Prosil bych o kontroli logu .. problém se stahováním

Zpráva

Lemmure · #1 Příspěvek od **Lemmure** » 06 pro 2013 16:08

Dobrý den. Mám problém, nemůžu absolutně nic stáhnout. Konkrétně u Opery mi to píše "Přerušeno: Antivirová kotrola se nezdařila". Proto bych prosil o kontrolu LOGu, děkuji předem ...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:03:46, on 6.12.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera_crashreporter.exe
C:\Program Files\Last.fm\Last.fm Scrobbler.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Program Files\Opera\18.0.1284.49\opera.exe
C:\Users\Haba Baba\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
R3 - URLSearchHook: mobilewitch Toolbar - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files\mobilewitch\tbmobi.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Haba Baba\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: mobilewitch Toolbar - {fcbf663e-8530-46f8-a880-ac5abe9d2b23} - C:\Program Files\mobilewitch\tbmobi.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O3 - Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
O3 - Toolbar: (no name) - !{fcbf663e-8530-46f8-a880-ac5abe9d2b23} - (no file)
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Haba Baba\AppData\Local\Google\Desktop\Install\{f6630855-3482-9e43-d54d-97143c5a4b5d}\???\???\???\{f6630855-3482-9e43-d54d-97143c5a4b5d}\GoogleUpdate.exe" >
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: 0
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 6408 bytes

#2 Příspěvek od **vyosek** » 06 pro 2013 16:57

Zdravim

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Lemmure · #3 Příspěvek od **Lemmure** » 07 pro 2013 17:45

na AVéGéčku netrvám

JRT LOG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x86
Ran by Haba Baba on so 07.12.2013 at 16:46:23,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\blabbers
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\browsercompanion
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\browsermngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4117245281-1480158384-2095474572-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\browsermngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1clickdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{a7bc02af-1128-4a31-bcf8-1a3ee803d3b3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{a81a974f-8a22-43e6-9243-5198ff758da1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C5C0F58-E061-457D-9033-77307F5ED00C}

~~~ Files

Successfully deleted: [File] "C:\Windows\System32\Tasks\dll-files.com fixer_monthly"
Successfully deleted: [File] "C:\Windows\System32\Tasks\dll-files.com fixer_updates"
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_monthly.job"
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_updates.job"
Successfully deleted: [File] "C:\Windows\system32\roboot.exe"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\bettersoft"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\softsafe"
Successfully deleted: [Folder] "C:\Users\Haba Baba\AppData\Roaming\babylon"
Failed to delete: [Folder] "C:\Users\Haba Baba\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Users\Haba Baba\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Haba Baba\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\Haba Baba\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Haba Baba\AppData\Roaming\zona"
Successfully deleted: [Folder] "C:\Users\Haba Baba\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Haba Baba\appdata\locallow\torrentman"
Failed to delete: [Folder] "C:\Program Files\dll-files.com fixer"
Successfully deleted: [Folder] "C:\Program Files\torrentman"
Successfully deleted: [Folder] "C:\Program Files\zona"
Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Haba Baba\appdata\local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 07.12.2013 at 16:54:44,80
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Lemmure · #4 Příspěvek od **Lemmure** » 07 pro 2013 17:46

ADWcleaner LOG

# AdwCleaner v3.003 - Report created 07/12/2013 at 17:38:03
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Haba Baba - HABABABA-PC
# Running from : C:\Users\Haba Baba\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\BBroowsee2save
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBroowsee2save
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\mobilewitch
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\Haba Baba\AppData\LocalLow\BBroowsee2save
Folder Deleted : C:\Users\Haba Baba\AppData\LocalLow\mobilewitch
Folder Deleted : C:\Users\Haba Baba\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Haba Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Users\dida\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\dida\AppData\LocalLow\Dealio
Folder Deleted : C:\Users\dida\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\dida\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\dida\AppData\LocalLow\BBroowsee2save
Folder Deleted : C:\Users\dida\AppData\LocalLow\mobilewitch
Folder Deleted : C:\Users\dida\AppData\LocalLow\TorrentMan
Folder Deleted : C:\Users\dida\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Folder Deleted : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Folder Deleted : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\oeao9uy@lok-aue.co.uk
Folder Deleted : C:\Users\dida\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh
File Deleted : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\bprotector_extensions.sqlite
File Deleted : C:\Users\dida\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Windows\System32\Tasks\Browser Manager

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [oeao9uy@lok-aue.co.uk]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKCU\Software\580d98db16ebe15
Key Deleted : HKLM\SOFTWARE\580d98db16ebe15
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBF663E-8530-46F8-A880-AC5ABE9D2B23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0EF5A095-A178-4918-AA1B-B7BD579B6EEF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C5C0F58-E061-457D-9033-77307F5ED00C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBF663E-8530-46F8-A880-AC5ABE9D2B23}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBF663E-8530-46F8-A880-AC5ABE9D2B23}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C5C0F58-E061-457D-9033-77307F5ED00C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A57830AE-D3D5-C7B1-6E65-D00DD5884E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBF663E-8530-46F8-A880-AC5ABE9D2B23}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EF5A095-A178-4918-AA1B-B7BD579B6EEF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C5C0F58-E061-457D-9033-77307F5ED00C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7C5C0F58-E061-457D-9033-77307F5ED00C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FCBF663E-8530-46F8-A880-AC5ABE9D2B23}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7C5C0F58-E061-457D-9033-77307F5ED00C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FCBF663E-8530-46F8-A880-AC5ABE9D2B23}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7C5C0F58-E061-457D-9033-77307F5ED00C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FCBF663E-8530-46F8-A880-AC5ABE9D2B23}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7C5C0F58-E061-457D-9033-77307F5ED00C}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\mobilewitch
Key Deleted : HKCU\Software\AppDataLow\Software\TorrentMan
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\Software\mobilewitch
Key Deleted : HKLM\Software\TorrentMan
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mobilewitch Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TorrentMan Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]

-\\ Mozilla Firefox v

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\dida\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7234 octets] - [07/12/2013 17:34:24]
AdwCleaner[S0].txt - [7141 octets] - [07/12/2013 17:38:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7201 octets] ##########
# AdwCleaner v3.003 - Report created 07/12/2013 at 17:39:49
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Haba Baba - HABABABA-PC
# Running from : J:\0000000\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\dida\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\dida\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8371 octets] - [07/12/2013 17:34:24]
AdwCleaner[S0].txt - [8283 octets] - [07/12/2013 17:38:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8343 octets] ##########

#5 Příspěvek od **vyosek** » 07 pro 2013 19:40

Poprosim o log z FRSTLauncheru http://forum.viry.cz/viewtopic.php?f=30&t=133101

Lemmure · #6 Příspěvek od **Lemmure** » 10 pro 2013 20:06

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-12-2013 03
Ran by Haba Baba (administrator) on HABABABA-PC on 10-12-2013 20:03:05
Running from C:\Users\Haba Baba\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
() C:\Program Files\Opera\18.0.1284.63\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe
(Opera Software) C:\Program Files\Opera\18.0.1284.63\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {108a597a-1df2-11e3-ad37-0018e40734e1} - I:\autorun.exe
MountPoints2: {4a48d380-9e6d-11e1-88e7-0018e40734e1} - G:\suppress_explorer.exe
MountPoints2: {f308a971-9ebb-11e2-96c7-0018e40734e1} - H:\autorun.exe
HKU\dida\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [ 2009-10-30] (DT Soft Ltd)
HKU\dida\...\Run: [Facebook Update] - C:\Users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2013-01-15] (Facebook Inc.)
AppInit_DLLs: 0 [ ] ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {05CE4604-AAC0-4F0E-8027-0386073A800B} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {399a1442-7377-49e7-8d77-6dc9ed5968c1} URL = http://www.zbozi.cz/?q={searchTerms}&so ... earch_6826
SearchScopes: HKCU - {5cf5d387-d87c-4408-9a6b-301b0713d62a} URL = http://www.mapy.cz/?query={searchTerms} ... earch_6826
SearchScopes: HKCU - {eb97f7df-1773-4916-aae6-5af74da8c69d} URL = http://www.firmy.cz/phr/{searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {95289393-33EA-4F8D-B952-483415B9C955} - No File
BHO: No Name - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKLM - No Name - !{fcbf663e-8530-46f8-a880-ac5abe9d2b23} - No File
Toolbar: HKCU - No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.230.1

FireFox:
========
FF ProfilePath: C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Haba Baba\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Extension: No Name - C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged
FF Extension: No Name - C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
FF Extension: No Name - C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}

Chrome:
=======
CHR DefaultSearchKeyword: google.cz
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Downlooad keeperr) - C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdnkbahbnmccajhinidpjonfepplloo\1.6
CHR Extension: (GFACE Experience Plugin) - C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.39.0_0
CHR Extension: (Google Wallet) - C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

========================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2012-09-15] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [214520 2013-03-09] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2013-07-17] (Enigma Software Group USA, LLC.)
S3 Start BT in service; C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [52080 2007-04-21] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] ()
U4 *etadpug; "C:\Program Files\Google\Desktop\Install\{f6630855-3482-9e43-d54d-97143c5a4b5d}\ \...\???\{f6630855-3482-9e43-d54d-97143c5a4b5d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34576 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39184 2007-03-05] (IVT Corporation.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-15] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.)
U3 a4rt03za; C:\Windows\System32\Drivers\a4rt03za.sys [0 ] (Microsoft Corporation)
S1 ASPI32; No ImagePath
S1 jjekudvj; \??\C:\Windows\system32\drivers\jjekudvj.sys [x]
S1 ocmwygkz; \??\C:\Windows\system32\drivers\ocmwygkz.sys [x]
S1 prgeqyzs; \??\C:\Windows\system32\drivers\prgeqyzs.sys [x]
S1 pynmjwjo; \??\C:\Windows\system32\drivers\pynmjwjo.sys [x]
S1 qothwumz; \??\C:\Windows\system32\drivers\qothwumz.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-10 20:03 - 2013-12-10 20:03 - 00014439 _____ C:\Users\Haba Baba\Desktop\FRST.txt
2013-12-10 20:02 - 2013-12-10 20:02 - 00000000 ____D C:\FRST
2013-12-10 19:31 - 2013-12-09 07:18 - 01060649 _____ (Farbar) C:\Users\Haba Baba\Desktop\FRST.exe
2013-12-07 17:42 - 2013-12-07 17:42 - 00008423 _____ C:\Users\Haba Baba\Desktop\AdwCleaner[S0].txt
2013-12-07 17:27 - 2013-12-07 17:39 - 00000000 ____D C:\AdwCleaner
2013-12-07 16:54 - 2013-12-07 16:54 - 00006456 _____ C:\Users\Haba Baba\Desktop\JRT.txt
2013-12-07 16:41 - 2013-12-07 16:41 - 00000000 ____D C:\Windows\ERUNT
2013-12-07 16:40 - 2013-11-05 23:36 - 01034531 _____ (Thisisu) C:\Users\Haba Baba\Desktop\JRT_NEW.exe
2013-12-07 16:35 - 2013-12-10 19:59 - 00000478 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-12-07 16:35 - 2013-12-10 18:00 - 00000452 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2013-12-07 16:35 - 2013-12-07 16:44 - 00000426 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-12-07 16:35 - 2013-12-07 16:44 - 00000394 _____ C:\Windows\Tasks\RegCure Pro.job
2013-12-07 16:35 - 2013-12-07 16:35 - 00000831 _____ C:\Users\Haba Baba\Desktop\RegCure Pro.lnk
2013-12-07 16:32 - 2004-06-30 05:40 - 01032220 _____ (Thisisu) C:\Users\Haba Baba\Desktop\JRT.exe
2013-12-07 16:31 - 2013-12-07 16:34 - 00000000 ____D C:\Users\Haba Baba\Desktop\0000000
2013-12-05 18:02 - 2013-12-05 18:02 - 00000000 ____D C:\Users\dida\AppData\Local\Opera Software
2013-12-05 18:01 - 2013-12-05 18:01 - 00000000 ____D C:\Users\dida\AppData\Roaming\Opera Software
2013-12-02 17:13 - 2013-12-02 17:13 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Opera Software
2013-12-02 17:13 - 2013-12-02 17:13 - 00000000 ____D C:\Users\Haba Baba\AppData\Local\Opera Software
2013-12-02 17:12 - 2013-12-02 17:12 - 00001091 _____ C:\Users\Public\Desktop\Opera.lnk
2013-12-02 16:23 - 2013-12-02 16:26 - 00000000 ____D C:\sh4ldr
2013-12-02 16:23 - 2013-12-02 16:23 - 00002254 _____ C:\Users\Haba Baba\Desktop\SpyHunter.lnk
2013-12-02 16:23 - 2013-12-02 16:23 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-02 16:22 - 2013-12-02 16:23 - 00000079 _____ C:\Windows\wininit.ini
2013-12-02 16:22 - 2013-12-02 16:22 - 00000665 _____ C:\INSTALL.LOG
2013-12-02 16:10 - 2013-12-02 16:23 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-12-01 20:27 - 2013-12-02 22:36 - 00000478 _____ C:\Users\Haba Baba\Desktop\Imper.txt
2013-11-30 17:20 - 2013-12-02 16:26 - 00004026 _____ C:\Windows\PFRO.log
2013-11-30 13:54 - 2013-12-10 17:22 - 00000925 _____ C:\Users\Haba Baba\Desktop\Nový textový dokument (2).txt
2013-11-27 22:45 - 2013-12-10 19:39 - 00001456 _____ C:\Windows\setupact.log
2013-11-27 22:45 - 2013-11-27 22:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-27 21:00 - 2013-12-06 16:03 - 00006409 _____ C:\Users\Haba Baba\Desktop\hijackthis.log
2013-11-27 20:50 - 2013-12-02 21:25 - 00000000 ____D C:\Users\Haba Baba\Desktop\backups
2013-11-27 20:38 - 2013-11-27 20:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\Haba Baba\Desktop\hijackthis.exe
2013-11-27 20:19 - 2013-11-27 22:17 - 00000000 ____D C:\Windows\Minidump
2013-11-27 17:31 - 2013-12-02 16:26 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-11-27 17:31 - 2013-12-02 16:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-27 17:26 - 2013-05-20 00:10 - 00000864 _____ C:\Users\dida\Desktop\Metro Last Light.lnk
2013-11-25 19:50 - 2013-12-08 14:55 - 00005855 _____ C:\spyhunter.log
2013-11-25 18:50 - 2013-12-08 13:58 - 00007085 _____ C:\sh4_service.log
2013-11-25 18:47 - 2013-12-02 16:26 - 00008192 _____ C:\shldr.mbr
2013-11-25 18:46 - 2013-11-25 18:46 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-25 18:45 - 2013-11-27 17:29 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-23 10:25 - 2013-11-23 10:25 - 00000000 ____D C:\ProgramData\Oracle
2013-11-23 10:25 - 2013-11-23 10:25 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-23 10:25 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-23 10:25 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-23 10:25 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-23 10:25 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-23 10:22 - 2013-11-23 10:25 - 00004668 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-11-23 10:12 - 2013-11-23 10:12 - 00000000 ____D C:\Users\dida\AppData\Roaming\AVG2014
2013-11-23 10:11 - 2013-11-23 10:20 - 00000000 ____D C:\Users\dida\AppData\Local\Avg2014
2013-11-22 18:24 - 2013-11-22 18:24 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\AVG2014
2013-11-22 18:23 - 2013-11-22 18:23 - 00000947 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-11-22 18:22 - 2013-11-25 19:18 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-22 18:22 - 2013-11-22 18:22 - 00000000 ___HD C:\$AVG
2013-11-22 18:12 - 2013-11-25 17:37 - 00000000 ____D C:\Users\Haba Baba\AppData\Local\Avg2014
2013-11-22 18:08 - 2013-11-22 18:08 - 00000000 ____D C:\Program Files\AVG
2013-11-22 16:26 - 2013-11-30 16:30 - 00000000 ____D C:\ProgramData\MFAData
2013-11-22 16:26 - 2013-11-22 16:26 - 00000000 ____D C:\Users\Haba Baba\AppData\Local\MFAData
2013-11-22 16:25 - 2013-12-01 20:27 - 00001486 _____ C:\Users\Haba Baba\Desktop\ImperIcon voe!.txt
2013-11-22 16:25 - 2013-11-27 18:11 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Media Player Classic
2013-11-22 16:25 - 2013-11-23 13:39 - 00000000 ____D C:\Users\Haba Baba\Desktop\Čtivo 8)
2013-11-22 12:21 - 2013-11-22 12:23 - 00000000 ____D C:\Windows\rescache
2013-11-20 21:46 - 2013-12-02 18:50 - 00000000 __SHD C:\ProgramData\blacksilver0
2013-11-15 11:45 - 2013-11-15 11:45 - 00000000 ____D C:\Users\Haba Baba\AppData\Local\Blizzard Entertainment
2013-11-15 10:00 - 2013-11-15 10:08 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-11-15 01:54 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-15 01:54 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-15 01:54 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-15 01:54 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-15 01:54 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-15 01:54 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-15 01:54 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-15 01:54 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-15 01:54 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-15 01:54 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-15 01:54 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-15 01:54 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-15 01:54 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-15 01:54 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-15 01:54 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-15 01:54 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 21:52 - 2013-12-01 00:24 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
2013-11-14 21:33 - 2013-11-14 21:33 - 00000540 _____ C:\Users\dida\Desktop\World of Warcraft Installer.lnk
2013-11-14 21:20 - 2013-11-14 21:20 - 00000000 ____D C:\ProgramData\Blizzard
2013-11-14 08:41 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 08:41 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 08:41 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 08:41 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 08:41 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 08:41 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 08:41 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 08:41 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 08:41 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 08:41 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 08:41 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 08:41 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 08:41 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 08:41 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 08:41 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 08:41 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 08:41 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 08:41 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 21:00 - 2013-11-10 21:00 - 00126976 _____ (Blizzard Entertainment) C:\Windows\War3Unin.exe
2013-11-10 21:00 - 2013-11-10 21:00 - 00013889 _____ C:\Windows\War3Unin.dat
2013-11-10 21:00 - 2013-11-10 21:00 - 00002829 _____ C:\Windows\War3Unin.pif
2013-11-10 21:00 - 2013-11-10 21:00 - 00000642 _____ C:\Users\Haba Baba\Desktop\Warcraft III.lnk
2013-11-10 21:00 - 2013-11-10 21:00 - 00000642 _____ C:\Users\dida\Desktop\Warcraft III.lnk
2013-11-10 21:00 - 2013-11-10 21:00 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III

==================== One Month Modified Files and Folders =======

2013-12-10 20:03 - 2013-12-10 20:03 - 00014439 _____ C:\Users\Haba Baba\Desktop\FRST.txt
2013-12-10 20:02 - 2013-12-10 20:02 - 00000000 ____D C:\FRST
2013-12-10 20:01 - 2013-10-19 21:45 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-10 19:59 - 2013-12-07 16:35 - 00000478 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-12-10 19:59 - 2013-10-03 20:45 - 00000424 ____H C:\Windows\Tasks\schedule!3036567561.job
2013-12-10 19:59 - 2013-02-04 23:38 - 00000942 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-10 19:59 - 2012-10-20 16:01 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Skype
2013-12-10 19:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2013-12-10 19:39 - 2013-11-27 22:45 - 00001456 _____ C:\Windows\setupact.log
2013-12-10 19:39 - 2012-06-04 18:50 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-12-10 19:39 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-10 19:37 - 2009-07-14 05:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-10 19:37 - 2009-07-14 05:34 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-10 19:36 - 2012-05-25 14:36 - 00000000 ____D C:\Users\Haba Baba\AppData\Local\PMB Files
2013-12-10 19:21 - 2012-04-10 16:24 - 00000000 ____D C:\Users\Haba Baba\AppData\Local\Last.fm
2013-12-10 19:08 - 2013-02-04 23:38 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 18:47 - 2012-05-25 14:36 - 00000000 ____D C:\ProgramData\PMB Files
2013-12-10 18:40 - 2013-01-15 21:35 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001UA.job
2013-12-10 18:00 - 2013-12-07 16:35 - 00000452 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2013-12-10 17:57 - 2012-10-23 19:52 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1000UA.job
2013-12-10 17:22 - 2013-11-30 13:54 - 00000925 _____ C:\Users\Haba Baba\Desktop\Nový textový dokument (2).txt
2013-12-09 07:18 - 2013-12-10 19:31 - 01060649 _____ (Farbar) C:\Users\Haba Baba\Desktop\FRST.exe
2013-12-08 21:40 - 2013-01-15 21:35 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001Core.job
2013-12-08 20:57 - 2012-10-23 19:52 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1000Core.job
2013-12-08 14:55 - 2013-11-25 19:50 - 00005855 _____ C:\spyhunter.log
2013-12-08 13:58 - 2013-11-25 18:50 - 00007085 _____ C:\sh4_service.log
2013-12-07 17:42 - 2013-12-07 17:42 - 00008423 _____ C:\Users\Haba Baba\Desktop\AdwCleaner[S0].txt
2013-12-07 17:39 - 2013-12-07 17:27 - 00000000 ____D C:\AdwCleaner
2013-12-07 16:54 - 2013-12-07 16:54 - 00006456 _____ C:\Users\Haba Baba\Desktop\JRT.txt
2013-12-07 16:48 - 2012-09-26 20:32 - 00000000 ____D C:\Program Files\Dll-Files.com Fixer
2013-12-07 16:44 - 2013-12-07 16:35 - 00000426 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-12-07 16:44 - 2013-12-07 16:35 - 00000394 _____ C:\Windows\Tasks\RegCure Pro.job
2013-12-07 16:41 - 2013-12-07 16:41 - 00000000 ____D C:\Windows\ERUNT
2013-12-07 16:35 - 2013-12-07 16:35 - 00000831 _____ C:\Users\Haba Baba\Desktop\RegCure Pro.lnk
2013-12-07 16:34 - 2013-12-07 16:31 - 00000000 ____D C:\Users\Haba Baba\Desktop\0000000
2013-12-07 16:32 - 2012-04-10 15:20 - 00393450 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-06 16:03 - 2013-11-27 21:00 - 00006409 _____ C:\Users\Haba Baba\Desktop\hijackthis.log
2013-12-06 15:44 - 2012-04-10 15:49 - 00000000 ____D C:\Program Files\Opera
2013-12-05 18:10 - 2013-02-04 23:39 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-05 18:02 - 2013-12-05 18:02 - 00000000 ____D C:\Users\dida\AppData\Local\Opera Software
2013-12-05 18:01 - 2013-12-05 18:01 - 00000000 ____D C:\Users\dida\AppData\Roaming\Opera Software
2013-12-02 22:36 - 2013-12-01 20:27 - 00000478 _____ C:\Users\Haba Baba\Desktop\Imper.txt
2013-12-02 21:25 - 2013-11-27 20:50 - 00000000 ____D C:\Users\Haba Baba\Desktop\backups
2013-12-02 18:50 - 2013-11-20 21:46 - 00000000 __SHD C:\ProgramData\blacksilver0
2013-12-02 18:08 - 2013-10-03 20:44 - 00000000 ____D C:\ProgramData\Downlooad keeperr
2013-12-02 17:13 - 2013-12-02 17:13 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Opera Software
2013-12-02 17:13 - 2013-12-02 17:13 - 00000000 ____D C:\Users\Haba Baba\AppData\Local\Opera Software
2013-12-02 17:12 - 2013-12-02 17:12 - 00001091 _____ C:\Users\Public\Desktop\Opera.lnk
2013-12-02 17:12 - 2012-04-10 15:18 - 00001417 _____ C:\Users\Haba Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-02 17:09 - 2013-04-06 16:15 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-02 16:26 - 2013-12-02 16:23 - 00000000 ____D C:\sh4ldr
2013-12-02 16:26 - 2013-11-30 17:20 - 00004026 _____ C:\Windows\PFRO.log
2013-12-02 16:26 - 2013-11-27 17:31 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-02 16:26 - 2013-11-25 18:47 - 00008192 _____ C:\shldr.mbr
2013-12-02 16:23 - 2013-12-02 16:23 - 00002254 _____ C:\Users\Haba Baba\Desktop\SpyHunter.lnk
2013-12-02 16:23 - 2013-12-02 16:23 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-02 16:23 - 2013-12-02 16:22 - 00000079 _____ C:\Windows\wininit.ini
2013-12-02 16:23 - 2013-12-02 16:10 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-12-02 16:23 - 2013-11-27 17:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-02 16:22 - 2013-12-02 16:22 - 00000665 _____ C:\INSTALL.LOG
2013-12-02 16:09 - 2012-05-05 23:12 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-12-01 20:27 - 2013-11-22 16:25 - 00001486 _____ C:\Users\Haba Baba\Desktop\ImperIcon voe!.txt
2013-12-01 00:25 - 2013-01-26 15:00 - 00000000 ____D C:\Users\Haba Baba\Desktop\Audiosurf
2013-12-01 00:24 - 2013-11-14 21:52 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
2013-11-30 16:30 - 2013-11-22 16:26 - 00000000 ____D C:\ProgramData\MFAData
2013-11-30 15:04 - 2012-12-20 19:25 - 00000000 ____D C:\Users\Haba Baba\Desktop\babo Onen PLOCHA bordel
2013-11-27 22:45 - 2013-11-27 22:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-27 22:17 - 2013-11-27 20:19 - 00000000 ____D C:\Windows\Minidump
2013-11-27 20:38 - 2013-11-27 20:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\Haba Baba\Desktop\hijackthis.exe
2013-11-27 20:35 - 2012-04-10 16:16 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Winamp
2013-11-27 18:11 - 2013-11-22 16:25 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Media Player Classic
2013-11-27 17:29 - 2013-11-25 18:45 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-25 19:49 - 2013-06-11 12:39 - 00000991 _____ C:\Users\dida\Desktop\421621_4871935477688_237660243_n.lnk
2013-11-25 19:18 - 2013-11-22 18:22 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-25 18:46 - 2013-11-25 18:46 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-25 17:37 - 2013-11-22 18:12 - 00000000 ____D C:\Users\Haba Baba\AppData\Local\Avg2014
2013-11-23 13:39 - 2013-11-22 16:25 - 00000000 ____D C:\Users\Haba Baba\Desktop\Čtivo 8)
2013-11-23 10:25 - 2013-11-23 10:25 - 00000000 ____D C:\ProgramData\Oracle
2013-11-23 10:25 - 2013-11-23 10:25 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-23 10:25 - 2013-11-23 10:22 - 00004668 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-11-23 10:25 - 2013-03-22 00:39 - 00000000 ____D C:\Program Files\Java
2013-11-23 10:20 - 2013-11-23 10:11 - 00000000 ____D C:\Users\dida\AppData\Local\Avg2014
2013-11-23 10:12 - 2013-11-23 10:12 - 00000000 ____D C:\Users\dida\AppData\Roaming\AVG2014
2013-11-22 18:24 - 2013-11-22 18:24 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\AVG2014
2013-11-22 18:23 - 2013-11-22 18:23 - 00000947 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-11-22 18:22 - 2013-11-22 18:22 - 00000000 ___HD C:\$AVG
2013-11-22 18:08 - 2013-11-22 18:08 - 00000000 ____D C:\Program Files\AVG
2013-11-22 16:33 - 2013-01-27 23:28 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\TuneUp Software
2013-11-22 16:26 - 2013-11-22 16:26 - 00000000 ____D C:\Users\Haba Baba\AppData\Local\MFAData
2013-11-22 12:23 - 2013-11-22 12:21 - 00000000 ____D C:\Windows\rescache
2013-11-22 11:01 - 2012-04-15 13:53 - 00067416 _____ C:\Users\dida\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-21 21:15 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-21 20:45 - 2012-04-10 16:13 - 00067416 _____ C:\Users\Haba Baba\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-21 20:44 - 2009-07-14 05:33 - 00301536 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-21 19:30 - 2012-08-07 18:29 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Vso
2013-11-21 19:30 - 2012-05-15 09:57 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\DAEMON Tools Lite
2013-11-21 19:28 - 2012-04-11 01:11 - 00000000 ____D C:\Windows\Panther
2013-11-21 18:48 - 2012-04-12 15:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-11-21 18:48 - 2012-04-12 15:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-11-21 18:47 - 2013-02-04 23:38 - 00000000 ____D C:\Program Files\Google
2013-11-21 18:41 - 2013-02-04 23:38 - 00000000 ____D C:\Users\Haba Baba\AppData\Local\Google
2013-11-15 11:45 - 2013-11-15 11:45 - 00000000 ____D C:\Users\Haba Baba\AppData\Local\Blizzard Entertainment
2013-11-15 10:08 - 2013-11-15 10:00 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-11-14 21:52 - 2009-07-14 03:37 - 00000000 ___RD C:\Users\Public
2013-11-14 21:33 - 2013-11-14 21:33 - 00000540 _____ C:\Users\dida\Desktop\World of Warcraft Installer.lnk
2013-11-14 21:20 - 2013-11-14 21:20 - 00000000 ____D C:\ProgramData\Blizzard
2013-11-14 17:02 - 2012-04-10 15:34 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-12 16:18 - 2013-01-09 21:50 - 00000000 ____D C:\Windows\system32\appmgmt
2013-11-11 22:54 - 2012-05-23 18:39 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-11-10 21:00 - 2013-11-10 21:00 - 00126976 _____ (Blizzard Entertainment) C:\Windows\War3Unin.exe
2013-11-10 21:00 - 2013-11-10 21:00 - 00013889 _____ C:\Windows\War3Unin.dat
2013-11-10 21:00 - 2013-11-10 21:00 - 00002829 _____ C:\Windows\War3Unin.pif
2013-11-10 21:00 - 2013-11-10 21:00 - 00000642 _____ C:\Users\Haba Baba\Desktop\Warcraft III.lnk
2013-11-10 21:00 - 2013-11-10 21:00 - 00000642 _____ C:\Users\dida\Desktop\Warcraft III.lnk
2013-11-10 21:00 - 2013-11-10 21:00 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2013-11-10 12:55 - 2012-10-20 16:01 - 00000000 ____D C:\ProgramData\Skype
ZeroAccess:
C:\Users\Haba Baba\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Some content of TEMP:
====================
C:\Users\Haba Baba\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Haba Baba\AppData\Local\Temp\Update.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-12-04 22:10

==================== End Of Log ============================

#7 Příspěvek od **vyosek** » 10 pro 2013 21:11

Nejak jste ostupoval jste dle navodu, ze?? Jelikoz tam nikde nevidim, ze byste stahl FRSTLauncher, tak jak navod pise a pak ho samozrejme i nepouzil

Ono my si ty navody nepiseme pro sebe a jen tak z nudy

Ted uz to nereste, jelikoz je tam pekne mrcha, pak to udelate znovu

Odinstalujte Spybot a SpyHunter

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {108a597a-1df2-11e3-ad37-0018e40734e1} - I:\autorun.exe
MountPoints2: {4a48d380-9e6d-11e1-88e7-0018e40734e1} - G:\suppress_explorer.exe
MountPoints2: {f308a971-9ebb-11e2-96c7-0018e40734e1} - H:\autorun.exe
HKU\dida\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [ 2009-10-30] (DT Soft Ltd)
HKU\dida\...\Run: [Facebook Update] - C:\Users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2013-01-15] (Facebook Inc.)
AppInit_DLLs: 0 [ ] ()
BootExecute: autocheck autochk * sdnclean.exe

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Toolbar: HKLM - No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKLM - No Name - !{fcbf663e-8530-46f8-a880-ac5abe9d2b23} - No File
Toolbar: HKCU - No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
BHO: No Name - {95289393-33EA-4F8D-B952-483415B9C955} - No File
BHO: No Name - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {05CE4604-AAC0-4F0E-8027-0386073A800B} URL = http://search.yahoo.com/search?fr=chr-g ... =847320&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

FF Extension: No Name - C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged
FF Extension: No Name - C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
FF Extension: No Name - C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}

U4 *etadpug; "C:\Program Files\Google\Desktop\Install\{f6630855-3482-9e43-d54d-97143c5a4b5d}\ \...\???\{f6630855-3482-9e43-d54d-97143c5a4b5d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2013-07-17] (Enigma Software Group USA, LLC.)
U3 a4rt03za; C:\Windows\System32\Drivers\a4rt03za.sys [0 ] (Microsoft Corporation)
S1 ASPI32; No ImagePath
S1 jjekudvj; \??\C:\Windows\system32\drivers\jjekudvj.sys [x]
S1 ocmwygkz; \??\C:\Windows\system32\drivers\ocmwygkz.sys [x]
S1 prgeqyzs; \??\C:\Windows\system32\drivers\prgeqyzs.sys [x]
S1 pynmjwjo; \??\C:\Windows\system32\drivers\pynmjwjo.sys [x]
S1 qothwumz; \??\C:\Windows\system32\drivers\qothwumz.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
C:\Windows\system32\drivers\jjekudvj.sys
C:\Windows\system32\drivers\ocmwygkz.sys
C:\Windows\system32\drivers\prgeqyzs.sys
C:\Windows\system32\drivers\pynmjwjo.sys
C:\Windows\system32\drivers\qothwumz.sys 

C:\Program Files\Google\Desktop\Install\{f6630855-3482-9e43-d54d-97143c5a4b5d}
2013-11-25 18:46 - 2013-11-25 18:46 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-02 16:26 - 2013-11-27 17:31 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-02 16:26 - 2013-11-25 18:47 - 00008192 _____ C:\shldr.mbr
2013-12-02 16:23 - 2013-12-02 16:23 - 00002254 _____ C:\Users\Haba Baba\Desktop\SpyHunter.lnk
2013-12-02 16:23 - 2013-12-02 16:23 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-02 16:23 - 2013-11-27 17:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

C:\Users\Haba Baba\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Haba Baba\AppData\Local\Temp\Update.exe

ZeroAccess:
C:\Users\Haba Baba\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

Hosts:
CMD: shutdown /r /f /t 2

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Lemmure · #8 Příspěvek od **Lemmure** » 10 pro 2013 21:31

Já se omlouvám za nepřesné nedodržení návodu, ale musím ty věci stahovat v práci a ten launcher sem jk pako nechtěně vymazal v trezoru toho úžasného AVG, kterej mě k ničemu nechce pustit, ani k odinstalaci.. tk sem to ze zoufalosti udělal bez launcheru

... pardón x) ... SpyBot jsem měl. Teď ho přez Win vyhlédávání ani nemůžu nalézt. Zde log :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-12-2013
Ran by Haba Baba at 2013-12-10 21:21:41 Run:1
Running from C:\Users\Haba Baba\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {108a597a-1df2-11e3-ad37-0018e40734e1} - I:\autorun.exe
MountPoints2: {4a48d380-9e6d-11e1-88e7-0018e40734e1} - G:\suppress_explorer.exe
MountPoints2: {f308a971-9ebb-11e2-96c7-0018e40734e1} - H:\autorun.exe
HKU\dida\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [ 2009-10-30] (DT Soft Ltd)
HKU\dida\...\Run: [Facebook Update] - C:\Users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2013-01-15] (Facebook Inc.)
AppInit_DLLs: 0 [ ] ()
BootExecute: autocheck autochk * sdnclean.exe

Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Toolbar: HKLM - No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKLM - No Name - !{fcbf663e-8530-46f8-a880-ac5abe9d2b23} - No File
Toolbar: HKCU - No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
BHO: No Name - {95289393-33EA-4F8D-B952-483415B9C955} - No File
BHO: No Name - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {05CE4604-AAC0-4F0E-8027-0386073A800B} URL = http://search.yahoo.com/search?fr=chr-g ... =847320&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

FF Extension: No Name - C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged
FF Extension: No Name - C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
FF Extension: No Name - C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}

U4 *etadpug; "C:\Program Files\Google\Desktop\Install\{f6630855-3482-9e43-d54d-97143c5a4b5d}\ \...\???\{f6630855-3482-9e43-d54d-97143c5a4b5d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2013-07-17] (Enigma Software Group USA, LLC.)
U3 a4rt03za; C:\Windows\System32\Drivers\a4rt03za.sys [0 ] (Microsoft Corporation)
S1 ASPI32; No ImagePath
S1 jjekudvj; \??\C:\Windows\system32\drivers\jjekudvj.sys [x]
S1 ocmwygkz; \??\C:\Windows\system32\drivers\ocmwygkz.sys [x]
S1 prgeqyzs; \??\C:\Windows\system32\drivers\prgeqyzs.sys [x]
S1 pynmjwjo; \??\C:\Windows\system32\drivers\pynmjwjo.sys [x]
S1 qothwumz; \??\C:\Windows\system32\drivers\qothwumz.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
C:\Windows\system32\drivers\jjekudvj.sys
C:\Windows\system32\drivers\ocmwygkz.sys
C:\Windows\system32\drivers\prgeqyzs.sys
C:\Windows\system32\drivers\pynmjwjo.sys
C:\Windows\system32\drivers\qothwumz.sys

C:\Program Files\Google\Desktop\Install\{f6630855-3482-9e43-d54d-97143c5a4b5d}
2013-11-25 18:46 - 2013-11-25 18:46 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-02 16:26 - 2013-11-27 17:31 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-02 16:26 - 2013-11-25 18:47 - 00008192 _____ C:\shldr.mbr
2013-12-02 16:23 - 2013-12-02 16:23 - 00002254 _____ C:\Users\Haba Baba\Desktop\SpyHunter.lnk
2013-12-02 16:23 - 2013-12-02 16:23 - 00000000 ____D C:\Users\Haba Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-02 16:23 - 2013-11-27 17:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

C:\Users\Haba Baba\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Haba Baba\AppData\Local\Temp\Update.exe

ZeroAccess:
C:\Users\Haba Baba\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PWRISOVM.EXE => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{108a597a-1df2-11e3-ad37-0018e40734e1} => Key deleted successfully.
HKCR\CLSID\{108a597a-1df2-11e3-ad37-0018e40734e1} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a48d380-9e6d-11e1-88e7-0018e40734e1} => Key deleted successfully.
HKCR\CLSID\{4a48d380-9e6d-11e1-88e7-0018e40734e1} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f308a971-9ebb-11e2-96c7-0018e40734e1} => Key deleted successfully.
HKCR\CLSID\{f308a971-9ebb-11e2-96c7-0018e40734e1} => Key not found.
HKU\dida\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\dida\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000006\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{91397D20-1446-11D4-8AF4-0040CA1127B6} => Value deleted successfully.
HKCR\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{fcbf663e-8530-46f8-a880-ac5abe9d2b23} => Value deleted successfully.
HKCR\CLSID\!{fcbf663e-8530-46f8-a880-ac5abe9d2b23} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} => Value deleted successfully.
HKCR\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955} => Key deleted successfully.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C93F72A2-2162-4BBA-A07A-F13663C297A6} => Key deleted successfully.
HKCR\CLSID\{C93F72A2-2162-4BBA-A07A-F13663C297A6} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05CE4604-AAC0-4F0E-8027-0386073A800B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{05CE4604-AAC0-4F0E-8027-0386073A800B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged => Moved successfully.
C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru => Moved successfully.
C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} => Moved successfully.
*etadpug => Service deleted successfully.
SpyHunter 4 Service => Service not found.
a4rt03za => Service deleted successfully.
ASPI32 => Service deleted successfully.
jjekudvj => Service deleted successfully.
ocmwygkz => Service deleted successfully.
prgeqyzs => Service deleted successfully.
pynmjwjo => Service deleted successfully.
qothwumz => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"C:\Windows\system32\drivers\jjekudvj.sys" => File/Directory not found.
"C:\Windows\system32\drivers\ocmwygkz.sys" => File/Directory not found.
"C:\Windows\system32\drivers\prgeqyzs.sys" => File/Directory not found.
"C:\Windows\system32\drivers\pynmjwjo.sys" => File/Directory not found.
"C:\Windows\system32\drivers\qothwumz.sys" => File/Directory not found.
C:\Program Files\Google\Desktop\Install\{f6630855-3482-9e43-d54d-97143c5a4b5d} => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Program Files\Spybot - Search & Destroy 2 => Moved successfully.
C:\shldr.mbr => Moved successfully.
"C:\Users\Haba Baba\Desktop\SpyHunter.lnk" => File/Directory not found.
"C:\Users\Haba Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter" => File/Directory not found.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
C:\Users\Haba Baba\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Haba Baba\AppData\Local\Temp\Update.exe => Moved successfully.
C:\Users\Haba Baba\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files\Google\Desktop\Install => Moved successfully.
C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

#9 Příspěvek od **vyosek** » 11 pro 2013 08:41

Nyni by uz snad melo jit neco stahnout. Pripadne odstavte antivir

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Lemmure · #10 Příspěvek od **Lemmure** » 11 pro 2013 17:53

Download plně funguje x) ....

Co se týče toho AVG, jede si svoje stále ... ""Systém windows nemůže najít položku "cesta k avgcfgex.exe". Ujistěte se, zda je název zadán správně, a akci opakujte". Jeho odpověď na většinu věcí. Na vypnutí ochrany, manipulací věcí v trezoru. Ani samotná složka nejde odstranit.

Rkill LOG

Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/11/2013 05:40:03 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

#11 Příspěvek od **vyosek** » 11 pro 2013 19:40

Pustte tam ComboFx a pripadne jAVG odstrelime manualne...

Lemmure · #12 Příspěvek od **Lemmure** » 11 pro 2013 23:56

ComboFix 13-12-10.01 - Haba Baba 11.12.2013 23:35:32.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.2047.574 [GMT 1:00]
Spuštěný z: c:\users\Haba Baba\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\dida\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdnkbahbnmccajhinidpjonfepplloo
c:\users\dida\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdnkbahbnmccajhinidpjonfepplloo\1.6\background.html
c:\users\dida\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdnkbahbnmccajhinidpjonfepplloo\1.6\content.js
c:\users\dida\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdnkbahbnmccajhinidpjonfepplloo\1.6\lsdb.js
c:\users\dida\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdnkbahbnmccajhinidpjonfepplloo\1.6\manifest.json
c:\users\dida\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdnkbahbnmccajhinidpjonfepplloo\1.6\RFMysInYT.js
c:\users\dida\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdnkbahbnmccajhinidpjonfepplloo\1.6\sqlite.js
c:\users\dida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcdnkbahbnmccajhinidpjonfepplloo_0.localstorage-journal
c:\users\dida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcdnkbahbnmccajhinidpjonfepplloo_0.localstorage
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-11 do 2013-12-11 )))))))))))))))))))))))))))))))
.
.
2013-12-10 19:02 . 2013-12-10 20:21 -------- d-----w- C:\FRST
2013-12-07 16:27 . 2013-12-07 16:39 -------- d-----w- C:\AdwCleaner
2013-12-07 15:41 . 2013-12-07 15:41 -------- d-----w- c:\windows\ERUNT
2013-12-05 17:02 . 2013-12-05 17:02 -------- d-----w- c:\users\dida\AppData\Local\Opera Software
2013-12-05 17:01 . 2013-12-05 17:01 -------- d-----w- c:\users\dida\AppData\Roaming\Opera Software
2013-12-02 16:13 . 2013-12-02 16:13 -------- d-----w- c:\users\Haba Baba\AppData\Local\Opera Software
2013-12-02 16:13 . 2013-12-02 16:13 -------- d-----w- c:\users\Haba Baba\AppData\Roaming\Opera Software
2013-12-02 15:10 . 2013-12-10 20:14 -------- d-----w- c:\windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2013-11-25 17:45 . 2013-11-27 16:29 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-23 09:25 . 2013-11-23 09:25 -------- d-----w- c:\programdata\Oracle
2013-11-23 09:25 . 2013-11-23 09:25 -------- d-----w- c:\program files\Common Files\Java
2013-11-23 09:25 . 2013-10-08 06:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-23 09:12 . 2013-11-23 09:12 -------- d-----w- c:\users\dida\AppData\Roaming\AVG2014
2013-11-23 09:11 . 2013-11-23 09:20 -------- d-----w- c:\users\dida\AppData\Local\Avg2014
2013-11-22 17:24 . 2013-11-22 17:24 -------- d-----w- c:\users\Haba Baba\AppData\Roaming\AVG2014
2013-11-22 17:22 . 2013-11-25 18:18 -------- d-----w- c:\programdata\AVG2014
2013-11-22 17:22 . 2013-11-22 17:22 -------- d-----w- C:\$AVG
2013-11-22 17:12 . 2013-11-25 16:37 -------- d-----w- c:\users\Haba Baba\AppData\Local\Avg2014
2013-11-22 17:08 . 2013-11-22 17:08 -------- d-----w- c:\program files\AVG
2013-11-22 15:26 . 2013-11-30 15:30 -------- d-----w- c:\programdata\MFAData
2013-11-22 15:26 . 2013-11-22 15:26 -------- d-----w- c:\users\Haba Baba\AppData\Local\MFAData
2013-11-22 15:25 . 2013-11-27 17:11 -------- d-----w- c:\users\Haba Baba\AppData\Roaming\Media Player Classic
2013-11-22 11:21 . 2013-11-22 11:23 -------- d-----w- c:\windows\rescache
2013-11-20 21:04 . 2013-12-11 20:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AC23D54-C9B6-45A2-857C-6553C101599E}\offreg.dll
2013-11-20 20:46 . 2013-12-02 17:50 -------- d-sh--w- c:\programdata\blacksilver0
2013-11-19 17:02 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AC23D54-C9B6-45A2-857C-6553C101599E}\mpengine.dll
2013-11-15 10:45 . 2013-11-15 10:45 -------- d-----w- c:\users\Haba Baba\AppData\Local\Blizzard Entertainment
2013-11-15 09:00 . 2013-11-15 09:08 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-11-14 20:52 . 2013-11-30 23:24 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2013-11-14 20:20 . 2013-11-14 20:20 -------- d-----w- c:\programdata\Blizzard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 17:02 . 2012-04-12 14:10 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 17:02 . 2012-04-12 14:10 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-10 20:00 . 2013-11-10 20:00 2829 ----a-w- c:\windows\War3Unin.pif
2013-11-10 20:00 . 2013-11-10 20:00 126976 ----a-w- c:\windows\War3Unin.exe
2013-11-05 20:50 . 2013-11-05 20:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 20:57 . 2013-11-04 20:57 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-10-31 22:00 . 2013-10-31 22:00 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-10-31 21:30 . 2013-10-31 21:30 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-24 21:28 . 2013-10-24 21:28 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-30 23:49 . 2013-09-30 23:49 102712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-09-26 09:00 . 2013-09-26 09:00 47928 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2013-09-25 01:57 . 2013-11-14 07:41 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-16 23:57 . 2013-09-16 23:57 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-14 00:48 . 2013-10-09 19:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 52080]
R3 TsUsbFlt;TsUsbFlt; [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-10-24 147768]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-10-31 222520]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-09 27448]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-15 691696]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2013-11-05 120600]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2013-09-26 47928]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-04 209176]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-16 22840]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-10-31 176952]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [2013-09-24 1358944]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2013-09-24 348008]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 17:08 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-19 17:02]
.
2013-12-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1000Core.job
- c:\users\Haba Baba\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-23 18:52]
.
2013-12-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1000UA.job
- c:\users\Haba Baba\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-23 18:52]
.
2013-12-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001Core.job
- c:\users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-15 20:35]
.
2013-12-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001UA.job
- c:\users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-15 20:35]
.
2013-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-04 22:38]
.
2013-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-04 22:38]
.
2013-12-07 c:\windows\Tasks\RegCure Pro.job
- d:\program files\ParetoLogic\RegCure Pro\RegCurePro.exe [2012-10-22 20:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.230.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2014\avgrsx.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG2014\avgnsx.exe
c:\program files\AVG\AVG2014\avgemcx.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Dll-Files.com Fixer\DLLFixer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2013-12-11 23:52:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-12-11 22:52
.
Před spuštěním: 6 516 707 328
Po spuštění: 6 616 330 240
.
- - End Of File - - 1BA15945A86D9C55B9456432DE9F5ED7
A36C5E4F47E84449FF07ED3517B43A31

#13 Příspěvek od **vyosek** » 12 pro 2013 12:43

AVG muzete odstrelit timto http://download.avg.com/filedir/util/su ... 4_4116.exe

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Driver::
esgiguard

Folder::
c:\program files\Enigma Software Group

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1000UA.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\RegCure Pro.job

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"=-

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Lemmure · #14 Příspěvek od **Lemmure** » 14 pro 2013 13:18

Diky, AVG se už nespouští x)

... ale ComboFIX mi furt nadává, že z něho nějaký věci furt běží, tk nechci riskovat.

#15 Příspěvek od **vyosek** » 15 pro 2013 00:57

Klidne to odkliknete, on si pripadne ukonci jeho cinnost sam a ja pak zbytky odstrelim rucne...

VIRY.CZ

Prosil bych o kontroli logu .. problém se stahováním

Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním

Re: Prosil bych o kontroli logu .. problém se stahováním