000 ____D C:\Users\sony\AppData\Roaming\IDM
2013-12-01 11:21 - 2009-06-21 10:56 - 00000000 ____D C:\Users\sony\AppData\Roaming\Skype
2013-12-01 11:21 - 2008-12-08 18:43 - 00000000 ____D C:\Windows\Panther
2013-12-01 11:14 - 2009-09-27 18:22 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-12-01 11:13 - 2013-12-01 11:13 - 00123586 _____ C:\Users\sony\Documents\cc_20131201_111346.reg
2013-12-01 11:12 - 2013-12-01 11:11 - 04618136 _____ (Piriform Ltd) C:\Users\sony\Downloads\ccsetup408.exe
2013-12-01 11:10 - 2013-12-01 11:10 - 00000000 ____D C:\Users\sony\AppData\Local\Sun
2013-12-01 11:10 - 2012-04-29 12:05 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 11:10 - 2009-06-17 13:46 - 00000000 ____D C:\Users\sony
2013-12-01 11:09 - 2009-06-17 13:46 - 00000000 ____D C:\Users\sony\AppData\Local\Adobe
2013-12-01 11:08 - 2008-12-09 00:29 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-01 11:07 - 2008-12-09 00:29 - 00000000 ____D C:\ProgramData\Adobe
2013-12-01 11:07 - 2008-12-09 00:29 - 00000000 ____D C:\Program Files\Adobe
2013-12-01 11:04 - 2009-06-21 10:56 - 00000000 ___RD C:\Program Files\Skype
2013-12-01 11:03 - 2008-12-09 00:31 - 00000000 ____D C:\Program Files\Java
2013-12-01 11:03 - 2008-12-09 00:31 - 00000000 ____D C:\Program Files\Common Files\Java
2013-12-01 11:01 - 2009-06-17 13:46 - 00000000 ____D C:\Users\sony\AppData\Local\Google
2013-12-01 10:59 - 2013-12-01 10:59 - 00000000 ____D C:\Users\sony\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-12-01 10:59 - 2009-06-17 13:46 - 00000000 ____D C:\Users\sony\AppData\Roaming\Adobe
2013-12-01 10:54 - 2013-12-01 10:54 - 00000000 ____D C:\Users\sony\AppData\Roaming\AVAST Software
2013-12-01 10:49 - 2012-12-21 08:26 - 00001884 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-01 10:48 - 2013-12-01 10:48 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 10:47 - 2013-12-01 11:02 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-01 10:47 - 2013-12-01 11:02 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-01 10:47 - 2013-12-01 11:02 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-01 10:47 - 2013-12-01 10:47 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-01 10:47 - 2013-10-14 21:16 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-01 10:47 - 2013-10-14 21:16 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-01 10:47 - 2011-10-22 17:09 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-01 10:47 - 2010-10-20 23:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-01 10:47 - 2009-09-06 14:03 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-01 10:47 - 2009-09-06 14:03 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-12-01 10:47 - 2009-09-06 14:02 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-01 10:47 - 2009-09-06 14:02 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-01 10:47 - 2009-09-06 14:02 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-01 10:47 - 2009-09-06 14:02 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-01 10:42 - 2013-12-01 10:42 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-01 10:42 - 2006-11-02 11:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-12-01 10:28 - 2013-12-01 10:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-12-01 10:28 - 2013-12-01 10:28 - 00002164 _____ C:\Windows\system32\.crusader
2013-12-01 10:28 - 2013-12-01 10:17 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-01 10:23 - 2010-10-20 23:32 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-30 13:04 - 2006-11-02 13:47 - 00119808 _____ C:\Windows\system32\umstartup.etl
2013-11-30 11:45 - 2009-06-17 13:46 - 00002032 _____ C:\Users\sony\AppData\Local\d3d9caps.dat
2013-11-30 11:35 - 2011-11-03 23:31 - 00000000 ____D C:\ProgramData\ArcSoft
2013-11-30 10:43 - 2008-12-08 22:24 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-29 16:54 - 2013-11-29 16:54 - 00000000 ____D C:\Users\sony\AppData\Local\ArcSoft
2013-11-28 22:44 - 2013-11-28 22:44 - 00000279 _____ C:\ProgramData\behjqod.reg
2013-11-17 17:26 - 2010-10-20 23:32 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-14 17:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-11-13 18:17 - 2013-07-20 16:32 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 18:10 - 2006-11-02 11:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-11 05:50 - 2009-10-03 17:36 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-02 16:41 - 2006-11-02 11:33 - 01418466 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 09:20 - 2009-06-21 12:06 - 00036352 _____ C:\Users\sony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-01 09:15 - 2009-09-27 15:01 - 00000000 ____D C:\Nahrávky z kamery

Files to move or delete:
====================
C:\Users\sony\AppData\Roaming\desktop.ini
C:\ProgramData\behjqod.bxx
C:\ProgramData\behjqod.fvv
C:\ProgramData\behjqod.reg


Some content of TEMP:
====================
C:\Users\sony\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\sony\AppData\Local\Temp\NEventMessages.dll
C:\Users\sony\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\sony\Desktop" je 1 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI
"C:\Program Files\Sony\Network Utility\LANUtil.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMpTtray.exe
C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-08] (Nero AG)
  HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
  HKLM\...\Run: [20131121] - C:\Program Files\Alwil Software\Avast5\Setup\emupdate\fddf5895-0f1c-47c5-b5e2-c6b7002dc54f.exe [180184 2013-11-23] (AVAST Software)
  HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
  HKCU\...\Run: [] - [x]
  HKCU\...\Run: [NokiaOviSuite2] - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [703360 2011-01-31] (Nokia)
  MountPoints2: {c232e69b-7c2d-11e2-ab10-001dbab22eaa} - G:\NokiaPCIA_Autorun.exe
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
  HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sonystyle-europe.com?csint=140016340
  http://partnerpage.google.com/eu.sony.com/uk
  http://www.club-vaio.com/vbc
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
  SearchScopes: HKLM - DefaultScope {5B353A30-95A5-49A4-877C-1DA3970D2F09} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
  SearchScopes: HKLM - {5B353A30-95A5-49A4-877C-1DA3970D2F09} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
  SearchScopes: HKCU - DefaultScope {5B353A30-95A5-49A4-877C-1DA3970D2F09} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=
  SearchScopes: HKCU - {5B353A30-95A5-49A4-877C-1DA3970D2F09} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=
  
  S2 HitmanPro37CrusaderBoot; "G:\HitmanPro.exe" /crusader:boot [x]
  S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
  S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
  S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
  S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
  S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
  
  2013-12-01 10:28 - 2013-12-01 10:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
  2013-12-01 10:28 - 2013-12-01 10:28 - 00002164 _____ C:\Windows\system32\.crusader
  2013-12-01 10:17 - 2013-12-01 10:28 - 00000000 ____D C:\ProgramData\HitmanPro
  2013-11-28 22:44 - 2013-11-28 22:44 - 00000279 _____ C:\ProgramData\behjqod.reg
  2013-11-28 22:43 - 2013-10-01 10:12 - 95025368 ____T C:\ProgramData\behjqod.bxx
  2013-11-28 22:43 - 2013-10-01 10:12 - 00000000 _____ C:\ProgramData\behjqod.fvv
  C:\Users\sony\AppData\Roaming\desktop.ini
  C:\Users\sony\AppData\Local\Temp\gtalkwmp1.dll
  C:\Users\sony\AppData\Local\Temp\NEventMessages.dll
  C:\Users\sony\AppData\Local\Temp\NOSEventMessages.dll
  
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[lukbe]

Bohužel známej odjížděl a potřeboval nutně sebou notebook, tak až se v pátek vrátí tak to dodělám.

Jinak v tom logu co tam je špatného ? děkuji

[vyosek]

A myslite, ze by to nezvladl, kdyby se sem podival??

Jsou tam jeste pozustatky haveti a zbytecnosti co je potreba odtsranit

[lukbe]

No myslím si že bude lepší to nechat až se vrátí ...

[vyosek]

Ou Kej, neni problem