Zdravím, mám problém s neustále vyskakujícími reklamami na internetu.
Používám FF 26.0, Win7.
Zde je log z Farbar Recovery Scanning Tool:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013 (ATTENTION: ====> FRST version is 40 days old and could be outdated)
Ran by Karek (administrator) on KAREK-PC on 03-01-2014 09:54:48
Running from C:\Users\Karek\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG) C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe
(AVG) C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesApp64.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe
(Dropbox, Inc.) C:\Users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\11155dff-1ee8-425c-91ad-7283b136fb89.exe /check [181136 2014-01-03] (AVAST Software)
HKCU\...\Run: [FMCore.exe] - C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe [9504768 2013-07-25] (Celartem, Inc., doing business as Extensis.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe -update plugin [815496 2013-09-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [747712 2013-11-26] ()
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-16] (AVAST Software)
Startup: C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: WebSparkle - {9f56bab3-2739-40ed-a8d0-1451657a9742} - C:\Program Files (x86)\WebSparkle\WebSparkleBHO.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{5F31578C-0FBE-44BE-8993-69BBDF586BD9}: [NameServer]213.46.172.36,213.46.172.37
FireFox:
========
FF ProfilePath: C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll (Search.Us.com)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Seznam lištička - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: firebug - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: firefox - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firefox@websparkle.biz.xpi
FF Extension: seo - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seo@profesional.xpi
FF Extension: seostatus - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seostatus@rubyweb.xpi
FF Extension: No Name - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [sea-condensed@plugin.org] - C:\Program Files (x86)\The Sea App (Firefox)
FF Extension: The SEA App (C) - C:\Program Files (x86)\The Sea App (Firefox)
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! Online Security) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-16] (AVAST Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe [2099000 2013-10-12] (AVG)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-12-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-08-31] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
U3 assugv6m; C:\Windows\System32\Drivers\assugv6m.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 Update LinkSwift;
U4 Update WebSparkle;
U4 Util LinkSwift;
U4 Util WebSparkle;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-03 09:54 - 2014-01-03 09:54 - 00011696 _____ C:\Users\Karek\Desktop\FRST.txt
2013-12-20 09:49 - 2013-12-20 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 08:51 - 2013-12-20 08:51 - 00002764 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2013-12-18 11:42 - 2013-12-18 11:42 - 00000951 _____ C:\Users\Public\Desktop\Balsamiq Mockups.lnk
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Users\Karek\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Program Files (x86)\Balsamiq Mockups
2013-12-16 14:34 - 2013-12-16 14:34 - 00002164 _____ C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2013-12-16 14:34 - 2013-12-16 14:34 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVG
2013-12-16 14:34 - 2013-12-16 14:34 - 00000000 ____D C:\Program Files (x86)\AVG PC TuneUp 2014
2013-12-16 14:34 - 2013-10-12 00:34 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2013-12-16 14:34 - 2013-10-12 00:33 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2013-12-16 14:34 - 2013-10-12 00:33 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2013-12-16 14:33 - 2013-12-20 08:51 - 00000000 ____D C:\ProgramData\AVG
2013-12-16 14:33 - 2013-12-16 14:33 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-16 14:32 - 2013-12-16 17:16 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Orbit
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\ProgSense
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\GrabPro
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Program Files (x86)\Orbitdownloader
2013-12-16 14:21 - 2013-12-16 14:21 - 00000000 ____D C:\Program Files (x86)\DownloadToolz
2013-12-16 13:23 - 2013-12-16 13:23 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVAST Software
2013-12-16 13:22 - 2014-01-03 09:16 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-16 13:22 - 2013-12-16 13:22 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-16 13:22 - 2013-12-16 13:22 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-16 13:22 - 2013-12-16 13:22 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-12 14:03 - 2013-12-12 14:03 - 00001103 _____ C:\Users\Karek\Desktop\SEO Administrator.lnk
2013-12-12 14:03 - 2013-06-05 10:45 - 00938496 _____ C:\Windows\SysWOW64\semtempl.dll
2013-12-12 14:03 - 2005-05-20 04:26 - 00343040 _____ C:\Windows\SysWOW64\arcdll.dll
2013-12-12 14:03 - 2004-06-14 16:19 - 00003072 _____ C:\Windows\SysWOW64\hashfunc.dll
2013-12-12 13:07 - 2013-12-12 13:07 - 00015327 _____ C:\Users\Karek\Desktop\LM.bat
2013-12-12 13:07 - 2013-11-25 08:41 - 01958440 _____ (Farbar) C:\Users\Karek\Desktop\FRST64.exe
==================== One Month Modified Files and Folders =======
2014-01-03 09:55 - 2014-01-03 09:54 - 00011696 _____ C:\Users\Karek\Desktop\FRST.txt
2014-01-03 09:52 - 2013-09-03 09:12 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 09:23 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 09:23 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 09:22 - 2011-04-12 09:34 - 00634308 _____ C:\Windows\system32\perfh005.dat
2014-01-03 09:22 - 2011-04-12 09:34 - 00122898 _____ C:\Windows\system32\perfc005.dat
2014-01-03 09:22 - 2009-07-14 06:13 - 01478586 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 09:19 - 2013-08-31 14:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-03 09:18 - 2013-08-31 14:44 - 00000000 ____D C:\Users\Karek\Documents\Soubory aplikace Outlook
2014-01-03 09:17 - 2013-11-27 16:07 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 09:17 - 2013-09-13 12:13 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Dropbox
2014-01-03 09:17 - 2013-08-31 15:13 - 00000010 _____ C:\Users\Karek\AppData\Local\.HG88C586-G30G-2HE2-DGDE-8H3E1D530D30
2014-01-03 09:17 - 2013-08-31 15:13 - 00000010 _____ C:\ProgramData\.F464B91F-G49F-3G3D-CFCD-9G7D2C141C96
2014-01-03 09:16 - 2013-12-16 13:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-03 09:16 - 2013-11-27 16:07 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 09:16 - 2013-09-13 13:06 - 00000000 ___RD C:\Users\Karek\Dropbox
2014-01-03 09:15 - 2013-08-31 16:04 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-03 09:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 09:15 - 2009-07-14 05:51 - 00034138 _____ C:\Windows\setupact.log
2013-12-20 15:25 - 2013-11-26 17:20 - 00001298 _____ C:\Users\Karek\daemonprocess.txt
2013-12-20 15:25 - 2013-08-31 15:42 - 01735887 _____ C:\Windows\WindowsUpdate.log
2013-12-20 15:16 - 2013-09-24 13:30 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Skype
2013-12-20 11:58 - 2013-09-24 08:54 - 00000000 ____D C:\seo projects
2013-12-20 09:49 - 2013-12-20 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 08:51 - 2013-12-20 08:51 - 00002764 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2013-12-20 08:51 - 2013-12-16 14:33 - 00000000 ____D C:\ProgramData\AVG
2013-12-19 10:04 - 2013-08-31 14:41 - 00136408 _____ C:\Users\Karek\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-19 09:12 - 2009-07-14 05:45 - 04199448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-18 17:23 - 2013-09-02 08:25 - 00000000 ____D C:\Users\Karek\.ScreamingFrogSEOSpider
2013-12-18 11:42 - 2013-12-18 11:42 - 00000951 _____ C:\Users\Public\Desktop\Balsamiq Mockups.lnk
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Users\Karek\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Program Files (x86)\Balsamiq Mockups
2013-12-17 14:31 - 2013-09-02 13:34 - 00001480 _____ C:\Users\Karek\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2013-12-17 08:58 - 2010-11-21 04:47 - 00014766 _____ C:\Windows\PFRO.log
2013-12-16 17:16 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Orbit
2013-12-16 14:34 - 2013-12-16 14:34 - 00002164 _____ C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2013-12-16 14:34 - 2013-12-16 14:34 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVG
2013-12-16 14:34 - 2013-12-16 14:34 - 00000000 ____D C:\Program Files (x86)\AVG PC TuneUp 2014
2013-12-16 14:33 - 2013-12-16 14:33 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\ProgSense
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\GrabPro
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Program Files (x86)\Orbitdownloader
2013-12-16 14:32 - 2013-11-26 17:19 - 00000000 ____D C:\Users\Karek\AppData\Roaming\OpenCandy
2013-12-16 14:21 - 2013-12-16 14:21 - 00000000 ____D C:\Program Files (x86)\DownloadToolz
2013-12-16 13:23 - 2013-12-16 13:23 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVAST Software
2013-12-16 13:22 - 2013-12-16 13:22 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-16 13:22 - 2013-12-16 13:22 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-16 13:22 - 2013-12-16 13:22 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-12 14:03 - 2013-12-12 14:03 - 00001103 _____ C:\Users\Karek\Desktop\SEO Administrator.lnk
2013-12-12 14:03 - 2013-09-02 08:18 - 00000000 ____D C:\ProgramData\SeoAdministrator
2013-12-12 14:03 - 2013-09-02 08:18 - 00000000 ____D C:\Program Files (x86)\seoadministrator
2013-12-12 13:07 - 2013-12-12 13:07 - 00015327 _____ C:\Users\Karek\Desktop\LM.bat
2013-12-12 13:07 - 2013-11-25 09:15 - 00000000 ____D C:\FRST
2013-12-10 13:12 - 2013-11-27 16:07 - 00003946 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-10 13:12 - 2013-11-27 16:07 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-10 09:19 - 2013-10-24 08:31 - 00000000 ____D C:\AdwCleaner
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-26 12:22
==================== End Of Log ============================
předem díky za radu.
Karel
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vyskakující reklama na internetu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
karelsoucek
- Návštěvník
- Příspěvky: 20
- Registrován: 25 lis 2013 09:20
Re: Vyskakující reklama na internetu
Zdravim 
Odinstalujte AVG PC TuneUp 2014 - naprosta zbytecnost
Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Odinstalujte AVG PC TuneUp 2014 - naprosta zbytecnost Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
- Ulozte nejlepe na plochu
- Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
- Probehne vytvoreni zalohy a nasledne prohledavani
- Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
karelsoucek
- Návštěvník
- Příspěvky: 20
- Registrován: 25 lis 2013 09:20
Re: Vyskakující reklama na internetu
JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Karek on p 03.01.2014 at 10:16:26,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&download by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&grab video by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\do&wnload selected by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\down&load all by orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\orbit_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f56bab3-2739-40ed-a8d0-1451657a9742}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9f56bab3-2739-40ed-a8d0-1451657a9742}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Karek\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Program Files (x86)\orbitdownloader"
~~~ FireFox
Emptied folder: C:\Users\Karek\AppData\Roaming\mozilla\firefox\profiles\bo3ol8i2.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 03.01.2014 at 10:25:07,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Karek on p 03.01.2014 at 10:16:26,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&download by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&grab video by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\do&wnload selected by orbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\down&load all by orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\orbit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\orbit_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f56bab3-2739-40ed-a8d0-1451657a9742}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9f56bab3-2739-40ed-a8d0-1451657a9742}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Karek\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Program Files (x86)\orbitdownloader"
~~~ FireFox
Emptied folder: C:\Users\Karek\AppData\Roaming\mozilla\firefox\profiles\bo3ol8i2.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 03.01.2014 at 10:25:07,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
karelsoucek
- Návštěvník
- Příspěvky: 20
- Registrován: 25 lis 2013 09:20
Re: Vyskakující reklama na internetu
Adw log:
# AdwCleaner v3.016 - Report created 03/01/2014 at 10:29:02
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Karek - KAREK-PC
# Running from : D:\instal_download\adwcleaner(3).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\Karek\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Karek\AppData\Local\PackageAware
Folder Deleted : C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Karek\Documents\Mobogenie
File Deleted : C:\Users\Karek\Desktop\Mobogenie.lnk
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilWebSparkle_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilWebSparkle_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]
Key Deleted : HKCU\Software\Smart PC Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart PC Cleaner_is1
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v26.0 (cs)
[ File : C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3311 octets] - [24/10/2013 08:32:00]
AdwCleaner[R1].txt - [1270 octets] - [25/11/2013 09:48:40]
AdwCleaner[R2].txt - [1245 octets] - [10/12/2013 09:18:57]
AdwCleaner[R3].txt - [2903 octets] - [03/01/2014 10:27:25]
AdwCleaner[S0].txt - [3284 octets] - [24/10/2013 08:34:44]
AdwCleaner[S1].txt - [1341 octets] - [25/11/2013 09:56:58]
AdwCleaner[S2].txt - [2822 octets] - [03/01/2014 10:29:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2882 octets] ##########
# AdwCleaner v3.016 - Report created 03/01/2014 at 10:29:02
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Karek - KAREK-PC
# Running from : D:\instal_download\adwcleaner(3).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\Karek\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Karek\AppData\Local\PackageAware
Folder Deleted : C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Karek\Documents\Mobogenie
File Deleted : C:\Users\Karek\Desktop\Mobogenie.lnk
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilWebSparkle_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilWebSparkle_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]
Key Deleted : HKCU\Software\Smart PC Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart PC Cleaner_is1
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v26.0 (cs)
[ File : C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3311 octets] - [24/10/2013 08:32:00]
AdwCleaner[R1].txt - [1270 octets] - [25/11/2013 09:48:40]
AdwCleaner[R2].txt - [1245 octets] - [10/12/2013 09:18:57]
AdwCleaner[R3].txt - [2903 octets] - [03/01/2014 10:27:25]
AdwCleaner[S0].txt - [3284 octets] - [24/10/2013 08:34:44]
AdwCleaner[S1].txt - [1341 octets] - [25/11/2013 09:56:58]
AdwCleaner[S2].txt - [2822 octets] - [03/01/2014 10:29:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2882 octets] ##########
Re: Vyskakující reklama na internetu
Smazte zastaraly FRST Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
karelsoucek
- Návštěvník
- Příspěvky: 20
- Registrován: 25 lis 2013 09:20
Re: Vyskakující reklama na internetu
Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 01/03/2014 11:14:37 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 01/03/2014 11:15:09 AM
Execution time: 0 hours(s), 0 minute(s), and 32 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 01/03/2014 11:14:37 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 01/03/2014 11:15:09 AM
Execution time: 0 hours(s), 0 minute(s), and 32 seconds(s)
Re: Vyskakující reklama na internetu
Pokracujte ComboFixem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
karelsoucek
- Návštěvník
- Příspěvky: 20
- Registrován: 25 lis 2013 09:20
Re: Vyskakující reklama na internetu
ComboFix 14-01-01.01 - Karek 03.01.2014 11:19:10.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2737 [GMT 1:00]
Spuštěný z: d:\instal_download\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-03 do 2014-01-03 )))))))))))))))))))))))))))))))
.
.
2014-01-03 10:23 . 2014-01-03 10:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-03 10:23 . 2014-01-03 10:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-03 10:23 . 2014-01-03 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-18 10:42 . 2013-12-18 10:42 -------- d-----w- c:\users\Karek\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2013-12-18 10:42 . 2013-12-18 10:42 -------- d-----w- c:\program files (x86)\Balsamiq Mockups
2013-12-16 13:34 . 2013-12-16 13:34 -------- d-----w- c:\users\Karek\AppData\Roaming\AVG
2013-12-16 13:33 . 2013-12-20 07:51 -------- d-----w- c:\programdata\AVG
2013-12-16 13:33 . 2013-12-16 13:33 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-16 13:33 . 2013-12-16 13:33 -------- d--h--w- c:\programdata\Common Files
2013-12-16 13:32 . 2013-12-16 13:32 -------- d-----w- c:\users\Karek\AppData\Roaming\ProgSense
2013-12-16 13:32 . 2013-12-16 13:59 -------- d-----w- C:\downloads
2013-12-16 13:32 . 2013-12-16 13:32 -------- d-----w- c:\users\Karek\AppData\Roaming\GrabPro
2013-12-16 13:32 . 2013-12-16 16:16 -------- d-----w- c:\users\Karek\AppData\Roaming\Orbit
2013-12-16 13:21 . 2013-12-16 13:21 -------- d-----w- c:\program files (x86)\DownloadToolz
2013-12-16 12:23 . 2013-12-16 12:23 -------- d-----w- c:\users\Karek\AppData\Roaming\AVAST Software
2013-12-16 12:22 . 2013-12-16 12:22 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-16 12:22 . 2013-12-16 12:22 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-16 12:22 . 2013-12-16 12:22 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-16 12:22 . 2013-12-16 12:22 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-16 12:22 . 2013-12-16 12:22 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-16 12:22 . 2013-12-16 12:22 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-16 12:22 . 2013-12-16 12:22 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-16 12:22 . 2013-12-16 12:22 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-16 12:22 . 2013-12-16 12:22 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-16 12:22 . 2013-12-16 12:22 43152 ----a-w- c:\windows\avastSS.scr
2013-12-16 12:19 . 2013-12-16 12:19 -------- d-----w- c:\program files\AVAST Software
2013-12-16 12:19 . 2013-12-16 12:19 -------- d-----w- c:\programdata\AVAST Software
2013-12-12 13:03 . 2005-05-20 03:26 343040 ----a-w- c:\windows\SysWow64\arcdll.dll
2013-12-12 13:03 . 2013-06-05 09:45 938496 ----a-w- c:\windows\SysWow64\semtempl.dll
2013-12-12 13:03 . 2004-06-14 15:19 3072 ----a-w- c:\windows\SysWow64\hashfunc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-27 15:15 . 2013-11-27 15:15 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 15:15 . 2013-11-27 15:15 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-27 15:15 . 2013-11-27 15:15 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 15:15 . 2013-11-27 15:15 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-27 15:15 . 2013-11-27 15:15 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 15:15 . 2013-11-27 15:15 855552 ----a-w- c:\windows\system32\jscript.dll
2013-11-27 15:15 . 2013-11-27 15:15 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-27 15:15 . 2013-11-27 15:15 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-27 15:15 . 2013-11-27 15:15 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-27 15:15 . 2013-11-27 15:15 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 15:15 . 2013-11-27 15:15 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 15:15 . 2013-11-27 15:15 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 15:15 . 2013-11-27 15:15 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-11-27 15:15 . 2013-11-27 15:15 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-27 15:15 . 2013-11-27 15:15 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-27 15:15 . 2013-11-27 15:15 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-27 15:15 . 2013-11-27 15:15 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-27 15:15 . 2013-11-27 15:15 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-11-27 15:15 . 2013-11-27 15:15 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-27 15:15 . 2013-11-27 15:15 526336 ----a-w- c:\windows\system32\ieui.dll
2013-11-27 15:15 . 2013-11-27 15:15 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-27 15:15 . 2013-11-27 15:15 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-27 15:15 . 2013-11-27 15:15 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-27 15:15 . 2013-11-27 15:15 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-11-27 15:15 . 2013-11-27 15:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-27 15:15 . 2013-11-27 15:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-27 15:15 . 2013-11-27 15:15 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-27 15:15 . 2013-11-27 15:15 441856 ----a-w- c:\windows\system32\html.iec
2013-11-27 15:15 . 2013-11-27 15:15 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-11-27 15:15 . 2013-11-27 15:15 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-11-27 15:15 . 2013-11-27 15:15 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-27 15:15 . 2013-11-27 15:15 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-11-27 15:15 . 2013-11-27 15:15 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-27 15:15 . 2013-11-27 15:15 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-27 15:15 . 2013-11-27 15:15 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-27 15:15 . 2013-11-27 15:15 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-27 15:15 . 2013-11-27 15:15 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-27 15:15 . 2013-11-27 15:15 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-27 15:15 . 2013-11-27 15:15 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-11-27 15:15 . 2013-11-27 15:15 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-11-27 15:15 . 2013-11-27 15:15 235008 ----a-w- c:\windows\system32\url.dll
2013-11-27 15:15 . 2013-11-27 15:15 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-27 15:15 . 2013-11-27 15:15 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-11-27 15:15 . 2013-11-27 15:15 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-11-27 15:15 . 2013-11-27 15:15 216064 ----a-w- c:\windows\system32\msls31.dll
2013-11-27 15:15 . 2013-11-27 15:15 197120 ----a-w- c:\windows\system32\msrating.dll
2013-11-27 15:15 . 2013-11-27 15:15 19269632 ----a-w- c:\windows\system32\mshtml.dll
2013-11-27 15:15 . 2013-11-27 15:15 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-27 15:15 . 2013-11-27 15:15 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-27 15:15 . 2013-11-27 15:15 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-27 15:15 . 2013-11-27 15:15 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-27 15:15 . 2013-11-27 15:15 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-27 15:15 . 2013-11-27 15:15 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-11-27 15:15 . 2013-11-27 15:15 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-27 15:15 . 2013-11-27 15:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-27 15:15 . 2013-11-27 15:15 149504 ----a-w- c:\windows\system32\occache.dll
2013-11-27 15:15 . 2013-11-27 15:15 144896 ----a-w- c:\windows\system32\wextract.exe
2013-11-27 15:15 . 2013-11-27 15:15 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-27 15:15 . 2013-11-27 15:15 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-27 15:15 . 2013-11-27 15:15 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-27 15:15 . 2013-11-27 15:15 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-27 15:15 . 2013-11-27 15:15 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-27 15:15 . 2013-11-27 15:15 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-27 15:15 . 2013-11-27 15:15 1364992 ----a-w- c:\windows\system32\urlmon.dll
2013-11-27 15:15 . 2013-11-27 15:15 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-11-27 15:15 . 2013-11-27 15:15 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-27 15:15 . 2013-11-27 15:15 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-27 15:15 . 2013-11-27 15:15 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-27 15:15 . 2013-11-27 15:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 15:15 . 2013-11-27 15:15 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-27 15:15 . 2013-11-27 15:15 102912 ----a-w- c:\windows\system32\inseng.dll
2013-11-27 15:14 . 2013-11-27 15:14 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-11-27 15:13 . 2013-11-27 15:13 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-11-27 15:13 . 2013-11-27 15:13 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-11-27 15:13 . 2013-11-27 15:13 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-11-27 15:13 . 2013-11-27 15:13 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FMCore.exe"="c:\program files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe" [2013-07-25 9504768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-16 3568312]
.
c:\users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 08:12 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-03 07:52]
.
2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27 15:07]
.
2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27 15:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-16 12:22 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{5F31578C-0FBE-44BE-8993-69BBDF586BD9}: NameServer = 213.46.172.36,213.46.172.37
FF - ProfilePath - c:\users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\
FF - ExtSQL: 2013-12-16 13:22; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-12-16 14:32; {35379F86-8CCB-4724-AE33-4278DE266C70}; c:\program files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{1E4A4C99-8BFE-3A41-916F- 9B3BB6D83D6}_is1 - c:\program files (x86)\Total Commander 8.01 Final (x64
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-01-03 11:25:40
ComboFix-quarantined-files.txt 2014-01-03 10:25
ComboFix2.txt 2013-10-16 12:49
.
Před spuštěním: Volných bajtů: 346 418 823 168
Po spuštění: Volných bajtů: 346 809 270 272
.
- - End Of File - - A53A884833CC54E1667B5F46001B3561
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2737 [GMT 1:00]
Spuštěný z: d:\instal_download\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-03 do 2014-01-03 )))))))))))))))))))))))))))))))
.
.
2014-01-03 10:23 . 2014-01-03 10:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-03 10:23 . 2014-01-03 10:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-03 10:23 . 2014-01-03 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-18 10:42 . 2013-12-18 10:42 -------- d-----w- c:\users\Karek\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2013-12-18 10:42 . 2013-12-18 10:42 -------- d-----w- c:\program files (x86)\Balsamiq Mockups
2013-12-16 13:34 . 2013-12-16 13:34 -------- d-----w- c:\users\Karek\AppData\Roaming\AVG
2013-12-16 13:33 . 2013-12-20 07:51 -------- d-----w- c:\programdata\AVG
2013-12-16 13:33 . 2013-12-16 13:33 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-16 13:33 . 2013-12-16 13:33 -------- d--h--w- c:\programdata\Common Files
2013-12-16 13:32 . 2013-12-16 13:32 -------- d-----w- c:\users\Karek\AppData\Roaming\ProgSense
2013-12-16 13:32 . 2013-12-16 13:59 -------- d-----w- C:\downloads
2013-12-16 13:32 . 2013-12-16 13:32 -------- d-----w- c:\users\Karek\AppData\Roaming\GrabPro
2013-12-16 13:32 . 2013-12-16 16:16 -------- d-----w- c:\users\Karek\AppData\Roaming\Orbit
2013-12-16 13:21 . 2013-12-16 13:21 -------- d-----w- c:\program files (x86)\DownloadToolz
2013-12-16 12:23 . 2013-12-16 12:23 -------- d-----w- c:\users\Karek\AppData\Roaming\AVAST Software
2013-12-16 12:22 . 2013-12-16 12:22 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-16 12:22 . 2013-12-16 12:22 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-16 12:22 . 2013-12-16 12:22 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-16 12:22 . 2013-12-16 12:22 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-16 12:22 . 2013-12-16 12:22 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-16 12:22 . 2013-12-16 12:22 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-12-16 12:22 . 2013-12-16 12:22 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-16 12:22 . 2013-12-16 12:22 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-16 12:22 . 2013-12-16 12:22 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-16 12:22 . 2013-12-16 12:22 43152 ----a-w- c:\windows\avastSS.scr
2013-12-16 12:19 . 2013-12-16 12:19 -------- d-----w- c:\program files\AVAST Software
2013-12-16 12:19 . 2013-12-16 12:19 -------- d-----w- c:\programdata\AVAST Software
2013-12-12 13:03 . 2005-05-20 03:26 343040 ----a-w- c:\windows\SysWow64\arcdll.dll
2013-12-12 13:03 . 2013-06-05 09:45 938496 ----a-w- c:\windows\SysWow64\semtempl.dll
2013-12-12 13:03 . 2004-06-14 15:19 3072 ----a-w- c:\windows\SysWow64\hashfunc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-27 15:15 . 2013-11-27 15:15 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-27 15:15 . 2013-11-27 15:15 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-27 15:15 . 2013-11-27 15:15 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-27 15:15 . 2013-11-27 15:15 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-27 15:15 . 2013-11-27 15:15 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-27 15:15 . 2013-11-27 15:15 855552 ----a-w- c:\windows\system32\jscript.dll
2013-11-27 15:15 . 2013-11-27 15:15 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-27 15:15 . 2013-11-27 15:15 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-27 15:15 . 2013-11-27 15:15 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-27 15:15 . 2013-11-27 15:15 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-27 15:15 . 2013-11-27 15:15 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-27 15:15 . 2013-11-27 15:15 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-27 15:15 . 2013-11-27 15:15 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-11-27 15:15 . 2013-11-27 15:15 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-27 15:15 . 2013-11-27 15:15 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-27 15:15 . 2013-11-27 15:15 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-27 15:15 . 2013-11-27 15:15 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-27 15:15 . 2013-11-27 15:15 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-11-27 15:15 . 2013-11-27 15:15 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-27 15:15 . 2013-11-27 15:15 526336 ----a-w- c:\windows\system32\ieui.dll
2013-11-27 15:15 . 2013-11-27 15:15 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-27 15:15 . 2013-11-27 15:15 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-27 15:15 . 2013-11-27 15:15 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-27 15:15 . 2013-11-27 15:15 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-11-27 15:15 . 2013-11-27 15:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-27 15:15 . 2013-11-27 15:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-27 15:15 . 2013-11-27 15:15 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-27 15:15 . 2013-11-27 15:15 441856 ----a-w- c:\windows\system32\html.iec
2013-11-27 15:15 . 2013-11-27 15:15 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-11-27 15:15 . 2013-11-27 15:15 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-11-27 15:15 . 2013-11-27 15:15 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-27 15:15 . 2013-11-27 15:15 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-11-27 15:15 . 2013-11-27 15:15 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-27 15:15 . 2013-11-27 15:15 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-27 15:15 . 2013-11-27 15:15 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-27 15:15 . 2013-11-27 15:15 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-27 15:15 . 2013-11-27 15:15 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-27 15:15 . 2013-11-27 15:15 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-27 15:15 . 2013-11-27 15:15 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-11-27 15:15 . 2013-11-27 15:15 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-11-27 15:15 . 2013-11-27 15:15 235008 ----a-w- c:\windows\system32\url.dll
2013-11-27 15:15 . 2013-11-27 15:15 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-27 15:15 . 2013-11-27 15:15 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-11-27 15:15 . 2013-11-27 15:15 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-11-27 15:15 . 2013-11-27 15:15 216064 ----a-w- c:\windows\system32\msls31.dll
2013-11-27 15:15 . 2013-11-27 15:15 197120 ----a-w- c:\windows\system32\msrating.dll
2013-11-27 15:15 . 2013-11-27 15:15 19269632 ----a-w- c:\windows\system32\mshtml.dll
2013-11-27 15:15 . 2013-11-27 15:15 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-27 15:15 . 2013-11-27 15:15 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-27 15:15 . 2013-11-27 15:15 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-27 15:15 . 2013-11-27 15:15 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-27 15:15 . 2013-11-27 15:15 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-27 15:15 . 2013-11-27 15:15 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-11-27 15:15 . 2013-11-27 15:15 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-27 15:15 . 2013-11-27 15:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-27 15:15 . 2013-11-27 15:15 149504 ----a-w- c:\windows\system32\occache.dll
2013-11-27 15:15 . 2013-11-27 15:15 144896 ----a-w- c:\windows\system32\wextract.exe
2013-11-27 15:15 . 2013-11-27 15:15 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-27 15:15 . 2013-11-27 15:15 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-27 15:15 . 2013-11-27 15:15 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-27 15:15 . 2013-11-27 15:15 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-27 15:15 . 2013-11-27 15:15 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-27 15:15 . 2013-11-27 15:15 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-27 15:15 . 2013-11-27 15:15 1364992 ----a-w- c:\windows\system32\urlmon.dll
2013-11-27 15:15 . 2013-11-27 15:15 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-11-27 15:15 . 2013-11-27 15:15 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-27 15:15 . 2013-11-27 15:15 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-27 15:15 . 2013-11-27 15:15 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-27 15:15 . 2013-11-27 15:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-27 15:15 . 2013-11-27 15:15 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-27 15:15 . 2013-11-27 15:15 102912 ----a-w- c:\windows\system32\inseng.dll
2013-11-27 15:14 . 2013-11-27 15:14 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-11-27 15:13 . 2013-11-27 15:13 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-11-27 15:13 . 2013-11-27 15:13 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-11-27 15:13 . 2013-11-27 15:13 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-11-27 15:13 . 2013-11-27 15:13 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-27 15:13 . 2013-11-27 15:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FMCore.exe"="c:\program files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe" [2013-07-25 9504768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-16 3568312]
.
c:\users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 08:12 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-03 07:52]
.
2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27 15:07]
.
2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-27 15:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-16 12:22 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Karek\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: Interfaces\{5F31578C-0FBE-44BE-8993-69BBDF586BD9}: NameServer = 213.46.172.36,213.46.172.37
FF - ProfilePath - c:\users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\
FF - ExtSQL: 2013-12-16 13:22; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-12-16 14:32; {35379F86-8CCB-4724-AE33-4278DE266C70}; c:\program files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{1E4A4C99-8BFE-3A41-916F- 9B3BB6D83D6}_is1 - c:\program files (x86)\Total Commander 8.01 Final (x64
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-01-03 11:25:40
ComboFix-quarantined-files.txt 2014-01-03 10:25
ComboFix2.txt 2013-10-16 12:49
.
Před spuštěním: Volných bajtů: 346 418 823 168
Po spuštění: Volných bajtů: 346 809 270 272
.
- - End Of File - - A53A884833CC54E1667B5F46001B3561
A36C5E4F47E84449FF07ED3517B43A31
Re: Vyskakující reklama na internetu
Udelejte log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
karelsoucek
- Návštěvník
- Příspěvky: 20
- Registrován: 25 lis 2013 09:20
Re: Vyskakující reklama na internetu
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by Karek (administrator) on KAREK-PC on 03-01-2014 17:18:07
Running from C:\Users\Karek\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-16] (AVAST Software)
HKCU\...\Run: [FMCore.exe] - C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe [9504768 2013-07-25] (Celartem, Inc., doing business as Extensis.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20551328 2013-10-21] (Skype Technologies S.A.)
Startup: C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{5F31578C-0FBE-44BE-8993-69BBDF586BD9}: [NameServer]213.46.172.36,213.46.172.37
FireFox:
========
FF ProfilePath: C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll (Search.Us.com)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Seznam lištička - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: Firebug - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: WebSparkle - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firefox@websparkle.biz.xpi
FF Extension: SEOProfesional - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seo@profesional.xpi
FF Extension: SEO Status PageRank/Alexa Toolbar - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seostatus@rubyweb.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [sea-condensed@plugin.org] - C:\Program Files (x86)\The Sea App (Firefox)
FF Extension: The SEA App (C) - C:\Program Files (x86)\The Sea App (Firefox)
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! Online Security) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-16] (AVAST Software)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-12-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-08-31] ()
U3 aco2f2gm; C:\Windows\System32\Drivers\aco2f2gm.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 Update LinkSwift;
U4 Update WebSparkle;
U4 Util LinkSwift;
U4 Util WebSparkle;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-03 17:18 - 2014-01-03 17:18 - 00010810 _____ C:\Users\Karek\Desktop\FRST.txt
2014-01-03 17:16 - 2014-01-03 17:15 - 00112640 _____ (forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
2014-01-03 17:16 - 2014-01-03 17:13 - 01931750 _____ (Farbar) C:\Users\Karek\Desktop\FRST64.exe
2014-01-03 11:25 - 2014-01-03 11:25 - 00021171 _____ C:\ComboFix.txt
2014-01-03 11:14 - 2014-01-03 11:15 - 00002040 _____ C:\Users\Karek\Desktop\Rkill.txt
2013-12-20 09:49 - 2013-12-20 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 11:42 - 2013-12-18 11:42 - 00000951 _____ C:\Users\Public\Desktop\Balsamiq Mockups.lnk
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Users\Karek\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Program Files (x86)\Balsamiq Mockups
2013-12-16 14:34 - 2013-12-16 14:34 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVG
2013-12-16 14:33 - 2013-12-20 08:51 - 00000000 ____D C:\ProgramData\AVG
2013-12-16 14:33 - 2013-12-16 14:33 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-16 14:32 - 2013-12-16 17:16 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Orbit
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\ProgSense
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\GrabPro
2013-12-16 14:21 - 2013-12-16 14:21 - 00000000 ____D C:\Program Files (x86)\DownloadToolz
2013-12-16 13:23 - 2013-12-16 13:23 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVAST Software
2013-12-16 13:22 - 2014-01-03 09:16 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-16 13:22 - 2013-12-16 13:22 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-16 13:22 - 2013-12-16 13:22 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-16 13:22 - 2013-12-16 13:22 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-12 14:03 - 2013-12-12 14:03 - 00001103 _____ C:\Users\Karek\Desktop\SEO Administrator.lnk
2013-12-12 14:03 - 2013-06-05 10:45 - 00938496 _____ C:\Windows\SysWOW64\semtempl.dll
2013-12-12 14:03 - 2005-05-20 04:26 - 00343040 _____ C:\Windows\SysWOW64\arcdll.dll
2013-12-12 14:03 - 2004-06-14 16:19 - 00003072 _____ C:\Windows\SysWOW64\hashfunc.dll
==================== One Month Modified Files and Folders =======
2014-01-03 17:18 - 2014-01-03 17:18 - 00010810 _____ C:\Users\Karek\Desktop\FRST.txt
2014-01-03 17:18 - 2013-08-31 14:44 - 00000000 ____D C:\Users\Karek\Documents\Soubory aplikace Outlook
2014-01-03 17:17 - 2013-11-27 16:07 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 17:17 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 17:17 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 17:15 - 2014-01-03 17:16 - 00112640 _____ (forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
2014-01-03 17:13 - 2014-01-03 17:16 - 01931750 _____ (Farbar) C:\Users\Karek\Desktop\FRST64.exe
2014-01-03 17:07 - 2013-09-24 13:30 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Skype
2014-01-03 16:52 - 2013-09-03 09:12 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 14:56 - 2013-08-31 15:13 - 00000010 _____ C:\Users\Karek\AppData\Local\.HG88C586-G30G-2HE2-DGDE-8H3E1D530D30
2014-01-03 14:56 - 2013-08-31 15:13 - 00000010 _____ C:\ProgramData\.F464B91F-G49F-3G3D-CFCD-9G7D2C141C96
2014-01-03 13:17 - 2013-11-27 16:07 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 11:25 - 2014-01-03 11:25 - 00021171 _____ C:\ComboFix.txt
2014-01-03 11:25 - 2013-10-16 13:41 - 00000000 ____D C:\Qoobox
2014-01-03 11:24 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-03 11:15 - 2014-01-03 11:14 - 00002040 _____ C:\Users\Karek\Desktop\Rkill.txt
2014-01-03 10:35 - 2011-04-12 09:34 - 00634308 _____ C:\Windows\system32\perfh005.dat
2014-01-03 10:35 - 2011-04-12 09:34 - 00122898 _____ C:\Windows\system32\perfc005.dat
2014-01-03 10:35 - 2009-07-14 06:13 - 01478586 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 10:34 - 2013-08-31 15:42 - 01774429 _____ C:\Windows\WindowsUpdate.log
2014-01-03 10:31 - 2013-09-13 13:06 - 00000000 ___RD C:\Users\Karek\Dropbox
2014-01-03 10:31 - 2013-09-13 12:13 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Dropbox
2014-01-03 10:30 - 2013-08-31 16:04 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-03 10:30 - 2013-08-31 14:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-03 10:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 10:30 - 2009-07-14 05:51 - 00034194 _____ C:\Windows\setupact.log
2014-01-03 10:29 - 2013-10-24 08:31 - 00000000 ____D C:\AdwCleaner
2014-01-03 09:16 - 2013-12-16 13:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-20 15:25 - 2013-11-26 17:20 - 00001298 _____ C:\Users\Karek\daemonprocess.txt
2013-12-20 11:58 - 2013-09-24 08:54 - 00000000 ____D C:\seo projects
2013-12-20 09:49 - 2013-12-20 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 08:51 - 2013-12-16 14:33 - 00000000 ____D C:\ProgramData\AVG
2013-12-19 10:04 - 2013-08-31 14:41 - 00136408 _____ C:\Users\Karek\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-19 09:12 - 2009-07-14 05:45 - 04199448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-18 17:23 - 2013-09-02 08:25 - 00000000 ____D C:\Users\Karek\.ScreamingFrogSEOSpider
2013-12-18 11:42 - 2013-12-18 11:42 - 00000951 _____ C:\Users\Public\Desktop\Balsamiq Mockups.lnk
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Users\Karek\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Program Files (x86)\Balsamiq Mockups
2013-12-17 14:31 - 2013-09-02 13:34 - 00001480 _____ C:\Users\Karek\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2013-12-17 08:58 - 2010-11-21 04:47 - 00014766 _____ C:\Windows\PFRO.log
2013-12-16 17:16 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Orbit
2013-12-16 14:34 - 2013-12-16 14:34 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVG
2013-12-16 14:33 - 2013-12-16 14:33 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\ProgSense
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\GrabPro
2013-12-16 14:21 - 2013-12-16 14:21 - 00000000 ____D C:\Program Files (x86)\DownloadToolz
2013-12-16 13:23 - 2013-12-16 13:23 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVAST Software
2013-12-16 13:22 - 2013-12-16 13:22 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-16 13:22 - 2013-12-16 13:22 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-16 13:22 - 2013-12-16 13:22 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-12 14:03 - 2013-12-12 14:03 - 00001103 _____ C:\Users\Karek\Desktop\SEO Administrator.lnk
2013-12-12 14:03 - 2013-09-02 08:18 - 00000000 ____D C:\ProgramData\SeoAdministrator
2013-12-12 14:03 - 2013-09-02 08:18 - 00000000 ____D C:\Program Files (x86)\seoadministrator
2013-12-12 13:07 - 2013-11-25 09:15 - 00000000 ____D C:\FRST
2013-12-10 13:12 - 2013-11-27 16:07 - 00003946 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-10 13:12 - 2013-11-27 16:07 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-26 12:22
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:368.01 GB) (Free:322.7 GB) NTFS
Drive d: (decko) (Fixed) (Total:97.66 GB) (Free:95.48 GB) NTFS
Drive z: (data) (Network) (Total:2746.24 GB) (Free:1087.82 GB) NTFS
Available physical RAM: 2365.79 MB
Total physical RAM: 4094.49 MB
Percentage of memory in use: 42%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A859C709)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\Karek\Local Settings:IosHsoDjFJa6bx3Bw8MWLlMC
AlternateDataStreams: C:\Users\Karek\AppData\Local:IosHsoDjFJa6bx3Bw8MWLlMC
AlternateDataStreams: C:\Users\Karek\AppData\Local\Data aplikací:IosHsoDjFJa6bx3Bw8MWLlMC
AlternateDataStreams: C:\Users\Karek\AppData\Local\Temporary Internet Files:PiLQST2Urskr3a0c9vwpXsDW
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Karek\Desktop" je 2 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv
C:\Windows\inf\ntvdm.vbe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Karek (administrator) on KAREK-PC on 03-01-2014 17:18:07
Running from C:\Users\Karek\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-16] (AVAST Software)
HKCU\...\Run: [FMCore.exe] - C:\Program Files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe [9504768 2013-07-25] (Celartem, Inc., doing business as Extensis.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20551328 2013-10-21] (Skype Technologies S.A.)
Startup: C:\Users\Karek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{5F31578C-0FBE-44BE-8993-69BBDF586BD9}: [NameServer]213.46.172.36,213.46.172.37
FireFox:
========
FF ProfilePath: C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2.dll (Search.Us.com)
FF Plugin HKCU: @tnt2ghost.com/Plugin - C:\Users\Karek\AppData\Local\TNT2\2.0.0.1599\npTNT2ghost.dll (Search.Us.com)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Seznam lištička - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: Firebug - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: WebSparkle - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\firefox@websparkle.biz.xpi
FF Extension: SEOProfesional - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seo@profesional.xpi
FF Extension: SEO Status PageRank/Alexa Toolbar - C:\Users\Karek\AppData\Roaming\Mozilla\Firefox\Profiles\bo3ol8i2.default\Extensions\seostatus@rubyweb.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [sea-condensed@plugin.org] - C:\Program Files (x86)\The Sea App (Firefox)
FF Extension: The SEA App (C) - C:\Program Files (x86)\The Sea App (Firefox)
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! Online Security) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Karek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-16] (AVAST Software)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-12-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-12-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-12-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-12-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-12-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-12-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-08-31] ()
U3 aco2f2gm; C:\Windows\System32\Drivers\aco2f2gm.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 Update LinkSwift;
U4 Update WebSparkle;
U4 Util LinkSwift;
U4 Util WebSparkle;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-03 17:18 - 2014-01-03 17:18 - 00010810 _____ C:\Users\Karek\Desktop\FRST.txt
2014-01-03 17:16 - 2014-01-03 17:15 - 00112640 _____ (forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
2014-01-03 17:16 - 2014-01-03 17:13 - 01931750 _____ (Farbar) C:\Users\Karek\Desktop\FRST64.exe
2014-01-03 11:25 - 2014-01-03 11:25 - 00021171 _____ C:\ComboFix.txt
2014-01-03 11:14 - 2014-01-03 11:15 - 00002040 _____ C:\Users\Karek\Desktop\Rkill.txt
2013-12-20 09:49 - 2013-12-20 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 11:42 - 2013-12-18 11:42 - 00000951 _____ C:\Users\Public\Desktop\Balsamiq Mockups.lnk
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Users\Karek\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Program Files (x86)\Balsamiq Mockups
2013-12-16 14:34 - 2013-12-16 14:34 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVG
2013-12-16 14:33 - 2013-12-20 08:51 - 00000000 ____D C:\ProgramData\AVG
2013-12-16 14:33 - 2013-12-16 14:33 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-16 14:32 - 2013-12-16 17:16 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Orbit
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\ProgSense
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\GrabPro
2013-12-16 14:21 - 2013-12-16 14:21 - 00000000 ____D C:\Program Files (x86)\DownloadToolz
2013-12-16 13:23 - 2013-12-16 13:23 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVAST Software
2013-12-16 13:22 - 2014-01-03 09:16 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-16 13:22 - 2013-12-16 13:22 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-16 13:22 - 2013-12-16 13:22 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-16 13:22 - 2013-12-16 13:22 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-12 14:03 - 2013-12-12 14:03 - 00001103 _____ C:\Users\Karek\Desktop\SEO Administrator.lnk
2013-12-12 14:03 - 2013-06-05 10:45 - 00938496 _____ C:\Windows\SysWOW64\semtempl.dll
2013-12-12 14:03 - 2005-05-20 04:26 - 00343040 _____ C:\Windows\SysWOW64\arcdll.dll
2013-12-12 14:03 - 2004-06-14 16:19 - 00003072 _____ C:\Windows\SysWOW64\hashfunc.dll
==================== One Month Modified Files and Folders =======
2014-01-03 17:18 - 2014-01-03 17:18 - 00010810 _____ C:\Users\Karek\Desktop\FRST.txt
2014-01-03 17:18 - 2013-08-31 14:44 - 00000000 ____D C:\Users\Karek\Documents\Soubory aplikace Outlook
2014-01-03 17:17 - 2013-11-27 16:07 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 17:17 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 17:17 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-03 17:15 - 2014-01-03 17:16 - 00112640 _____ (forum.viry.cz) C:\Users\Karek\Desktop\FRSTLauncher.exe
2014-01-03 17:13 - 2014-01-03 17:16 - 01931750 _____ (Farbar) C:\Users\Karek\Desktop\FRST64.exe
2014-01-03 17:07 - 2013-09-24 13:30 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Skype
2014-01-03 16:52 - 2013-09-03 09:12 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-03 14:56 - 2013-08-31 15:13 - 00000010 _____ C:\Users\Karek\AppData\Local\.HG88C586-G30G-2HE2-DGDE-8H3E1D530D30
2014-01-03 14:56 - 2013-08-31 15:13 - 00000010 _____ C:\ProgramData\.F464B91F-G49F-3G3D-CFCD-9G7D2C141C96
2014-01-03 13:17 - 2013-11-27 16:07 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-03 11:25 - 2014-01-03 11:25 - 00021171 _____ C:\ComboFix.txt
2014-01-03 11:25 - 2013-10-16 13:41 - 00000000 ____D C:\Qoobox
2014-01-03 11:24 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-03 11:15 - 2014-01-03 11:14 - 00002040 _____ C:\Users\Karek\Desktop\Rkill.txt
2014-01-03 10:35 - 2011-04-12 09:34 - 00634308 _____ C:\Windows\system32\perfh005.dat
2014-01-03 10:35 - 2011-04-12 09:34 - 00122898 _____ C:\Windows\system32\perfc005.dat
2014-01-03 10:35 - 2009-07-14 06:13 - 01478586 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 10:34 - 2013-08-31 15:42 - 01774429 _____ C:\Windows\WindowsUpdate.log
2014-01-03 10:31 - 2013-09-13 13:06 - 00000000 ___RD C:\Users\Karek\Dropbox
2014-01-03 10:31 - 2013-09-13 12:13 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Dropbox
2014-01-03 10:30 - 2013-08-31 16:04 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-03 10:30 - 2013-08-31 14:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-03 10:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-03 10:30 - 2009-07-14 05:51 - 00034194 _____ C:\Windows\setupact.log
2014-01-03 10:29 - 2013-10-24 08:31 - 00000000 ____D C:\AdwCleaner
2014-01-03 09:16 - 2013-12-16 13:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-20 15:25 - 2013-11-26 17:20 - 00001298 _____ C:\Users\Karek\daemonprocess.txt
2013-12-20 11:58 - 2013-09-24 08:54 - 00000000 ____D C:\seo projects
2013-12-20 09:49 - 2013-12-20 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 08:51 - 2013-12-16 14:33 - 00000000 ____D C:\ProgramData\AVG
2013-12-19 10:04 - 2013-08-31 14:41 - 00136408 _____ C:\Users\Karek\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-19 09:12 - 2009-07-14 05:45 - 04199448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-18 17:23 - 2013-09-02 08:25 - 00000000 ____D C:\Users\Karek\.ScreamingFrogSEOSpider
2013-12-18 11:42 - 2013-12-18 11:42 - 00000951 _____ C:\Users\Public\Desktop\Balsamiq Mockups.lnk
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Users\Karek\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2013-12-18 11:42 - 2013-12-18 11:42 - 00000000 ____D C:\Program Files (x86)\Balsamiq Mockups
2013-12-17 14:31 - 2013-09-02 13:34 - 00001480 _____ C:\Users\Karek\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2013-12-17 08:58 - 2010-11-21 04:47 - 00014766 _____ C:\Windows\PFRO.log
2013-12-16 17:16 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\Orbit
2013-12-16 14:34 - 2013-12-16 14:34 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVG
2013-12-16 14:33 - 2013-12-16 14:33 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\ProgSense
2013-12-16 14:32 - 2013-12-16 14:32 - 00000000 ____D C:\Users\Karek\AppData\Roaming\GrabPro
2013-12-16 14:21 - 2013-12-16 14:21 - 00000000 ____D C:\Program Files (x86)\DownloadToolz
2013-12-16 13:23 - 2013-12-16 13:23 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVAST Software
2013-12-16 13:22 - 2013-12-16 13:22 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-16 13:22 - 2013-12-16 13:22 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-16 13:22 - 2013-12-16 13:22 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-16 13:22 - 2013-12-16 13:22 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-16 13:19 - 2013-12-16 13:19 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-12 14:03 - 2013-12-12 14:03 - 00001103 _____ C:\Users\Karek\Desktop\SEO Administrator.lnk
2013-12-12 14:03 - 2013-09-02 08:18 - 00000000 ____D C:\ProgramData\SeoAdministrator
2013-12-12 14:03 - 2013-09-02 08:18 - 00000000 ____D C:\Program Files (x86)\seoadministrator
2013-12-12 13:07 - 2013-11-25 09:15 - 00000000 ____D C:\FRST
2013-12-10 13:12 - 2013-11-27 16:07 - 00003946 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-10 13:12 - 2013-11-27 16:07 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-26 12:22
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:368.01 GB) (Free:322.7 GB) NTFS
Drive d: (decko) (Fixed) (Total:97.66 GB) (Free:95.48 GB) NTFS
Drive z: (data) (Network) (Total:2746.24 GB) (Free:1087.82 GB) NTFS
Available physical RAM: 2365.79 MB
Total physical RAM: 4094.49 MB
Percentage of memory in use: 42%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A859C709)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\Karek\Local Settings:IosHsoDjFJa6bx3Bw8MWLlMC
AlternateDataStreams: C:\Users\Karek\AppData\Local:IosHsoDjFJa6bx3Bw8MWLlMC
AlternateDataStreams: C:\Users\Karek\AppData\Local\Data aplikací:IosHsoDjFJa6bx3Bw8MWLlMC
AlternateDataStreams: C:\Users\Karek\AppData\Local\Temporary Internet Files:PiLQST2Urskr3a0c9vwpXsDW
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Karek\Desktop" je 2 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv
C:\Windows\inf\ntvdm.vbe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Re: Vyskakující reklama na internetu
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20551328 2013-10-21] (Skype Technologies S.A.) S3 catchme; \??\C:\ComboFix\catchme.sys [x] U4 Update LinkSwift; U4 Update WebSparkle; U4 Util LinkSwift; U4 Util WebSparkle; 2013-12-16 14:34 - 2013-12-16 14:34 - 00000000 ____D C:\Users\Karek\AppData\Roaming\AVG 2013-12-16 14:33 - 2013-12-20 08:51 - 00000000 ____D C:\ProgramData\AVG 2013-12-16 14:33 - 2013-12-16 14:33 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-01-03 11:14 - 2014-01-03 11:15 - 00002040 _____ C:\Users\Karek\Desktop\Rkill.txt Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\Users\Karek\Local Settings:IosHsoDjFJa6bx3Bw8MWLlMC AlternateDataStreams: C:\Users\Karek\AppData\Local:IosHsoDjFJa6bx3Bw8MWLlMC AlternateDataStreams: C:\Users\Karek\AppData\Local\Data aplikací:IosHsoDjFJa6bx3Bw8MWLlMC AlternateDataStreams: C:\Users\Karek\AppData\Local\Temporary Internet Files:PiLQST2Urskr3a0c9vwpXsDW C:\Windows\inf\ntvdm.vbe REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f Hosts: CMD: shutdown /r /f /t 2 End- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?