Ahoj, prosím o preventivní kontrolu. Dostal se mi do rukou notebook, na kterém nebyl několik let antivir a žádná jiná ochrana. Provedl jsem co bylo v mých silách, ale rád bych si byl jistý.
Děkuji.
zde RSIT log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Mara at 2014-01-30 19:26:19
Microsoft Windows 7 Starter Service Pack 1
System drive C: has 98 GB (43%) free of 225 GB
Total RAM: 1013 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:26:40, on 30.1.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16750)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mara\Desktop\RSIT.exe
C:\Program Files\trend micro\Mara.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f47n2d339
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.golsearch.com/?affID=119816& ... 46199942B1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 7805 bytes
======Scheduled tasks folder======
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3502662843-2523098812-151572952-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3502662843-2523098812-151572952-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default
prefs.js - "browser.startup.homepage" - ""
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =901452&p="
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App V2 Presence Detector Plugin
"Path"=C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\
babylon.xml
BitGuard.xml
BrowserProtect.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin.xml
yahoo.xml
yahoo_ff.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-30 1143168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-30 1143168]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-10-13 186904]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-05-25 9218592]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-04-22 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-04-22 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-04-22 150552]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2010-05-25 960080]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2010-04-13 248440]
"Acer ePower Management"=C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2010-02-06 715296]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-01-30 3767096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Users\Mara\AppData\Local\Akamai\netsession_win.exe [2013-06-05 4489472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\Mara\AppData\Roaming\Seznam.cz\szninstall.exe -c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\Mara\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Mara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
~C:\Program Files\ICQ7.6\ICQ.exe silent loginmode=4 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
C:\Program Files\Nokia\PC Internet Access\NPCIA.exe /b []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2013-04-19 18678376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Mara\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-06-05 27370808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-04-19 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-01-30 18:57:48 ----D---- C:\Program Files\trend micro
2014-01-30 18:57:29 ----D---- C:\rsit
2014-01-30 18:28:20 ----D---- C:\Users\Mara\AppData\Roaming\AVAST Software
2014-01-30 18:27:05 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-01-30 18:27:05 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-01-30 18:27:05 ----A---- C:\Windows\system32\drivers\aswSP.sys
2014-01-30 18:27:05 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2014-01-30 18:27:05 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-01-30 18:27:05 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-01-30 18:27:05 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-01-30 18:27:03 ----A---- C:\Windows\system32\aswBoot.exe
2014-01-30 18:26:43 ----A---- C:\Windows\avastSS.scr
2014-01-30 18:24:42 ----D---- C:\Program Files\AVAST Software
2014-01-30 18:23:05 ----D---- C:\ProgramData\AVAST Software
2014-01-28 13:06:03 ----D---- C:\1f09181b1edfee833426e9cf27e9cc0a
2014-01-25 12:03:07 ----SHD---- C:\Config.Msi
2014-01-24 12:18:14 ----A---- C:\Windows\system32\win32k.sys
2014-01-24 12:18:10 ----A---- C:\Windows\system32\drivers\netio.sys
2014-01-24 12:17:11 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-01-24 12:17:11 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-01-24 12:17:11 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-01-24 12:17:10 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-01-24 12:17:10 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-01-24 12:17:10 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-01-24 12:17:10 ----A---- C:\Windows\system32\drivers\usbccgp.sys
======List of files/folders modified in the last 1 month======
2014-01-30 19:26:13 ----D---- C:\Windows\Temp
2014-01-30 19:24:06 ----D---- C:\Windows\Microsoft.NET
2014-01-30 19:08:17 ----D---- C:\Windows\system32\config
2014-01-30 18:57:48 ----D---- C:\Program Files
2014-01-30 18:53:35 ----D---- C:\Windows\System32
2014-01-30 18:53:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-01-30 18:53:33 ----D---- C:\Windows\inf
2014-01-30 18:48:47 ----SHD---- C:\Windows\Installer
2014-01-30 18:46:55 ----D---- C:\Windows
2014-01-30 18:46:41 ----D---- C:\ProgramData\TuneUp360
2014-01-30 18:46:41 ----D---- C:\ProgramData\Norton
2014-01-30 18:46:41 ----D---- C:\Program Files\Common Files\Spigot
2014-01-30 18:46:40 ----SHD---- C:\System Volume Information
2014-01-30 18:46:40 ----HD---- C:\ProgramData
2014-01-30 18:46:40 ----D---- C:\Program Files\Google
2014-01-30 18:46:40 ----D---- C:\Program Files\Common Files
2014-01-30 18:45:59 ----D---- C:\Windows\system32\catroot
2014-01-30 18:42:37 ----D---- C:\Windows\Panther
2014-01-30 18:42:33 ----D---- C:\Windows\Logs
2014-01-30 18:39:15 ----D---- C:\Program Files\Mozilla Firefox
2014-01-30 18:36:32 ----D---- C:\Windows\system32\Tasks
2014-01-30 18:27:05 ----D---- C:\Windows\system32\drivers
2014-01-30 18:27:04 ----D---- C:\Windows\winsxs
2014-01-30 18:17:10 ----D---- C:\Windows\Tasks
2014-01-30 18:15:14 ----RSD---- C:\Windows\assembly
2014-01-30 18:13:34 ----SD---- C:\Users\Mara\AppData\Roaming\Microsoft
2014-01-30 18:11:39 ----D---- C:\Program Files\Packard Bell
2014-01-30 18:10:59 ----D---- C:\Program Files\Video Web Camera
2014-01-30 18:10:57 ----HD---- C:\Program Files\InstallShield Installation Information
2014-01-30 18:09:59 ----D---- C:\vallen
2014-01-30 18:08:49 ----D---- C:\Users\Mara\AppData\Roaming\Seznam.cz
2014-01-30 18:08:26 ----D---- C:\Program Files\Seznam.cz
2014-01-30 18:03:54 ----D---- C:\Program Files\Packard Bell Games
2014-01-30 18:03:51 ----D---- C:\ProgramData\WildTangent
2014-01-30 18:01:07 ----D---- C:\Program Files\OpenOffice.org 3
2014-01-30 17:53:26 ----D---- C:\Program Files\Microsoft Works
2014-01-30 17:53:26 ----D---- C:\Program Files\Common Files\microsoft shared
2014-01-30 17:44:34 ----D---- C:\ProgramData\Google
2014-01-30 17:44:11 ----D---- C:\Program Files\Garena Plus
2014-01-30 17:43:29 ----D---- C:\ProgramData\DivX
2014-01-30 17:43:27 ----D---- C:\Program Files\DivX
2014-01-30 17:43:25 ----D---- C:\Program Files\Common Files\PX Storage Engine
2014-01-30 17:41:36 ----RD---- C:\Program Files\Skype
2014-01-30 17:39:14 ----D---- C:\Windows\system32\DriverStore
2014-01-30 12:28:09 ----D---- C:\Users\Mara\AppData\Roaming\Skype
2014-01-28 15:39:35 ----D---- C:\Windows\Prefetch
2014-01-27 09:07:32 ----D---- C:\ProgramData\Microsoft Help
2014-01-24 12:00:23 ----D---- C:\Windows\system32\catroot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-01-30 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-01-30 180248]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2009-10-13 331288]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-06-16 44944]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2014-01-30 79720]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2014-01-30 775952]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2014-01-30 410784]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-17 242240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2014-01-30 67824]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2010-04-13 252536]
R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [2014-01-30 64168]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-04-07 1792512]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-04-19 4806144]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-05-25 3098720]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys []
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys [2010-03-31 47144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2010-04-01 2709056]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys []
S3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys []
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys []
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys []
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys []
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 EUCR;EUCR; C:\Windows\system32\drivers\EUCR6SK.SYS [2010-03-02 82384]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Mara\Garena\Garena\safedrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-01-30 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe [2010-05-25 325200]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-02-06 735776]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-16 867080]
S3 GamesAppService;GamesAppService; C:\Program Files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-26 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivka
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Preventivka
Zdravim 
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivka
# AdwCleaner v3.018 - Report created 31/01/2014 at 11:23:44
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Mara - MARA-PC
# Running from : C:\Users\Mara\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Users\Mara\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Mara\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Mara\AppData\Roaming\file scout
Folder Deleted : C:\Users\Mara\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\ICQToolbarData
Folder Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\BitGuard.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\user.js
File Deleted : C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKCU\Software\525388dfbd3aed14
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16750
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v6.0.2 (cs)
[ File : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=NT_ss&mntrId=9EF6CE46199942B1");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.defSearchChange", true);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.firstTbRun", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1391101280);
Line Deleted : user_pref("icqtoolbar.hpChange", true);
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1356696532");
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "6.0.2");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "131632739213163276321316362880779");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1391103444);
Line Deleted : user_pref("icqtoolbar.userHpApproved", true);
Line Deleted : user_pref("icqtoolbar.version", "1.5.3");
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
-\\ Google Chrome v32.0.1700.102
[ File : C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7169 octets] - [31/01/2014 11:19:16]
AdwCleaner[S0].txt - [7130 octets] - [31/01/2014 11:23:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7190 octets] ##########
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Mara - MARA-PC
# Running from : C:\Users\Mara\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Users\Mara\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Mara\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Mara\AppData\Roaming\file scout
Folder Deleted : C:\Users\Mara\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\ICQToolbarData
Folder Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\BitGuard.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\user.js
File Deleted : C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKCU\Software\525388dfbd3aed14
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16750
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v6.0.2 (cs)
[ File : C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=NT_ss&mntrId=9EF6CE46199942B1");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.defSearchChange", true);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.firstTbRun", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1391101280);
Line Deleted : user_pref("icqtoolbar.hpChange", true);
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1356696532");
Line Deleted : user_pref("icqtoolbar.installsource", "1");
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "6.0.2");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uniqueID", "131632739213163276321316362880779");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1391103444);
Line Deleted : user_pref("icqtoolbar.userHpApproved", true);
Line Deleted : user_pref("icqtoolbar.version", "1.5.3");
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
-\\ Google Chrome v32.0.1700.102
[ File : C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7169 octets] - [31/01/2014 11:19:16]
AdwCleaner[S0].txt - [7130 octets] - [31/01/2014 11:23:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7190 octets] ##########
Re: Preventivka
Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=30&t=133101
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivka
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by Mara (administrator) on MARA-PC on 31-01-2014 15:35:11
Running from C:\Users\Mara\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) ===================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(forum.viry.cz) C:\Users\Mara\Desktop\FRSTLauncher (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9218592 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [248440 2010-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [715296 2010-02-06] (Acer Incorporated)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-30] (AVAST Software)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-11] (Adobe Systems Incorporated)
MountPoints2: {2342cc52-7964-11e1-a37d-88ae1d69f111} - D:\NokiaPCIA_Autorun.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Packard Bell\Screensaver\run_Packard Bell.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Packard Bell\Screensaver\run_Packard Bell.exe /default
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.golsearch.com/?affID=119816& ... 46199942B1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f47n2d339
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ACPW
SearchScopes: HKCU - {5EB1CE17-0BBA-4320-ADA4-94F33ED81666} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... PW_csCZ449
SearchScopes: HKCU - {9A958F11-3C1F-4B94-9009-8B65B90C546F} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 85.93.101.5 85.93.101.205
FireFox:
========
FF ProfilePath: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=901452&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Address Bar Search - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-30]
Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Mara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Vyhledávání Google) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (avast! Online Security) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-30]
CHR Extension: (Peněženka Google) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-30]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2014-01-30]
========================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor8.0; c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-30] (AVAST Software)
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-01-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-01-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-30] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-30] ()
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [47144 2010-03-31] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-12-17] (DT Soft Ltd)
S3 EUCR; C:\Windows\system32\drivers\EUCR6SK.SYS [82384 2010-03-02] (ENE Technology Inc.)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter; system32\DRIVERS\btfilter.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 GGSAFERDriver; \??\C:\Mara\Garena\Garena\safedrv.sys [x]
U2 wuaserv;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-31 15:35 - 2014-01-31 15:35 - 00014279 _____ C:\Users\Mara\Desktop\FRST.txt
2014-01-31 15:34 - 2014-01-31 15:35 - 00000000 ____D C:\FRST
2014-01-31 15:32 - 2014-01-31 15:33 - 00112640 _____ (forum.viry.cz) C:\Users\Mara\Desktop\FRSTLauncher (1).exe
2014-01-31 15:32 - 2014-01-31 15:32 - 00013176 _____ C:\Users\Mara\Desktop\Nepotvrzeno 29790.crdownload
2014-01-31 15:31 - 2014-01-31 15:32 - 01137152 _____ (Farbar) C:\Users\Mara\Desktop\FRST.exe
2014-01-31 11:35 - 2014-01-31 11:36 - 00005376 _____ C:\Windows\IE11_main.log
2014-01-31 11:25 - 2014-01-31 15:25 - 00000112 _____ C:\Windows\setupact.log
2014-01-31 11:25 - 2014-01-31 11:25 - 00000000 _____ C:\Windows\setuperr.log
2014-01-31 11:19 - 2014-01-31 11:24 - 00000000 ____D C:\AdwCleaner
2014-01-31 11:16 - 2014-01-31 11:18 - 00000000 ____D C:\Program Files\Passware
2014-01-31 10:55 - 2014-01-31 10:55 - 01166132 _____ C:\Users\Mara\Desktop\adwcleaner.exe
2014-01-30 18:57 - 2014-01-30 19:26 - 00000000 ____D C:\Program Files\trend micro
2014-01-30 18:57 - 2014-01-30 19:01 - 00000000 ____D C:\rsit
2014-01-30 18:56 - 2014-01-30 18:56 - 00781383 _____ C:\Users\Mara\Desktop\RSIT.exe
2014-01-30 18:51 - 2014-01-30 18:52 - 00000000 ____D C:\Users\Mara\Desktop\Programy
2014-01-30 18:28 - 2014-01-30 18:28 - 00000000 ____D C:\Users\Mara\AppData\Roaming\AVAST Software
2014-01-30 18:27 - 2014-01-30 18:26 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-30 18:27 - 2014-01-30 18:26 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-30 18:26 - 2014-01-30 18:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-30 18:24 - 2014-01-30 18:24 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-30 18:23 - 2014-01-30 18:23 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-29 21:23 - 2014-01-29 21:23 - 00010360 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_PETR.xlsx
2014-01-29 21:23 - 2014-01-29 21:23 - 00009761 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_MELZER_01.xlsx
2014-01-29 21:22 - 2014-01-29 21:22 - 00010241 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_DOHNAL_01.xlsx
2014-01-28 13:06 - 2014-01-28 13:06 - 00000000 ____D C:\1f09181b1edfee833426e9cf27e9cc0a
2014-01-27 08:56 - 2014-01-27 08:56 - 00029696 _____ C:\Users\Mara\Desktop\ZP2-21.1.2014-MS2.xls
2014-01-27 08:55 - 2014-01-27 08:55 - 00029696 _____ C:\Users\Mara\Desktop\ZP2-21.1.2014-MS1.xls
2014-01-24 20:48 - 2014-01-24 20:48 - 00002521 _____ C:\Users\Mara\Desktop\Skype.lnk
2014-01-24 12:18 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-24 12:18 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-24 12:17 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-13 12:56 - 2014-01-27 14:58 - 00000000 ____D C:\Users\Mara\Desktop\plocha
2014-01-11 11:28 - 2014-01-11 11:48 - 00000000 ____D C:\Users\Mara\Desktop\Michalcerny.net
==================== One Month Modified Files and Folders =======
2014-01-31 15:35 - 2014-01-31 15:35 - 00014279 _____ C:\Users\Mara\Desktop\FRST.txt
2014-01-31 15:35 - 2014-01-31 15:34 - 00000000 ____D C:\FRST
2014-01-31 15:34 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 15:34 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 15:33 - 2014-01-31 15:32 - 00112640 _____ (forum.viry.cz) C:\Users\Mara\Desktop\FRSTLauncher (1).exe
2014-01-31 15:32 - 2014-01-31 15:32 - 00013176 _____ C:\Users\Mara\Desktop\Nepotvrzeno 29790.crdownload
2014-01-31 15:32 - 2014-01-31 15:31 - 01137152 _____ (Farbar) C:\Users\Mara\Desktop\FRST.exe
2014-01-31 15:31 - 2010-08-04 23:19 - 02070590 _____ C:\Windows\WindowsUpdate.log
2014-01-31 15:25 - 2014-01-31 11:25 - 00000112 _____ C:\Windows\setupact.log
2014-01-31 15:25 - 2011-09-26 18:06 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 15:25 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-31 11:36 - 2014-01-31 11:35 - 00005376 _____ C:\Windows\IE11_main.log
2014-01-31 11:32 - 2012-03-26 08:48 - 00000000 ____D C:\Users\Mara\AppData\Local\Facebook
2014-01-31 11:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-31 11:25 - 2014-01-31 11:25 - 00000000 _____ C:\Windows\setuperr.log
2014-01-31 11:24 - 2014-01-31 11:19 - 00000000 ____D C:\AdwCleaner
2014-01-31 11:23 - 2011-09-18 17:19 - 00000000 ____D C:\ProgramData\ICQ
2014-01-31 11:18 - 2014-01-31 11:16 - 00000000 ____D C:\Program Files\Passware
2014-01-31 11:16 - 2011-09-26 18:06 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 10:55 - 2014-01-31 10:55 - 01166132 _____ C:\Users\Mara\Desktop\adwcleaner.exe
2014-01-31 10:54 - 2011-09-26 18:06 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Skype
2014-01-30 19:26 - 2014-01-30 18:57 - 00000000 ____D C:\Program Files\trend micro
2014-01-30 19:01 - 2014-01-30 18:57 - 00000000 ____D C:\rsit
2014-01-30 18:56 - 2014-01-30 18:56 - 00781383 _____ C:\Users\Mara\Desktop\RSIT.exe
2014-01-30 18:53 - 2010-06-25 10:06 - 01470298 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-30 18:52 - 2014-01-30 18:51 - 00000000 ____D C:\Users\Mara\Desktop\Programy
2014-01-30 18:46 - 2012-09-20 19:32 - 00000000 ____D C:\ProgramData\TuneUp360
2014-01-30 18:46 - 2010-06-25 11:27 - 00000000 ____D C:\ProgramData\Norton
2014-01-30 18:46 - 2010-06-25 11:22 - 00000000 ____D C:\Program Files\Google
2014-01-30 18:42 - 2011-10-04 21:37 - 00000000 ____D C:\Users\Mara\AppData\Local\CrashDumps
2014-01-30 18:42 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2014-01-30 18:39 - 2011-09-16 23:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-30 18:28 - 2014-01-30 18:28 - 00000000 ____D C:\Users\Mara\AppData\Roaming\AVAST Software
2014-01-30 18:26 - 2014-01-30 18:27 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-30 18:26 - 2014-01-30 18:27 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-30 18:26 - 2014-01-30 18:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-30 18:24 - 2014-01-30 18:24 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-30 18:23 - 2014-01-30 18:23 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-30 18:19 - 2012-09-20 19:32 - 00000000 ____D C:\Program Files\Wondershare
2014-01-30 18:11 - 2010-06-25 10:45 - 00000000 ____D C:\Program Files\Packard Bell
2014-01-30 18:10 - 2010-08-04 23:31 - 00000000 ____D C:\Program Files\Video Web Camera
2014-01-30 18:10 - 2010-06-25 10:37 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-30 18:08 - 2013-05-09 12:00 - 00000000 ____D C:\Program Files\Seznam.cz
2014-01-30 18:08 - 2013-05-09 11:59 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Seznam.cz
2014-01-30 18:03 - 2010-06-25 10:45 - 00000000 ____D C:\ProgramData\WildTangent
2014-01-30 18:03 - 2010-06-25 10:45 - 00000000 ____D C:\Program Files\Packard Bell Games
2014-01-30 18:01 - 2011-10-10 17:59 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2014-01-30 17:53 - 2010-06-25 11:08 - 00000000 ____D C:\Program Files\Microsoft Works
2014-01-30 17:53 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-30 17:44 - 2013-02-04 01:21 - 00000000 ____D C:\Program Files\Garena Plus
2014-01-30 17:44 - 2011-09-16 19:37 - 00000000 ____D C:\Users\Mara\AppData\Local\Google
2014-01-30 17:44 - 2010-06-25 11:22 - 00000000 ____D C:\ProgramData\Google
2014-01-30 17:43 - 2011-09-17 00:37 - 00000000 ____D C:\Program Files\DivX
2014-01-30 17:43 - 2011-09-17 00:36 - 00000000 ____D C:\ProgramData\DivX
2014-01-30 17:43 - 2011-09-16 21:02 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2014-01-30 17:41 - 2011-09-26 18:05 - 00000000 ___RD C:\Program Files\Skype
2014-01-30 12:09 - 2011-09-26 18:07 - 00002101 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 21:23 - 2014-01-29 21:23 - 00010360 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_PETR.xlsx
2014-01-29 21:23 - 2014-01-29 21:23 - 00009761 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_MELZER_01.xlsx
2014-01-29 21:22 - 2014-01-29 21:22 - 00010241 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_DOHNAL_01.xlsx
2014-01-28 13:06 - 2014-01-28 13:06 - 00000000 ____D C:\1f09181b1edfee833426e9cf27e9cc0a
2014-01-28 12:49 - 2009-07-14 05:33 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-27 14:58 - 2014-01-13 12:56 - 00000000 ____D C:\Users\Mara\Desktop\plocha
2014-01-27 09:07 - 2010-06-25 11:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-27 08:56 - 2014-01-27 08:56 - 00029696 _____ C:\Users\Mara\Desktop\ZP2-21.1.2014-MS2.xls
2014-01-27 08:55 - 2014-01-27 08:55 - 00029696 _____ C:\Users\Mara\Desktop\ZP2-21.1.2014-MS1.xls
2014-01-24 20:48 - 2014-01-24 20:48 - 00002521 _____ C:\Users\Mara\Desktop\Skype.lnk
2014-01-13 12:15 - 2013-08-19 12:07 - 00000000 ____D C:\Users\Mara\Desktop\Právnická fakulta UPOL
2014-01-11 11:48 - 2014-01-11 11:28 - 00000000 ____D C:\Users\Mara\Desktop\Michalcerny.net
Some content of TEMP:
====================
C:\Users\Mara\AppData\Local\Temp\Quarantine.exe
C:\Users\Mara\AppData\Local\Temp\uninst1.exe
C:\Users\Mara\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Mara\Downloads\KRCNÍ_CVICENÍ.eml:OECustomProperty
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Mara\Desktop" je 44574 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface
"C:\Users\Mara\AppData\Local\Akamai\netsession_win.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\Mara\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\Mara\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Mara\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ
~"C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess
"C:\Program Files\Nokia\PC Internet Access\NPCIA.exe" /b [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\Mara\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Mara (administrator) on MARA-PC on 31-01-2014 15:35:11
Running from C:\Users\Mara\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) ===================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(forum.viry.cz) C:\Users\Mara\Desktop\FRSTLauncher (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9218592 2010-05-25] (Realtek Semiconductor)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [248440 2010-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [715296 2010-02-06] (Acer Incorporated)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-30] (AVAST Software)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-11] (Adobe Systems Incorporated)
MountPoints2: {2342cc52-7964-11e1-a37d-88ae1d69f111} - D:\NokiaPCIA_Autorun.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Packard Bell\Screensaver\run_Packard Bell.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Packard Bell\Screensaver\run_Packard Bell.exe /default
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.golsearch.com/?affID=119816& ... 46199942B1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f47n2d339
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ACPW
SearchScopes: HKCU - {5EB1CE17-0BBA-4320-ADA4-94F33ED81666} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... PW_csCZ449
SearchScopes: HKCU - {9A958F11-3C1F-4B94-9009-8B65B90C546F} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 85.93.101.5 85.93.101.205
FireFox:
========
FF ProfilePath: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=901452&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Address Bar Search - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-30]
Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Mara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Vyhledávání Google) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (avast! Online Security) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-30]
CHR Extension: (Peněženka Google) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Mara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-30]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2014-01-30]
========================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor8.0; c:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-30] (AVAST Software)
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-01-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-01-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-30] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-30] ()
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [47144 2010-03-31] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-12-17] (DT Soft Ltd)
S3 EUCR; C:\Windows\system32\drivers\EUCR6SK.SYS [82384 2010-03-02] (ENE Technology Inc.)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter; system32\DRIVERS\btfilter.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 GGSAFERDriver; \??\C:\Mara\Garena\Garena\safedrv.sys [x]
U2 wuaserv;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-31 15:35 - 2014-01-31 15:35 - 00014279 _____ C:\Users\Mara\Desktop\FRST.txt
2014-01-31 15:34 - 2014-01-31 15:35 - 00000000 ____D C:\FRST
2014-01-31 15:32 - 2014-01-31 15:33 - 00112640 _____ (forum.viry.cz) C:\Users\Mara\Desktop\FRSTLauncher (1).exe
2014-01-31 15:32 - 2014-01-31 15:32 - 00013176 _____ C:\Users\Mara\Desktop\Nepotvrzeno 29790.crdownload
2014-01-31 15:31 - 2014-01-31 15:32 - 01137152 _____ (Farbar) C:\Users\Mara\Desktop\FRST.exe
2014-01-31 11:35 - 2014-01-31 11:36 - 00005376 _____ C:\Windows\IE11_main.log
2014-01-31 11:25 - 2014-01-31 15:25 - 00000112 _____ C:\Windows\setupact.log
2014-01-31 11:25 - 2014-01-31 11:25 - 00000000 _____ C:\Windows\setuperr.log
2014-01-31 11:19 - 2014-01-31 11:24 - 00000000 ____D C:\AdwCleaner
2014-01-31 11:16 - 2014-01-31 11:18 - 00000000 ____D C:\Program Files\Passware
2014-01-31 10:55 - 2014-01-31 10:55 - 01166132 _____ C:\Users\Mara\Desktop\adwcleaner.exe
2014-01-30 18:57 - 2014-01-30 19:26 - 00000000 ____D C:\Program Files\trend micro
2014-01-30 18:57 - 2014-01-30 19:01 - 00000000 ____D C:\rsit
2014-01-30 18:56 - 2014-01-30 18:56 - 00781383 _____ C:\Users\Mara\Desktop\RSIT.exe
2014-01-30 18:51 - 2014-01-30 18:52 - 00000000 ____D C:\Users\Mara\Desktop\Programy
2014-01-30 18:28 - 2014-01-30 18:28 - 00000000 ____D C:\Users\Mara\AppData\Roaming\AVAST Software
2014-01-30 18:27 - 2014-01-30 18:26 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-30 18:27 - 2014-01-30 18:26 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-30 18:27 - 2014-01-30 18:26 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-30 18:26 - 2014-01-30 18:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-30 18:24 - 2014-01-30 18:24 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-30 18:23 - 2014-01-30 18:23 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-29 21:23 - 2014-01-29 21:23 - 00010360 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_PETR.xlsx
2014-01-29 21:23 - 2014-01-29 21:23 - 00009761 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_MELZER_01.xlsx
2014-01-29 21:22 - 2014-01-29 21:22 - 00010241 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_DOHNAL_01.xlsx
2014-01-28 13:06 - 2014-01-28 13:06 - 00000000 ____D C:\1f09181b1edfee833426e9cf27e9cc0a
2014-01-27 08:56 - 2014-01-27 08:56 - 00029696 _____ C:\Users\Mara\Desktop\ZP2-21.1.2014-MS2.xls
2014-01-27 08:55 - 2014-01-27 08:55 - 00029696 _____ C:\Users\Mara\Desktop\ZP2-21.1.2014-MS1.xls
2014-01-24 20:48 - 2014-01-24 20:48 - 00002521 _____ C:\Users\Mara\Desktop\Skype.lnk
2014-01-24 12:18 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-24 12:18 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-24 12:17 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-24 12:17 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-13 12:56 - 2014-01-27 14:58 - 00000000 ____D C:\Users\Mara\Desktop\plocha
2014-01-11 11:28 - 2014-01-11 11:48 - 00000000 ____D C:\Users\Mara\Desktop\Michalcerny.net
==================== One Month Modified Files and Folders =======
2014-01-31 15:35 - 2014-01-31 15:35 - 00014279 _____ C:\Users\Mara\Desktop\FRST.txt
2014-01-31 15:35 - 2014-01-31 15:34 - 00000000 ____D C:\FRST
2014-01-31 15:34 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 15:34 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 15:33 - 2014-01-31 15:32 - 00112640 _____ (forum.viry.cz) C:\Users\Mara\Desktop\FRSTLauncher (1).exe
2014-01-31 15:32 - 2014-01-31 15:32 - 00013176 _____ C:\Users\Mara\Desktop\Nepotvrzeno 29790.crdownload
2014-01-31 15:32 - 2014-01-31 15:31 - 01137152 _____ (Farbar) C:\Users\Mara\Desktop\FRST.exe
2014-01-31 15:31 - 2010-08-04 23:19 - 02070590 _____ C:\Windows\WindowsUpdate.log
2014-01-31 15:25 - 2014-01-31 11:25 - 00000112 _____ C:\Windows\setupact.log
2014-01-31 15:25 - 2011-09-26 18:06 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 15:25 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-31 11:36 - 2014-01-31 11:35 - 00005376 _____ C:\Windows\IE11_main.log
2014-01-31 11:32 - 2012-03-26 08:48 - 00000000 ____D C:\Users\Mara\AppData\Local\Facebook
2014-01-31 11:31 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-31 11:25 - 2014-01-31 11:25 - 00000000 _____ C:\Windows\setuperr.log
2014-01-31 11:24 - 2014-01-31 11:19 - 00000000 ____D C:\AdwCleaner
2014-01-31 11:23 - 2011-09-18 17:19 - 00000000 ____D C:\ProgramData\ICQ
2014-01-31 11:18 - 2014-01-31 11:16 - 00000000 ____D C:\Program Files\Passware
2014-01-31 11:16 - 2011-09-26 18:06 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 10:55 - 2014-01-31 10:55 - 01166132 _____ C:\Users\Mara\Desktop\adwcleaner.exe
2014-01-31 10:54 - 2011-09-26 18:06 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Skype
2014-01-30 19:26 - 2014-01-30 18:57 - 00000000 ____D C:\Program Files\trend micro
2014-01-30 19:01 - 2014-01-30 18:57 - 00000000 ____D C:\rsit
2014-01-30 18:56 - 2014-01-30 18:56 - 00781383 _____ C:\Users\Mara\Desktop\RSIT.exe
2014-01-30 18:53 - 2010-06-25 10:06 - 01470298 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-30 18:52 - 2014-01-30 18:51 - 00000000 ____D C:\Users\Mara\Desktop\Programy
2014-01-30 18:46 - 2012-09-20 19:32 - 00000000 ____D C:\ProgramData\TuneUp360
2014-01-30 18:46 - 2010-06-25 11:27 - 00000000 ____D C:\ProgramData\Norton
2014-01-30 18:46 - 2010-06-25 11:22 - 00000000 ____D C:\Program Files\Google
2014-01-30 18:42 - 2011-10-04 21:37 - 00000000 ____D C:\Users\Mara\AppData\Local\CrashDumps
2014-01-30 18:42 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2014-01-30 18:39 - 2011-09-16 23:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-30 18:28 - 2014-01-30 18:28 - 00000000 ____D C:\Users\Mara\AppData\Roaming\AVAST Software
2014-01-30 18:26 - 2014-01-30 18:27 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-30 18:26 - 2014-01-30 18:27 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-30 18:26 - 2014-01-30 18:27 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-30 18:26 - 2014-01-30 18:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-30 18:24 - 2014-01-30 18:24 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-30 18:23 - 2014-01-30 18:23 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-30 18:19 - 2012-09-20 19:32 - 00000000 ____D C:\Program Files\Wondershare
2014-01-30 18:11 - 2010-06-25 10:45 - 00000000 ____D C:\Program Files\Packard Bell
2014-01-30 18:10 - 2010-08-04 23:31 - 00000000 ____D C:\Program Files\Video Web Camera
2014-01-30 18:10 - 2010-06-25 10:37 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-30 18:08 - 2013-05-09 12:00 - 00000000 ____D C:\Program Files\Seznam.cz
2014-01-30 18:08 - 2013-05-09 11:59 - 00000000 ____D C:\Users\Mara\AppData\Roaming\Seznam.cz
2014-01-30 18:03 - 2010-06-25 10:45 - 00000000 ____D C:\ProgramData\WildTangent
2014-01-30 18:03 - 2010-06-25 10:45 - 00000000 ____D C:\Program Files\Packard Bell Games
2014-01-30 18:01 - 2011-10-10 17:59 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2014-01-30 17:53 - 2010-06-25 11:08 - 00000000 ____D C:\Program Files\Microsoft Works
2014-01-30 17:53 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-30 17:44 - 2013-02-04 01:21 - 00000000 ____D C:\Program Files\Garena Plus
2014-01-30 17:44 - 2011-09-16 19:37 - 00000000 ____D C:\Users\Mara\AppData\Local\Google
2014-01-30 17:44 - 2010-06-25 11:22 - 00000000 ____D C:\ProgramData\Google
2014-01-30 17:43 - 2011-09-17 00:37 - 00000000 ____D C:\Program Files\DivX
2014-01-30 17:43 - 2011-09-17 00:36 - 00000000 ____D C:\ProgramData\DivX
2014-01-30 17:43 - 2011-09-16 21:02 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2014-01-30 17:41 - 2011-09-26 18:05 - 00000000 ___RD C:\Program Files\Skype
2014-01-30 12:09 - 2011-09-26 18:07 - 00002101 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 21:23 - 2014-01-29 21:23 - 00010360 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_PETR.xlsx
2014-01-29 21:23 - 2014-01-29 21:23 - 00009761 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_MELZER_01.xlsx
2014-01-29 21:22 - 2014-01-29 21:22 - 00010241 _____ C:\Users\Mara\Desktop\NVECP_KLP_VYSLEDKY_22.1.2014_DOHNAL_01.xlsx
2014-01-28 13:06 - 2014-01-28 13:06 - 00000000 ____D C:\1f09181b1edfee833426e9cf27e9cc0a
2014-01-28 12:49 - 2009-07-14 05:33 - 00438168 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-27 14:58 - 2014-01-13 12:56 - 00000000 ____D C:\Users\Mara\Desktop\plocha
2014-01-27 09:07 - 2010-06-25 11:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-27 08:56 - 2014-01-27 08:56 - 00029696 _____ C:\Users\Mara\Desktop\ZP2-21.1.2014-MS2.xls
2014-01-27 08:55 - 2014-01-27 08:55 - 00029696 _____ C:\Users\Mara\Desktop\ZP2-21.1.2014-MS1.xls
2014-01-24 20:48 - 2014-01-24 20:48 - 00002521 _____ C:\Users\Mara\Desktop\Skype.lnk
2014-01-13 12:15 - 2013-08-19 12:07 - 00000000 ____D C:\Users\Mara\Desktop\Právnická fakulta UPOL
2014-01-11 11:48 - 2014-01-11 11:28 - 00000000 ____D C:\Users\Mara\Desktop\Michalcerny.net
Some content of TEMP:
====================
C:\Users\Mara\AppData\Local\Temp\Quarantine.exe
C:\Users\Mara\AppData\Local\Temp\uninst1.exe
C:\Users\Mara\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Mara\Downloads\KRCNÍ_CVICENÍ.eml:OECustomProperty
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Mara\Desktop" je 44574 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface
"C:\Users\Mara\AppData\Local\Akamai\netsession_win.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\Mara\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\Mara\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Mara\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ
~"C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess
"C:\Program Files\Nokia\PC Internet Access\NPCIA.exe" /b [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\Mara\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (3.45 KiB) Staženo 51 x
Re: Preventivka
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-11] (Adobe Systems Incorporated) MountPoints2: {2342cc52-7964-11e1-a37d-88ae1d69f111} - D:\NokiaPCIA_Autorun.exe HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Packard Bell\Screensaver\run_Packard Bell.exe /default HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Packard Bell\Screensaver\run_Packard Bell.exe /default HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.golsearch.com/?affID=119816& ... 46199942B1 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f47n2d339 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKCU - {5EB1CE17-0BBA-4320-ADA4-94F33ED81666} URL = http://search.yahoo.com/search?fr=chr-g ... =901452&p={searchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_csCZ449 SearchScopes: HKCU - {9A958F11-3C1F-4B94-9009-8B65B90C546F} URL = http://search.yahoo.com/search?fr=chr-g ... =901452&p={searchTerms} Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File FF DefaultSearchEngine: Yahoo! FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", ""); FF SelectedSearchEngine: Yahoo! FF Keyword.URL: hxxp://search.yahoo.com/search?fr=green ... =901452&p= FF SearchPlugin: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\yahoo_ff.xml FF Extension: Address Bar Search - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30] CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2014-01-30] S3 AthBTPort; system32\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [x] S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [x] S3 BtFilter; system32\DRIVERS\btfilter.sys [x] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x] S3 GGSAFERDriver; \??\C:\Mara\Garena\Garena\safedrv.sys [x] 2014-01-31 15:32 - 2014-01-31 15:33 - 00112640 _____ (forum.viry.cz) C:\Users\Mara\Desktop\FRSTLauncher (1).exe 2014-01-31 15:32 - 2014-01-31 15:32 - 00013176 _____ C:\Users\Mara\Desktop\Nepotvrzeno 29790.crdownload 2014-01-31 10:55 - 2014-01-31 10:55 - 01166132 _____ C:\Users\Mara\Desktop\adwcleaner.exe 2014-01-30 18:56 - 2014-01-30 18:56 - 00781383 _____ C:\Users\Mara\Desktop\RSIT.exe C:\Users\Mara\AppData\Local\Temp\Quarantine.exe C:\Users\Mara\AppData\Local\Temp\uninst1.exe C:\Users\Mara\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe C:\Program Files\Common Files\Spigot Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\ProgramData\Temp:373E1720 REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f Hosts: CMD: shutdown /r /f /t 2 End- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventivka
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
Ran by Mara at 2014-02-01 12:27:26 Run:1
Running from C:\Users\Mara\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-11] (Adobe Systems Incorporated)
MountPoints2: {2342cc52-7964-11e1-a37d-88ae1d69f111} - D:\NokiaPCIA_Autorun.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Packard Bell\Screensaver\run_Packard Bell.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Packard Bell\Screensaver\run_Packard Bell.exe /default
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.golsearch.com/?affID=119816& ... 46199942B1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f47n2d339
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ACPW
SearchScopes: HKCU - {5EB1CE17-0BBA-4320-ADA4-94F33ED81666} URL = http://search.yahoo.com/search?fr=chr-g ... =901452&p={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... PW_csCZ449
SearchScopes: HKCU - {9A958F11-3C1F-4B94-9009-8B65B90C546F} URL = http://search.yahoo.com/search?fr=chr-g ... =901452&p={searchTerms}
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=green ... =901452&p=
FF SearchPlugin: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\yahoo_ff.xml
FF Extension: Address Bar Search - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2014-01-30]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter; system32\DRIVERS\btfilter.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 GGSAFERDriver; \??\C:\Mara\Garena\Garena\safedrv.sys [x]
2014-01-31 15:32 - 2014-01-31 15:33 - 00112640 _____ (forum.viry.cz) C:\Users\Mara\Desktop\FRSTLauncher (1).exe
2014-01-31 15:32 - 2014-01-31 15:32 - 00013176 _____ C:\Users\Mara\Desktop\Nepotvrzeno 29790.crdownload
2014-01-31 10:55 - 2014-01-31 10:55 - 01166132 _____ C:\Users\Mara\Desktop\adwcleaner.exe
2014-01-30 18:56 - 2014-01-30 18:56 - 00781383 _____ C:\Users\Mara\Desktop\RSIT.exe
C:\Users\Mara\AppData\Local\Temp\Quarantine.exe
C:\Users\Mara\AppData\Local\Temp\uninst1.exe
C:\Users\Mara\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Program Files\Common Files\Spigot
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f
Hosts:
CMD: shutdown /r /f /t 2
End
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => Value not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2342cc52-7964-11e1-a37d-88ae1d69f111} => Key deleted successfully.
HKCR\CLSID\{2342cc52-7964-11e1-a37d-88ae1d69f111} => Key not found.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EB1CE17-0BBA-4320-ADA4-94F33ED81666} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5EB1CE17-0BBA-4320-ADA4-94F33ED81666} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A958F11-3C1F-4B94-9009-8B65B90C546F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9A958F11-3C1F-4B94-9009-8B65B90C546F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\searchplugins-backup => Moved successfully.
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\yahoo_ff.xml => Moved successfully.
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} => Moved successfully.
C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx" => File/Directory not found.
AthBTPort => Service deleted successfully.
BTATH_A2DP => Service deleted successfully.
BTATH_BUS => Service deleted successfully.
BTATH_HCRP => Service deleted successfully.
BTATH_LWFLT => Service deleted successfully.
BTATH_RCP => Service deleted successfully.
BtFilter => Service deleted successfully.
EagleXNt => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
C:\Users\Mara\Desktop\FRSTLauncher (1).exe => Moved successfully.
"C:\Users\Mara\Desktop\Nepotvrzeno 29790.crdownload" => File/Directory not found.
C:\Users\Mara\Desktop\adwcleaner.exe => Moved successfully.
C:\Users\Mara\Desktop\RSIT.exe => Moved successfully.
C:\Users\Mara\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Mara\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Mara\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe => Moved successfully.
"C:\Program Files\Common Files\Spigot" => File/Directory not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= shutdown /r /f /t 2 =========
========= End of CMD: =========
==== End of Fixlog ====
Ran by Mara at 2014-02-01 12:27:26 Run:1
Running from C:\Users\Mara\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-11] (Adobe Systems Incorporated)
MountPoints2: {2342cc52-7964-11e1-a37d-88ae1d69f111} - D:\NokiaPCIA_Autorun.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Packard Bell\Screensaver\run_Packard Bell.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Packard Bell\Screensaver\run_Packard Bell.exe /default
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.golsearch.com/?affID=119816& ... 46199942B1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f47n2d339
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ACPW
SearchScopes: HKCU - {5EB1CE17-0BBA-4320-ADA4-94F33ED81666} URL = http://search.yahoo.com/search?fr=chr-g ... =901452&p={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... PW_csCZ449
SearchScopes: HKCU - {9A958F11-3C1F-4B94-9009-8B65B90C546F} URL = http://search.yahoo.com/search?fr=chr-g ... =901452&p={searchTerms}
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF DefaultSearchEngine: Yahoo!
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=green ... =901452&p=
FF SearchPlugin: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\yahoo_ff.xml
FF Extension: Address Bar Search - C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2014-01-30]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter; system32\DRIVERS\btfilter.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 GGSAFERDriver; \??\C:\Mara\Garena\Garena\safedrv.sys [x]
2014-01-31 15:32 - 2014-01-31 15:33 - 00112640 _____ (forum.viry.cz) C:\Users\Mara\Desktop\FRSTLauncher (1).exe
2014-01-31 15:32 - 2014-01-31 15:32 - 00013176 _____ C:\Users\Mara\Desktop\Nepotvrzeno 29790.crdownload
2014-01-31 10:55 - 2014-01-31 10:55 - 01166132 _____ C:\Users\Mara\Desktop\adwcleaner.exe
2014-01-30 18:56 - 2014-01-30 18:56 - 00781383 _____ C:\Users\Mara\Desktop\RSIT.exe
C:\Users\Mara\AppData\Local\Temp\Quarantine.exe
C:\Users\Mara\AppData\Local\Temp\uninst1.exe
C:\Users\Mara\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Program Files\Common Files\Spigot
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f
Hosts:
CMD: shutdown /r /f /t 2
End
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => Value not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2342cc52-7964-11e1-a37d-88ae1d69f111} => Key deleted successfully.
HKCR\CLSID\{2342cc52-7964-11e1-a37d-88ae1d69f111} => Key not found.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EB1CE17-0BBA-4320-ADA4-94F33ED81666} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5EB1CE17-0BBA-4320-ADA4-94F33ED81666} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A958F11-3C1F-4B94-9009-8B65B90C546F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9A958F11-3C1F-4B94-9009-8B65B90C546F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\searchplugins-backup => Moved successfully.
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\searchplugins\yahoo_ff.xml => Moved successfully.
C:\Users\Mara\AppData\Roaming\Mozilla\Firefox\Profiles\mapqr9l3.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} => Moved successfully.
C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx" => File/Directory not found.
AthBTPort => Service deleted successfully.
BTATH_A2DP => Service deleted successfully.
BTATH_BUS => Service deleted successfully.
BTATH_HCRP => Service deleted successfully.
BTATH_LWFLT => Service deleted successfully.
BTATH_RCP => Service deleted successfully.
BtFilter => Service deleted successfully.
EagleXNt => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
C:\Users\Mara\Desktop\FRSTLauncher (1).exe => Moved successfully.
"C:\Users\Mara\Desktop\Nepotvrzeno 29790.crdownload" => File/Directory not found.
C:\Users\Mara\Desktop\adwcleaner.exe => Moved successfully.
C:\Users\Mara\Desktop\RSIT.exe => Moved successfully.
C:\Users\Mara\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Mara\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Mara\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe => Moved successfully.
"C:\Program Files\Common Files\Spigot" => File/Directory not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= shutdown /r /f /t 2 =========
========= End of CMD: =========
==== End of Fixlog ====
Re: Preventivka
Tak jeste uklidime 
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel èistiè
A pokud nejsou problemy ci dotazy, je to z me strany vse 
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel èistiè
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?