Policie ČR - FRST

[the.freeze]

Dobrý den,

Ráno mi v prohlížeči vyskočil vir Policie ČR, tak jsem zkoušel projet PC ESET Online Scannerem a Norton Power Eraserem a nic to nenašlo. Od té doby už se mi Policie ČR neukázala, ale pochybuju, že to jen tak zmizelo. Někdo se s tímto virem prý nemůže dostat do safe modu, to mě jde v pohodě.

Takže tady ten log z FRSTu:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by JL (administrator) on JL-PC on 07-01-2014 18:11:04
Running from C:\Users\JL\Desktop
Microsoft Windows 7 Professional (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\JL\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-12-11] ()
HKCU\...\Run: [GarenaPlus] - C:\Program Files\Garena Plus\GarenaMessenger.exe [9890608 2013-11-21] ()
MountPoints2: {33d2785e-b154-11e2-8bb7-0015c5560449} - F:\RunGame.exe
MountPoints2: {998955ff-628b-11e3-b1f7-0015c5560449} - E:\SISetup.exe
Startup: C:\Users\JL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk
ShortcutTarget: Warcraft Config.lnk -> C:\Program Files\Warcraft III Reign of Chaos & The Frozen Throne\support\config.exe (No File)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{953BE56C-834D-458D-915D-A3C4E4CFCAEA}: [NameServer]77.48.100.254,78.48.100.254

FireFox:
========
FF ProfilePath: C:\Users\JL\AppData\Roaming\Mozilla\Firefox\Profiles\82jyx6m3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin: @t.garena.com/garenatalk - C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\JL\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\JL\AppData\Roaming\Mozilla\Firefox\Profiles\82jyx6m3.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR RestoreOnStartup: "hxxp://www.seznam.cz/", "https://www.facebook.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\30.1_0
CHR Extension: (Google Docs) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Email) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Slovn\u00EDk) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0
CHR Extension: (YouTube) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (Google Play Books) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.9_0
CHR Extension: (Google Wallet) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Rychl\u00E1 volba) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.5.14_0
CHR Extension: (Gmail) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-12-11] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-06] (DT Soft Ltd)
S3 NANMp50; C:\Windows\System32\Drivers\NANMp50.sys [36408 2010-03-25] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NANSp50; C:\Windows\System32\Drivers\NANSp50.sys [35384 2010-03-25] (Printing Communications Assoc., Inc. (PCAUSA))
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-31] (Avira GmbH)
R1 TsLwWfF; C:\Windows\System32\DRIVERS\TsLwWfF.sys [25288 2013-07-26] (TamoSoft)
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-07 18:09 - 2014-01-07 18:11 - 00010820 _____ C:\Users\JL\Desktop\FRST.txt
2014-01-07 18:06 - 2014-01-07 18:06 - 01064805 _____ (Farbar) C:\Users\JL\Desktop\FRST.exe
2014-01-07 18:06 - 2014-01-07 18:06 - 00112640 _____ (forum.viry.cz) C:\Users\JL\Desktop\FRSTLauncher.exe
2014-01-07 17:49 - 2014-01-07 17:49 - 00000000 ____D C:\FRST
2014-01-07 08:01 - 2014-01-07 08:01 - 02347384 _____ (ESET) C:\Users\JL\Desktop\esetsmartinstaller_csy.exe
2014-01-07 08:01 - 2014-01-07 08:01 - 00000000 ____D C:\Program Files\ESET
2014-01-07 07:41 - 2014-01-07 17:19 - 00000000 ____D C:\Users\JL\AppData\Local\NPE
2014-01-07 07:41 - 2014-01-07 07:41 - 03062248 ____N (Symantec Corporation) C:\Users\JL\Desktop\NPE.exe
2014-01-07 07:41 - 2014-01-07 07:41 - 00000000 ____D C:\ProgramData\Norton
2014-01-05 15:35 - 2014-01-05 21:29 - 00000000 ____D C:\Users\JL\Desktop\metodika
2014-01-03 19:01 - 2014-01-03 19:01 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-03 18:52 - 2012-09-27 01:30 - 00100256 _____ (HP) C:\Windows\system32\HPSIsvc.exe
2014-01-03 18:51 - 2014-01-03 18:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_mvusbews_01009.Wdf
2014-01-03 18:50 - 2014-01-03 18:50 - 00000000 ____D C:\Program Files\HP
2014-01-03 18:50 - 2012-09-26 06:45 - 01461992 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-01-03 18:50 - 2012-09-26 06:45 - 00017408 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvusbews.sys
2014-01-03 18:50 - 2012-08-31 15:01 - 01511424 _____ C:\Windows\system32\HP1100SM.EXE
2014-01-03 18:50 - 2012-08-31 15:01 - 00151552 _____ C:\Windows\system32\HP1100LM.DLL
2014-01-03 18:50 - 2012-08-31 08:10 - 00284160 _____ C:\Windows\system32\mvhlewsi.dll
2014-01-03 18:49 - 2012-09-26 06:45 - 00081920 _____ C:\Windows\system32\mvusbews.dll
2014-01-03 18:49 - 2012-09-26 06:45 - 00048128 _____ C:\Windows\system32\HP1100SMs.dll
2013-12-22 18:22 - 2013-12-22 18:22 - 00016481 _____ C:\Users\JL\Downloads\[kickass.to]dobry.will.hunting.good.will.hunting.cz.dvdrip.by.soty.torrent
2013-12-21 18:12 - 2013-12-21 18:12 - 00000000 ____D C:\Users\JL\AppData\Local\Launcher
2013-12-21 18:08 - 2013-12-21 18:08 - 00000000 ____D C:\Users\JL\AppData\Local\id Software
2013-12-21 18:07 - 2013-12-21 18:07 - 00000997 _____ C:\Users\Public\Desktop\Quake Live.lnk
2013-12-21 18:07 - 2013-12-21 18:07 - 00000000 ____D C:\Program Files\Quake Live
2013-12-21 18:06 - 2013-12-21 18:06 - 06024320 _____ C:\Users\JL\Downloads\QuakeLiveSetup_841.exe
2013-12-16 20:16 - 2013-12-16 20:16 - 00000000 ____D C:\Users\JL\AppData\Roaming\Unity
2013-12-16 20:11 - 2013-12-16 20:11 - 01050264 _____ (Unity Technologies ApS) C:\Users\JL\Downloads\UnityWebPlayer.exe
2013-12-13 15:26 - 2013-12-23 19:56 - 00000000 ____D C:\Users\JL\Downloads\foto
2013-12-13 07:22 - 2013-12-13 19:11 - 00000000 ____D C:\Users\JL\Downloads\ITC
2013-12-11 20:56 - 2013-12-11 20:56 - 00049304 _____ C:\Users\JL\Downloads\The-Wolverine(0000226777).srt
2013-12-11 19:49 - 2013-12-11 19:50 - 00053958 _____ C:\Users\JL\Downloads\The-Wolverine(0000226817).srt
2013-12-11 18:49 - 2013-12-11 18:49 - 00001143 _____ C:\Users\JL\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-12-11 18:49 - 2013-12-11 18:49 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-12-11 18:21 - 2013-12-11 18:41 - 00000000 ____D C:\AdwCleaner
2013-12-11 18:21 - 2013-12-11 18:21 - 01226802 _____ C:\Users\JL\Downloads\adwcleaner.exe
2013-12-09 09:02 - 2013-12-09 09:02 - 00103780 _____ C:\Users\JL\Downloads\The-Hobbit-An-Unexpected-Journey(0000210380).srt
2013-12-08 20:12 - 2013-12-08 20:12 - 00098591 _____ C:\Users\JL\Downloads\Men-in-Black-3(0000224959).srt
2013-12-08 14:27 - 2013-12-08 14:27 - 00046751 _____ C:\Users\JL\Downloads\Riddick(0000228062).srt
2013-12-08 14:26 - 2013-12-08 14:26 - 00025441 _____ C:\Users\JL\Downloads\the.hunger.games.(2012).cze.1cd.(4633609).zip

==================== One Month Modified Files and Folders =======

2014-01-07 18:11 - 2014-01-07 18:09 - 00010820 _____ C:\Users\JL\Desktop\FRST.txt
2014-01-07 18:06 - 2014-01-07 18:06 - 01064805 _____ (Farbar) C:\Users\JL\Desktop\FRST.exe
2014-01-07 18:06 - 2014-01-07 18:06 - 00112640 _____ (forum.viry.cz) C:\Users\JL\Desktop\FRSTLauncher.exe
2014-01-07 17:50 - 2009-07-14 05:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 17:50 - 2009-07-14 05:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 17:49 - 2014-01-07 17:49 - 00000000 ____D C:\FRST
2014-01-07 17:46 - 2013-04-28 21:09 - 01317032 _____ C:\Windows\WindowsUpdate.log
2014-01-07 17:44 - 2013-05-05 01:57 - 00000000 ____D C:\Users\JL\AppData\Roaming\GarenaPlus
2014-01-07 17:44 - 2013-05-05 01:56 - 00000000 ____D C:\ProgramData\GarenaMessenger
2014-01-07 17:40 - 2013-04-28 21:23 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 17:40 - 2013-04-28 21:23 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 17:40 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-07 17:40 - 2009-07-14 05:39 - 00003691 _____ C:\Windows\setupact.log
2014-01-07 17:19 - 2014-01-07 07:41 - 00000000 ____D C:\Users\JL\AppData\Local\NPE
2014-01-07 08:01 - 2014-01-07 08:01 - 02347384 _____ (ESET) C:\Users\JL\Desktop\esetsmartinstaller_csy.exe
2014-01-07 08:01 - 2014-01-07 08:01 - 00000000 ____D C:\Program Files\ESET
2014-01-07 07:41 - 2014-01-07 07:41 - 03062248 ____N (Symantec Corporation) C:\Users\JL\Desktop\NPE.exe
2014-01-07 07:41 - 2014-01-07 07:41 - 00000000 ____D C:\ProgramData\Norton
2014-01-05 21:29 - 2014-01-05 15:35 - 00000000 ____D C:\Users\JL\Desktop\metodika
2014-01-04 19:49 - 2013-12-05 19:49 - 00000274 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2014-01-04 17:34 - 2013-04-28 22:30 - 00111920 _____ C:\Windows\PFRO.log
2014-01-04 17:13 - 2013-05-12 18:17 - 00000000 ____D C:\Users\JL\AppData\Roaming\vlc
2014-01-03 19:10 - 2013-04-28 21:17 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 19:01 - 2014-01-03 19:01 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2014-01-03 18:51 - 2014-01-03 18:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_mvusbews_01009.Wdf
2014-01-03 18:50 - 2014-01-03 18:50 - 00000000 ____D C:\Program Files\HP
2014-01-03 08:21 - 2013-04-28 21:47 - 00000000 ____D C:\Users\JL\Downloads\Torrenty
2014-01-02 18:49 - 2013-04-28 21:35 - 00000000 ____D C:\Users\JL\AppData\Roaming\uTorrent
2014-01-02 17:49 - 2013-12-05 19:49 - 00000258 _____ C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2013-12-23 19:56 - 2013-12-13 15:26 - 00000000 ____D C:\Users\JL\Downloads\foto
2013-12-22 18:22 - 2013-12-22 18:22 - 00016481 _____ C:\Users\JL\Downloads\[kickass.to]dobry.will.hunting.good.will.hunting.cz.dvdrip.by.soty.torrent
2013-12-21 18:12 - 2013-12-21 18:12 - 00000000 ____D C:\Users\JL\AppData\Local\Launcher
2013-12-21 18:08 - 2013-12-21 18:08 - 00000000 ____D C:\Users\JL\AppData\Local\id Software
2013-12-21 18:07 - 2013-12-21 18:07 - 00000997 _____ C:\Users\Public\Desktop\Quake Live.lnk
2013-12-21 18:07 - 2013-12-21 18:07 - 00000000 ____D C:\Program Files\Quake Live
2013-12-21 18:06 - 2013-12-21 18:06 - 06024320 _____ C:\Users\JL\Downloads\QuakeLiveSetup_841.exe
2013-12-19 13:44 - 2013-11-06 19:01 - 00000000 ____D C:\Users\JL\Desktop\Petanek
2013-12-18 12:07 - 2013-11-24 22:55 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 12:07 - 2013-11-24 22:55 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-18 12:07 - 2013-11-24 22:55 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-16 20:16 - 2013-12-16 20:16 - 00000000 ____D C:\Users\JL\AppData\Roaming\Unity
2013-12-16 20:11 - 2013-12-16 20:11 - 01050264 _____ (Unity Technologies ApS) C:\Users\JL\Downloads\UnityWebPlayer.exe
2013-12-13 19:11 - 2013-12-13 07:22 - 00000000 ____D C:\Users\JL\Downloads\ITC
2013-12-11 20:56 - 2013-12-11 20:56 - 00049304 _____ C:\Users\JL\Downloads\The-Wolverine(0000226777).srt
2013-12-11 19:50 - 2013-12-11 19:49 - 00053958 _____ C:\Users\JL\Downloads\The-Wolverine(0000226817).srt
2013-12-11 18:49 - 2013-12-11 18:49 - 00001143 _____ C:\Users\JL\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-12-11 18:49 - 2013-12-11 18:49 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-12-11 18:41 - 2013-12-11 18:21 - 00000000 ____D C:\AdwCleaner
2013-12-11 18:21 - 2013-12-11 18:21 - 01226802 _____ C:\Users\JL\Downloads\adwcleaner.exe
2013-12-09 16:26 - 2013-05-06 20:39 - 00000000 ____D C:\Users\JL\AppData\Local\Microsoft Help
2013-12-09 09:02 - 2013-12-09 09:02 - 00103780 _____ C:\Users\JL\Downloads\The-Hobbit-An-Unexpected-Journey(0000210380).srt
2013-12-08 20:12 - 2013-12-08 20:12 - 00098591 _____ C:\Users\JL\Downloads\Men-in-Black-3(0000224959).srt
2013-12-08 14:27 - 2013-12-08 14:27 - 00046751 _____ C:\Users\JL\Downloads\Riddick(0000228062).srt
2013-12-08 14:26 - 2013-12-08 14:26 - 00025441 _____ C:\Users\JL\Downloads\the.hunger.games.(2012).cze.1cd.(4633609).zip

Some content of TEMP:
====================
C:\Users\JL\AppData\Local\Temp\AdwCleaner.exe
C:\Users\JL\AppData\Local\Temp\AutoRun.exe
C:\Users\JL\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\JL\AppData\Local\Temp\avgnt.exe
C:\Users\JL\AppData\Local\Temp\bitool.dll
C:\Users\JL\AppData\Local\Temp\eauninstall.exe
C:\Users\JL\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\JL\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe
C:\Users\JL\AppData\Local\Temp\ose00000.exe
C:\Users\JL\AppData\Local\Temp\siinst.exe
C:\Users\JL\AppData\Local\Temp\SkypeSetup.exe
C:\Users\JL\AppData\Local\Temp\strings.dll
C:\Users\JL\AppData\Local\Temp\ubi7D48.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-03 19:33




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:74.53 GB) (Free:9.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Available physical RAM: 1083.6 MB
Total physical RAM: 2038.12 MB
Percentage of memory in use: 46%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: A39DA39D)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:38B9EA9AF583150F
AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

==================== Security Center ==================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\JL\Desktop" je 763 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================


Předem díky za odpověď a Váš čas.

[vyosek]

Zdravim a pekny vecer preji

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[the.freeze]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x86
Ran by JL on Łt 07.01.2014 at 18:31:09,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}



~~~ Files

Successfully deleted: [File] "C:\Windows\System32\Tasks\dll-files.com fixer_monthly"
Successfully deleted: [File] "C:\Windows\System32\Tasks\dll-files.com fixer_updates"
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_monthly.job"
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_updates.job"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\JL\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Program Files\dll-files.com fixer"



~~~ FireFox

Successfully deleted: [File] C:\Users\JL\AppData\Roaming\mozilla\firefox\profiles\82jyx6m3.default\extensions\toolbar_avira-v7@apn.ask.com.xpi



~~~ Chrome

Successfully deleted: [Folder] C:\Users\JL\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 07.01.2014 at 18:37:43,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.016 - Report created 07/01/2014 at 18:43:55
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional (32 bits)
# Username : JL - JL-PC
# Running from : C:\Users\JL\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v21.0 (cs)

[ File : C:\Users\JL\AppData\Roaming\Mozilla\Firefox\Profiles\82jyx6m3.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1109 octets] - [11/12/2013 18:23:11]
AdwCleaner[R1].txt - [1109 octets] - [07/01/2014 18:39:19]
AdwCleaner[S0].txt - [1179 octets] - [11/12/2013 18:40:40]
AdwCleaner[S1].txt - [1035 octets] - [07/01/2014 18:43:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1095 octets] ##########

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
  HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
  HKLM\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-12-11] ()
  HKCU\...\Run: [GarenaPlus] - C:\Program Files\Garena Plus\GarenaMessenger.exe [9890608 2013-11-21] ()
  MountPoints2: {33d2785e-b154-11e2-8bb7-0015c5560449} - F:\RunGame.exe
  MountPoints2: {998955ff-628b-11e3-b1f7-0015c5560449} - E:\SISetup.exe
  Startup: C:\Users\JL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk
  
  FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\JL\AppData\Roaming\Mozilla\Firefox\Profiles\82jyx6m3.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
  
  BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
  Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
  
  CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
  CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\30.1_0
  
  R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
  S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-12-11] ()
  
  C:\Users\JL\AppData\Local\Temp\AdwCleaner.exe
  C:\Users\JL\AppData\Local\Temp\AutoRun.exe
  C:\Users\JL\AppData\Local\Temp\AutoRunGUI.dll
  C:\Users\JL\AppData\Local\Temp\avgnt.exe
  C:\Users\JL\AppData\Local\Temp\bitool.dll
  C:\Users\JL\AppData\Local\Temp\eauninstall.exe
  C:\Users\JL\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
  C:\Users\JL\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe
  C:\Users\JL\AppData\Local\Temp\ose00000.exe
  C:\Users\JL\AppData\Local\Temp\siinst.exe
  C:\Users\JL\AppData\Local\Temp\SkypeSetup.exe
  C:\Users\JL\AppData\Local\Temp\strings.dll
  C:\Users\JL\AppData\Local\Temp\ubi7D48.tmp.exe
  2013-12-11 18:49 - 2013-12-11 18:49 - 00001143 _____ C:\Users\JL\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
  2013-12-11 18:49 - 2013-12-11 18:49 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
  
  Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
  Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  
  AlternateDataStreams: C:\Windows:38B9EA9AF583150F
  AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
  
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[the.freeze]

Teda to je rychlost

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-01-2014
Ran by JL at 2014-01-07 19:00:07 Run:1
Running from C:\Users\JL\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-12-11] ()
HKCU\...\Run: [GarenaPlus] - C:\Program Files\Garena Plus\GarenaMessenger.exe [9890608 2013-11-21] ()
MountPoints2: {33d2785e-b154-11e2-8bb7-0015c5560449} - F:\RunGame.exe
MountPoints2: {998955ff-628b-11e3-b1f7-0015c5560449} - E:\SISetup.exe
Startup: C:\Users\JL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk

FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\JL\AppData\Roaming\Mozilla\Firefox\Profiles\82jyx6m3.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi

BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)

CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\30.1_0

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-12-11] ()

C:\Users\JL\AppData\Local\Temp\AdwCleaner.exe
C:\Users\JL\AppData\Local\Temp\AutoRun.exe
C:\Users\JL\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\JL\AppData\Local\Temp\avgnt.exe
C:\Users\JL\AppData\Local\Temp\bitool.dll
C:\Users\JL\AppData\Local\Temp\eauninstall.exe
C:\Users\JL\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\JL\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe
C:\Users\JL\AppData\Local\Temp\ose00000.exe
C:\Users\JL\AppData\Local\Temp\siinst.exe
C:\Users\JL\AppData\Local\Temp\SkypeSetup.exe
C:\Users\JL\AppData\Local\Temp\strings.dll
C:\Users\JL\AppData\Local\Temp\ubi7D48.tmp.exe
2013-12-11 18:49 - 2013-12-11 18:49 - 00001143 _____ C:\Users\JL\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-12-11 18:49 - 2013-12-11 18:49 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs

Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Windows:38B9EA9AF583150F
AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HOSTS Anti-Adware_PUPs => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GarenaPlus => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33d2785e-b154-11e2-8bb7-0015c5560449} => Key deleted successfully.
HKCR\CLSID\{33d2785e-b154-11e2-8bb7-0015c5560449} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{998955ff-628b-11e3-b1f7-0015c5560449} => Key deleted successfully.
HKCR\CLSID\{998955ff-628b-11e3-b1f7-0015c5560449} => Key not found.
C:\Users\JL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk => Moved successfully.
C:\Users\JL\AppData\Roaming\Mozilla\Firefox\Profiles\82jyx6m3.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} => Key deleted successfully.
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh => Key not found.
C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx => Moved successfully.
C:\Users\JL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh directory not found.
APNMCP => Service deleted successfully.
HOSTS Anti-PUPs => Service deleted successfully.
C:\Users\JL\AppData\Local\Temp\AdwCleaner.exe => Moved successfully.
C:\Users\JL\AppData\Local\Temp\AutoRun.exe => Moved successfully.
C:\Users\JL\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully.
C:\Users\JL\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\JL\AppData\Local\Temp\bitool.dll => Moved successfully.
C:\Users\JL\AppData\Local\Temp\eauninstall.exe => Moved successfully.
C:\Users\JL\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe => Moved successfully.
C:\Users\JL\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe => Moved successfully.
C:\Users\JL\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\JL\AppData\Local\Temp\siinst.exe => Moved successfully.
C:\Users\JL\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\JL\AppData\Local\Temp\strings.dll => Moved successfully.
C:\Users\JL\AppData\Local\Temp\ubi7D48.tmp.exe => Moved successfully.
C:\Users\JL\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk => Moved successfully.
C:\Program Files\Hosts_Anti_Adwares_PUPs => Moved successfully.
C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job not found.
C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows => ":38B9EA9AF583150F" ADS removed successfully.
C:\Windows => ":{4B9A1497-0817-47C4-9612-D6A1C53ACF57}" ADS removed successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========



The system needs a manual reboot.

==== End of Fixlog ====

[vyosek]

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[the.freeze]

Super, díky moc! Přeju pěknej zbytek večera.

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat

[vyosek]

Na zadost uzivatele via mail tema odemknuto...

Dejte mi sem novy log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786

[the.freeze]

Děkuju za odemknutí.
Jak jsem psal v mailu, policejní vir se mi objevil znovu, pravděpodobně díky stránkám filmycz.com.

Logfile of random's system information tool 1.09 (written by random/random)
Run by JL at 2014-01-08 18:27:53
Microsoft Windows 7 Professional
System drive C: has 10 GB (14%) free of 76 GB
Total RAM: 2038 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:28:03, on 8.1.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Garena Plus\ggdllhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\JL\Desktop\RSIT.exe
C:\Program Files\trend micro\JL.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{953BE56C-834D-458D-915D-A3C4E4CFCAEA}: NameServer = 77.48.100.254,78.48.100.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

--
End of file - 5601 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\JL\AppData\Roaming\Mozilla\Firefox\Profiles\82jyx6m3.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.169 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\ProgramData\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@t.garena.com/garenatalk]
"Description"=Garena Talk Plugin
"Path"=C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2013-12-18 684600]
"ZoneAlarm"=C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [2013-12-16 73832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMR410]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-08 18:27:55 ----D---- C:\Program Files\trend micro
2014-01-08 18:27:53 ----D---- C:\rsit
2014-01-08 18:24:32 ----D---- C:\FRST
2014-01-07 20:06:12 ----D---- C:\Program Files\CheckPoint
2014-01-07 20:05:29 ----D---- C:\ProgramData\CheckPoint
2014-01-07 19:30:52 ----D---- C:\Program Files\CCleaner
2014-01-07 18:31:06 ----D---- C:\Windows\ERUNT
2014-01-07 08:01:51 ----D---- C:\Program Files\ESET
2014-01-07 07:41:08 ----D---- C:\ProgramData\Norton
2014-01-03 18:52:09 ----A---- C:\Windows\system32\HPSIsvc.exe
2014-01-03 18:50:46 ----A---- C:\Windows\system32\HP1100SM.EXE
2014-01-03 18:50:45 ----A---- C:\Windows\system32\HP1100LM.DLL
2014-01-03 18:50:05 ----A---- C:\Windows\system32\mvhlewsi.dll
2014-01-03 18:50:03 ----D---- C:\Program Files\HP
2014-01-03 18:50:01 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2014-01-03 18:50:01 ----A---- C:\Windows\system32\drivers\mvusbews.sys
2014-01-03 18:49:59 ----A---- C:\Windows\system32\mvusbews.dll
2014-01-03 18:49:58 ----A---- C:\Windows\system32\HP1100SMs.dll
2013-12-21 18:07:19 ----D---- C:\Program Files\Quake Live
2013-12-16 20:16:27 ----D---- C:\Users\JL\AppData\Roaming\Unity

======List of files/folders modified in the last 1 month======

2014-01-08 18:28:03 ----D---- C:\Windows\Prefetch
2014-01-08 18:27:55 ----RD---- C:\Program Files
2014-01-08 18:27:24 ----D---- C:\Windows\Temp
2014-01-08 18:24:38 ----AD---- C:\Windows
2014-01-08 18:08:57 ----D---- C:\Windows\system32\Tasks
2014-01-07 23:37:37 ----D---- C:\Windows\system32\config
2014-01-07 23:35:50 ----D---- C:\Users\JL\AppData\Roaming\vlc
2014-01-07 23:24:14 ----SHD---- C:\System Volume Information
2014-01-07 23:23:27 ----D---- C:\Windows\winsxs
2014-01-07 23:21:09 ----D---- C:\Windows\system32\wbem
2014-01-07 23:20:34 ----SHD---- C:\Windows\Installer
2014-01-07 23:20:34 ----D---- C:\Windows\system32\DriverStore
2014-01-07 23:20:34 ----D---- C:\Windows\system32\drivers
2014-01-07 23:20:34 ----D---- C:\Windows\system32\catroot2
2014-01-07 23:20:34 ----D---- C:\Windows\inf
2014-01-07 23:20:33 ----D---- C:\Windows\registration
2014-01-07 20:09:38 ----D---- C:\Windows\system32\catroot
2014-01-07 20:05:29 ----HD---- C:\ProgramData
2014-01-07 19:33:30 ----D---- C:\Windows\debug
2014-01-07 19:00:17 ----D---- C:\Windows\Tasks
2014-01-07 18:50:22 ----D---- C:\Users\JL\AppData\Roaming\GarenaPlus
2014-01-07 18:50:22 ----D---- C:\ProgramData\GarenaMessenger
2014-01-03 19:10:09 ----D---- C:\Windows\System32
2014-01-03 19:10:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-02 18:49:46 ----D---- C:\Users\JL\AppData\Roaming\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2013-12-18 135648]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2013-10-31 37352]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-06 242240]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2013-10-31 28520]
R1 TsLwWfF;WiFi Capture Driver; C:\Windows\system32\DRIVERS\TsLwWfF.sys [2013-07-26 25288]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2013-10-23 458776]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2013-12-18 90400]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2013-12-18 69240]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BCM43XX;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-13 1131008]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WinUsb;Ovladač WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 34944]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys []
S3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2012-09-26 17408]
S3 NANMp50;NANMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\NANMp50.sys [2010-03-25 36408]
S3 NANSp50;NANSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\NANSp50.sys [2010-03-25 35384]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2013-10-31 440376]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-12-18 440376]
R2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [2013-12-18 1011768]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2012-09-27 100256]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2013-12-16 2445816]
R2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-10-15 50704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-08 104912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-28 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-28 116648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 150648]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 4846168]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-08 46528]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-08 139696]

-----------------EOF-----------------

[vyosek]

Zdravim

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

• Provedte aktualizaci
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[the.freeze]

Tak konečně log:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.08.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
JL :: JL-PC [administrátor]

Ochrana: Povolena

8.1.2014 19:01:46
MBAM-log-2014-01-08 (20-59-54).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 290001
Uplynulý čas: 1 hodin, 57 minut, 31 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Windows\Setup\SCRIPTS\Windows7Loader.exe (Trojan.Agent.W) -> Nebyla provedena žádná instrukce.

(konec)

[vyosek]

Ted tam mate mozna policejni vir, ktery se za Policii vydava, ale aby se nestalo, ze k Vam zavita opravdova Policie ČR kvuli tomu nelegalnimu systemu

Ja tam zadne dalsi stopy po haveti nespatruji a navic nase pravidla fora a charta mezinarodni aliance ASAP hovori ohledne pomoci s nelegalnimi systemy docela jasne...

[the.freeze]

Počítač už byl předinstalovaný od známýho, každopádně napravím a děkuji za Váš čas.

[vyosek]

Tak znamemu podekujte, ze Vas vedomne vystavuje riziku trestniho stihani a pripadnym postihum...

Jinak nemate zac