- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Jirka a Aneta (administrator) on JAHNOVI on 31-01-2014 09:24:12
Running from C:\Users\Jirka a Aneta\Desktop
Windows 7 Home Premium (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(APN LLC.) C:\Users\Jirka a Aneta\AppData\Local\VNT\vntldr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Pandora.TV) C:\Program Files (x86)\The KMPlayer\KMPlayer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-12] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [EeeStorageBackup] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1732608 2009-11-26] ()
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [seznam-listicka-distribuce] - "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-01-06] (APN LLC.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-02] (BitTorrent Inc.)
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-12] (Adobe Systems Incorporated)
HKCU\...\Policies\Explorer\Run: [Piranha Games] - C:\Users\Jirka a Aneta\AppData\Roaming\A92E75\A92E75.exe [45128 2009-07-14] ( (Microsoft Corporation))
Startup: C:\Users\Tata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=16194
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.alawarhry.cz
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3FFD3656-3884-4FDB-8935-E6A1B83AFAC8} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKCU - {6D9B577E-0BA2-4CAA-9381-EBCEECD2F5F1} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKCU - {7988364B-E115-4FD2-9CB2-DC67042BDFC9} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKCU - {79CDD03F-56AA-4774-A4EF-E1EDD363ECAC} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKCU - {89E8D30F-1080-4466-8C8F-6D36A547102A} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKCU - {9051C4E3-9AC0-401A-980D-A14E0FBCCD41} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
SearchScopes: HKCU - {EB931DF8-5051-4FAE-9110-42274C835AA7} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKCU - {EF2812D8-7E04-4D19-96A9-7F10F30BFBA5} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO-x32: No Name - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.132.12.33 10.132.12.1
FireFox:
========
FF ProfilePath: C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.jobego.com/search/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Jirka a Aneta\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jirka a Aneta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\searchplugins\jobegocom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Vagex Firefox Add-On - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\ffaddon@vagex.com [2013-03-29]
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\plugin@videofiledownload.com [2012-07-06]
FF Extension: The Saloon Bar - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\saloonbar@ligny.org.uk [2011-02-18]
FF Extension: Seznam lištička - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-05-17]
FF Extension: Illimitux - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\illimitux@illimitux.net.xpi [2011-07-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-27]
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha510.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta63.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ff
FF Extension: Video Player - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ff [2014-01-10]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha142.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff
FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff [2014-01-29]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
Chrome:
=======
CHR HomePage: https://www.google.cz/?gws_rd=cr
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Jirka a Aneta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Plugin) - C:\Users\Jirka a Aneta\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Extension: (Angry Birds) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-03-01]
CHR Extension: (YouTube) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Media Player) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdmlifmcodeplijdlfnanamghkiidoij [2014-01-29]
CHR Extension: (Vyhledávání Google) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (AdBlock) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-15]
CHR Extension: (Peněženka Google) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Battlefield Play4Free) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2013-04-21]
CHR Extension: (Video Player) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfekkhdmhmddhjhfmkmfhojbjlihbopc [2014-01-10]
CHR Extension: (Gmail) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKCU\...\Chrome\Extension: [bdkdmpigoicnmdhmhiafmpcfnfgpfnol] - C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaajfocmnnhjaajccaelhippajhaeod] - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [bdkdmpigoicnmdhmhiafmpcfnfgpfnol] - C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [egnimkioipookhfihpljiedpgjffibpa] - C:\Program Files (x86)\MyBrowserCash\MBC_chrome.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\JIRKAA~1\AppData\Local\Temp\crxE74B.tmp [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [pfekkhdmhmddhjhfmkmfhojbjlihbopc] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ch\VideoPlayerV3beta63.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [pjbnadgnhhkoohnkddbceoldfibijgpk] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2014-01-07]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-06] (APN LLC.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3849720 2012-09-02] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-09] ()
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\ \...\???\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-07-17] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-11] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-05-31] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-07-17] ()
S3 M1000Srv; C:\Windows\System32\Drivers\M1000KNT.sys [506496 2012-03-05] ()
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-23] ()
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 TS_AR5416; C:\Windows\System32\DRIVERS\ts_athwx.sys [2156872 2011-09-05] (TamoSoft)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 ALSysIO; \??\C:\Users\JIRKAA~1\AppData\Local\Temp\ALSysIO64.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 dump_wmimmc; \??\D:\Jirka\GamesCampus\DriftCity\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
U3 tmlwf;
U3 tmwfp;
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-31 09:24 - 2014-01-31 09:24 - 00029833 _____ C:\Users\Jirka a Aneta\Desktop\FRST.txt
2014-01-31 09:24 - 2014-01-31 09:24 - 00000000 ____D C:\FRST
2014-01-31 09:20 - 2014-01-31 09:20 - 00030014 _____ C:\Users\Jirka a Aneta\Desktop\Stargate-Universe-S01E11(0000152882).srt
2014-01-31 09:19 - 2014-01-31 09:19 - 00112640 _____ (forum.viry.cz) C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe
2014-01-31 09:17 - 2014-01-31 09:18 - 02079744 _____ (Farbar) C:\Users\Jirka a Aneta\Desktop\FRST64.exe
2014-01-30 23:48 - 2014-01-30 23:48 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-30 23:48 - 2014-01-30 23:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 23:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-30 23:43 - 2014-01-30 23:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jirka a Aneta\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-30 15:33 - 2014-01-30 15:33 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-01-30 15:33 - 2014-01-30 15:33 - 00000764 _____ C:\Windows\system32\bootdelete.lst
2014-01-30 15:18 - 2014-01-30 15:34 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-30 14:51 - 2014-01-30 14:51 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Malwarebytes
2014-01-30 14:50 - 2014-01-30 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-30 14:39 - 2014-01-30 14:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-30 14:27 - 2014-01-30 14:31 - 00000000 ____D C:\AdwCleaner
2014-01-29 23:48 - 2014-01-29 23:48 - 00000270 __RSH C:\ProgramData\ntuser.pol
2014-01-29 23:48 - 2014-01-29 23:48 - 00000000 ____D C:\Program Files (x86)\MediaPlayerV1
2014-01-26 09:35 - 2014-01-26 19:01 - 00000000 ____D C:\Users\Jirka a Aneta\Documents\ArcaniA - Gothic 4
2014-01-26 09:35 - 2014-01-26 09:35 - 00000000 __SHD C:\ProgramData\SecuROM
2014-01-24 21:59 - 2014-01-24 21:59 - 00000221 _____ C:\Users\Jirka a Aneta\Desktop\ArcaniA Gothic 4.url
2014-01-23 21:45 - 2014-01-23 21:45 - 00001135 _____ C:\Users\Jirka a Aneta\Desktop\Nový textový dokument.TXT
2014-01-19 16:16 - 2014-01-19 16:16 - 00000000 _____ C:\Windows\WindowsUpdate.log
2014-01-18 18:08 - 2014-01-18 18:08 - 00000221 _____ C:\Users\Jirka a Aneta\Desktop\Arma 2.url
2014-01-14 18:01 - 2014-01-14 18:01 - 00001016 _____ C:\Users\Public\Desktop\Mumble.lnk
2014-01-13 18:46 - 2014-01-13 18:46 - 00001238 _____ C:\Users\Jirka a Aneta\Desktop\TeamSpeak 3 Client.lnk
2014-01-13 18:46 - 2014-01-13 18:46 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-01-13 18:46 - 2014-01-13 18:46 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\TeamSpeak 3 Client
2014-01-13 16:48 - 2014-01-13 17:22 - 590753870 _____ C:\Users\Jirka a Aneta\Desktop\Quiet-Rage---The-Stanford-Prison-Experiment.mov
2014-01-11 14:50 - 2014-01-11 14:50 - 00000000 ____D C:\Users\Jirka a Aneta\Desktop\AS51
2014-01-10 20:36 - 2014-01-10 20:36 - 00002996 _____ C:\Windows\System32\Tasks\{6F1413CC-D5A1-40D3-93F3-D4B4CADEB814}
2014-01-10 20:35 - 2014-01-10 20:35 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\com.immersyve.Paladin.live
2014-01-10 18:48 - 2014-01-10 18:48 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-10 08:28 - 2014-01-10 08:28 - 00001082 _____ C:\Users\Jirka a Aneta\Desktop\Wow – zástupce.lnk
2014-01-08 19:30 - 2014-01-30 15:09 - 00004652 _____ C:\Windows\PFRO.log
2014-01-05 14:18 - 2014-01-05 14:18 - 00000770 _____ C:\Users\Public\Desktop\Game Dev Tycoon.lnk
2014-01-01 14:40 - 2014-01-01 14:40 - 00000000 ____D C:\Users\Jirka a Aneta\Documents\SavedGames
==================== One Month Modified Files and Folders =======
2014-01-31 09:24 - 2014-01-31 09:24 - 00029833 _____ C:\Users\Jirka a Aneta\Desktop\FRST.txt
2014-01-31 09:24 - 2014-01-31 09:24 - 00000000 ____D C:\FRST
2014-01-31 09:23 - 2010-02-02 17:52 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Skype
2014-01-31 09:20 - 2014-01-31 09:20 - 00030014 _____ C:\Users\Jirka a Aneta\Desktop\Stargate-Universe-S01E11(0000152882).srt
2014-01-31 09:19 - 2014-01-31 09:19 - 00112640 _____ (forum.viry.cz) C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe
2014-01-31 09:18 - 2014-01-31 09:17 - 02079744 _____ (Farbar) C:\Users\Jirka a Aneta\Desktop\FRST64.exe
2014-01-31 09:00 - 2011-03-15 19:04 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 08:59 - 2013-02-23 09:52 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 01:23 - 2012-08-23 21:20 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\uTorrent
2014-01-30 23:48 - 2014-01-30 23:48 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-30 23:48 - 2014-01-30 23:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 23:43 - 2014-01-30 23:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jirka a Aneta\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-30 18:53 - 2012-02-10 08:29 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-30 15:46 - 2011-03-15 19:04 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 15:34 - 2014-01-30 15:18 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-30 15:33 - 2014-01-30 15:33 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-01-30 15:33 - 2014-01-30 15:33 - 00000764 _____ C:\Windows\system32\bootdelete.lst
2014-01-30 15:19 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 15:19 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 15:16 - 2013-05-17 11:26 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz
2014-01-30 15:09 - 2014-01-08 19:30 - 00004652 _____ C:\Windows\PFRO.log
2014-01-30 15:09 - 2013-12-14 14:35 - 00004514 _____ C:\Windows\setupact.log
2014-01-30 15:09 - 2009-12-26 21:30 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-30 15:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 15:08 - 2013-10-07 18:14 - 00000000 __SHD C:\Users\Jirka a Aneta\fxiuy
2014-01-30 14:51 - 2014-01-30 14:51 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Malwarebytes
2014-01-30 14:50 - 2014-01-30 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-30 14:39 - 2014-01-30 14:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-30 14:31 - 2014-01-30 14:27 - 00000000 ____D C:\AdwCleaner
2014-01-30 14:29 - 2010-01-23 14:31 - 00000000 ____D C:\ProgramData\ICQ
2014-01-29 23:48 - 2014-01-29 23:48 - 00000270 __RSH C:\ProgramData\ntuser.pol
2014-01-29 23:48 - 2014-01-29 23:48 - 00000000 ____D C:\Program Files (x86)\MediaPlayerV1
2014-01-29 23:48 - 2010-01-21 18:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-29 23:48 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-29 23:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2014-01-29 15:20 - 2012-10-05 12:22 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\PMB Files
2014-01-28 23:31 - 2013-04-03 18:27 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\CrashDumps
2014-01-28 13:25 - 2013-08-29 11:13 - 00000000 ____D C:\Users\Jirka a Aneta\Desktop\Přidat
2014-01-26 19:01 - 2014-01-26 09:35 - 00000000 ____D C:\Users\Jirka a Aneta\Documents\ArcaniA - Gothic 4
2014-01-26 09:35 - 2014-01-26 09:35 - 00000000 __SHD C:\ProgramData\SecuROM
2014-01-26 09:34 - 2013-12-21 17:40 - 00052881 _____ C:\Windows\DirectX.log
2014-01-24 21:59 - 2014-01-24 21:59 - 00000221 _____ C:\Users\Jirka a Aneta\Desktop\ArcaniA Gothic 4.url
2014-01-24 21:02 - 2009-08-03 21:00 - 00672386 _____ C:\Windows\system32\perfh005.dat
2014-01-24 21:02 - 2009-08-03 21:00 - 00142950 _____ C:\Windows\system32\perfc005.dat
2014-01-24 21:02 - 2009-07-14 06:13 - 01592850 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-23 21:45 - 2014-01-23 21:45 - 00001135 _____ C:\Users\Jirka a Aneta\Desktop\Nový textový dokument.TXT
2014-01-22 19:49 - 2012-01-16 16:38 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\TS3Client
2014-01-19 16:16 - 2014-01-19 16:16 - 00000000 _____ C:\Windows\WindowsUpdate.log
2014-01-18 18:08 - 2014-01-18 18:08 - 00000221 _____ C:\Users\Jirka a Aneta\Desktop\Arma 2.url
2014-01-16 18:49 - 2010-02-02 12:26 - 00000600 _____ C:\Users\Jirka a Aneta\AppData\Roaming\winscp.rnd
2014-01-15 18:39 - 2011-05-26 17:20 - 06942208 ___SH C:\Users\Jirka a Aneta\Desktop\Thumbs.db
2014-01-14 18:01 - 2014-01-14 18:01 - 00001016 _____ C:\Users\Public\Desktop\Mumble.lnk
2014-01-14 18:01 - 2012-01-12 17:40 - 00000000 ____D C:\Program Files (x86)\Mumble
2014-01-13 18:46 - 2014-01-13 18:46 - 00001238 _____ C:\Users\Jirka a Aneta\Desktop\TeamSpeak 3 Client.lnk
2014-01-13 18:46 - 2014-01-13 18:46 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-01-13 18:46 - 2014-01-13 18:46 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\TeamSpeak 3 Client
2014-01-13 17:22 - 2014-01-13 16:48 - 590753870 _____ C:\Users\Jirka a Aneta\Desktop\Quiet-Rage---The-Stanford-Prison-Experiment.mov
2014-01-11 14:50 - 2014-01-11 14:50 - 00000000 ____D C:\Users\Jirka a Aneta\Desktop\AS51
2014-01-10 20:57 - 2013-10-07 19:15 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2014-01-10 20:36 - 2014-01-10 20:36 - 00002996 _____ C:\Windows\System32\Tasks\{6F1413CC-D5A1-40D3-93F3-D4B4CADEB814}
2014-01-10 20:35 - 2014-01-10 20:35 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\com.immersyve.Paladin.live
2014-01-10 20:11 - 2012-11-21 15:24 - 00000000 __SHD C:\Users\Jirka a Aneta\Userdata
2014-01-10 18:48 - 2014-01-10 18:48 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-10 08:28 - 2014-01-10 08:28 - 00001082 _____ C:\Users\Jirka a Aneta\Desktop\Wow – zástupce.lnk
2014-01-09 21:18 - 2013-05-17 11:42 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\Game Dev Tycoon
2014-01-09 17:21 - 2013-07-23 16:58 - 00000000 ____D C:\Users\Jirka a Aneta\Desktop\Anet
2014-01-09 17:19 - 2011-01-11 14:31 - 00000000 ___RD C:\Users\Jirka a Aneta\Desktop\Jjohny
2014-01-06 14:11 - 2013-11-08 14:44 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\VNT
2014-01-06 14:10 - 2013-11-08 14:44 - 00000000 ____D C:\Program Files (x86)\VNT
2014-01-05 14:18 - 2014-01-05 14:18 - 00000770 _____ C:\Users\Public\Desktop\Game Dev Tycoon.lnk
2014-01-01 20:47 - 2012-08-26 08:39 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\FalloutNV
2014-01-01 14:40 - 2014-01-01 14:40 - 00000000 ____D C:\Users\Jirka a Aneta\Documents\SavedGames
ZeroAccess:
C:\Users\Jirka a Aneta\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
Some content of TEMP:
====================
C:\Users\Aňula\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Jirka a Aneta\AppData\Local\Temp\avgnt.exe
C:\Users\Jirka a Aneta\AppData\Local\Temp\HitmanPro.exe
C:\Users\Jirka a Aneta\AppData\Local\Temp\Quarantine.exe
C:\Users\Tata\AppData\Local\Temp\avgnt.exe
C:\Users\Tata\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 09:33
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:13.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:56.03 GB) NTFS
Available physical RAM: 1746.97 MB
Total physical RAM: 4095.27 MB
Percentage of memory in use: 57%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=335 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:15024E60
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:596E2371
AlternateDataStreams: C:\ProgramData\Temp:68C295D4
AlternateDataStreams: C:\ProgramData\Temp:734E442A
AlternateDataStreams: C:\ProgramData\Temp:75D366A3
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
==================== Security Center ==================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Jirka a Aneta\Desktop" je 4655 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector
C:\Windows\AsScrPro.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU
C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Soluto
c:\program files\soluto\soluto.exe /init [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"C:\Program Files (x86)\Steam\steam.exe" -silent [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ JCC - AutoClickerBot.lnk
C:\JCC-AU~1\JCC-AU~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu - BetterSurf
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Kontrola logu - BetterSurf
Zdravím, před pár dny na mě začali vyskakovat Pop-up okna, zobrazovat se reklamy "Ads by BetterSurf" a podtrhávat text, z kterého se dělají odkazy. Program jsem odinstaloval, ručně prohledal registry a smazal zbytky, také z logu poznáte, že jsem použil různé programy na odstranění havěti a stejně reklama nezmizela. Prosil bych tedy o kontrolu logu a radu, co dál.
- Přílohy
-
- Addition.rar
- (11.1 KiB) Staženo 74 x
Re: Kontrola logu - BetterSurf
Zdravim 
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu - BetterSurf
Rkill:
- Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 01/31/2014 10:23:19 AM in x64 mode.
Windows Version: Windows 7 Home Premium
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
* ALERT: ZEROACCESS rootkit symptoms found!
* C:\Program Files (x86)\Google\Desktop\Install\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\ \ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\ \...\ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\ \...\ﯹ๛\ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\ \...\ﯹ๛\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\ [ZA Dir]
* C:\Users\Jirka a Aneta\AppData\Local\Google\Desktop\Install\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\ [ZA Dir]
* C:\Users\Jirka a Aneta\AppData\Local\Google\Desktop\Install\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\❤≸⋙\ [ZA Dir]
* C:\Users\Jirka a Aneta\AppData\Local\Google\Desktop\Install\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
* C:\Users\Jirka a Aneta\AppData\Local\Google\Desktop\Install\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
* C:\Users\Jirka a Aneta\AppData\Local\Google\Desktop\Install\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{94b33d1b-8557-37a1-49e7-1f0e14014fb9}\ [ZA Dir]
Checking Windows Service Integrity:
* Brána Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* PcaSvc [Missing Service]
* PolicyAgent [Missing Service]
* RemoteAccess [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
76.115.137.4 api1.thewarinc.com
Program finished at: 01/31/2014 10:24:52 AM
Execution time: 0 hours(s), 1 minute(s), and 33 seconds(s)
Re: Kontrola logu - BetterSurf
Pokracujte ComboFixem, mate tam peknou mrchu 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu - BetterSurf
Mám ComboFix hotový, akorát se to sem nevleze skrze znaky, tak přikládám jako přílohu.
- Přílohy
-
- ComboFix.rar
- (8.46 KiB) Staženo 73 x
Re: Kontrola logu - BetterSurf
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe
- Ulozte nejlepe na Plochu
- U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
- Kliknete na Scan
- Po dokonceni skenu se objevi log FSS.txt ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu - BetterSurf
AdwCleaner byl použit už včera bez výsledků, ale stejně, zde je log:
- # AdwCleaner v3.018 - Report created 31/01/2014 at 11:34:37
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Jirka a Aneta - JAHNOVI
# Running from : C:\Users\Jirka a Aneta\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16457
-\\ Mozilla Firefox v22.0 (cs)
[ File : C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\prefs.js ]
[ File : C:\Users\Aňula\AppData\Roaming\Mozilla\Firefox\Profiles\bzwk4i2s.default\prefs.js ]
[ File : C:\Users\Tata\AppData\Roaming\Mozilla\Firefox\Profiles\fhfua0oe.default\prefs.js ]
-\\ Google Chrome v32.0.1700.102
[ File : C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\Aňula\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\Tata\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R1].txt - [1358 octets] - [31/01/2014 11:31:09]
AdwCleaner[S1].txt - [1281 octets] - [31/01/2014 11:34:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1341 octets] ##########
- Farbar Service Scanner Version: 08-01-2014
Ran by Jirka a Aneta (administrator) on 31-01-2014 at 11:43:13
Running from "C:\Users\Jirka a Aneta\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Re: Kontrola logu - BetterSurf
Stahnete Service Repair http://kb.eset.com/library/ESET/KB%20Te ... Repair.exe
- Ulozte nejlepe na Plochu
- Spustte a potvrdte Yes abyste potvrdil reinstalaci sluzeb
- Nasledne kliknutim na Yes potvrdte restart PC
- Na Plose vznikne slozka CC Support, najdete tam log SvcRepair.txt - mel by byt CC Support\Logs\SvcRepair.txt - vlozte mi jej sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu - BetterSurf
- Log Opened: 2014-01-31 @ 11:50:58
11:50:58 - -----------------
11:50:58 - | Begin Logging |
11:50:58 - -----------------
11:50:58 - Fix started on a WIN_7 X64 computer
11:50:58 - Prep in progress. Please Wait.
11:50:59 - Prep complete
11:50:59 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>
SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>
SetACL finished successfully.
11:51:00 - Services Repair Complete.
11:51:05 - Reboot Initiated
Re: Kontrola logu - BetterSurf
Udelejte prosim novy log z FRST
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu - BetterSurf
- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Jirka a Aneta (administrator) on JAHNOVI on 31-01-2014 12:28:26
Running from C:\Users\Jirka a Aneta\Desktop
Windows 7 Home Premium (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(ClanServers Hosting LLC) C:\Program Files (x86)\GameTracker\GSInGameService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
() C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(APN LLC.) C:\Users\Jirka a Aneta\AppData\Local\VNT\vntldr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Pandora.TV) C:\Program Files (x86)\The KMPlayer\KMPlayer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-12] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [EeeStorageBackup] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1732608 2009-11-26] ()
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-01-06] (APN LLC.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-02] (BitTorrent Inc.)
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Aňula\...\Run: [MyWebSearch Email Plugin] - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKU\Aňula\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Aňula\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Aňula\...\Run: [Vagex] - C:\Users\Aňula\Desktop\Vagex\Vagex.exe
HKU\Aňula\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\Aňula\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\Aňula\...\Run: [] - [x]
HKU\Aňula\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKU\Aňula\...\Run: [AdobeBridge] - [x]
HKU\Aňula\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Aňula\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Aňula\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Aňula\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKU\Guest\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Guest\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Guest\...\Run: [Vagex] - C:\Users\Guest\Desktop\Vagex\Vagex.exe
HKU\Guest\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\Guest\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-02] (BitTorrent Inc.)
HKU\Guest\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\Guest\...\Run: [] - [x]
HKU\Guest\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKU\Guest\...\Run: [LSVP] - C:\Program Files (x86)\LS\Vypnutí PC\vp.exe [155648 2005-05-18] (Ladislav SKOKAN, +420602507810, ladislav.skokan@seznam.cz)
HKU\Guest\...\Run: [AdobeBridge] - [x]
HKU\Guest\...\RunOnce: [LSVP] - C:\Program Files (x86)\LS\Vypnutí PC\vp.exe [155648 2005-05-18] (Ladislav SKOKAN, +420602507810, ladislav.skokan@seznam.cz)
HKU\Tata\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Tata\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Tata\...\Run: [Vagex] - C:\Users\Tata\Desktop\Vagex\Vagex.exe
HKU\Tata\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\Tata\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\Tata\...\Run: [] - [x]
HKU\Tata\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKU\Tata\...\Run: [AdobeBridge] - [x]
HKU\Tata\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Tata\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Tata\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Tata\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\UpdatusUser\...\Run: [] - [x]
HKU\UpdatusUser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
Startup: C:\Users\Tata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=16194
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.alawarhry.cz
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3FFD3656-3884-4FDB-8935-E6A1B83AFAC8} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKCU - {6D9B577E-0BA2-4CAA-9381-EBCEECD2F5F1} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKCU - {7988364B-E115-4FD2-9CB2-DC67042BDFC9} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKCU - {79CDD03F-56AA-4774-A4EF-E1EDD363ECAC} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKCU - {89E8D30F-1080-4466-8C8F-6D36A547102A} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKCU - {9051C4E3-9AC0-401A-980D-A14E0FBCCD41} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
SearchScopes: HKCU - {EB931DF8-5051-4FAE-9110-42274C835AA7} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKCU - {EF2812D8-7E04-4D19-96A9-7F10F30BFBA5} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO-x32: No Name - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.132.12.33 10.132.12.1
FireFox:
========
FF ProfilePath: C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.jobego.com/search/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Jirka a Aneta\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jirka a Aneta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\searchplugins\jobegocom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Vagex Firefox Add-On - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\ffaddon@vagex.com [2013-03-29]
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\plugin@videofiledownload.com [2012-07-06]
FF Extension: The Saloon Bar - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\saloonbar@ligny.org.uk [2011-02-18]
FF Extension: Seznam lištička - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-05-17]
FF Extension: Illimitux - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\illimitux@illimitux.net.xpi [2011-07-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-27]
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha510.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta63.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha142.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff
FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff [2014-01-29]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
Chrome:
=======
CHR HomePage: https://www.google.cz/?gws_rd=cr
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Jirka a Aneta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Plugin) - C:\Users\Jirka a Aneta\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Extension: (Angry Birds) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-03-01]
CHR Extension: (YouTube) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Media Player) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdmlifmcodeplijdlfnanamghkiidoij [2014-01-29]
CHR Extension: (Vyhledávání Google) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (AdBlock) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-15]
CHR Extension: (Peněženka Google) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Battlefield Play4Free) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2013-04-21]
CHR Extension: (Gmail) - C:\Users\Jirka a Aneta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKCU\...\Chrome\Extension: [bdkdmpigoicnmdhmhiafmpcfnfgpfnol] - C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaajfocmnnhjaajccaelhippajhaeod] - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [bdkdmpigoicnmdhmhiafmpcfnfgpfnol] - C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [egnimkioipookhfihpljiedpgjffibpa] - C:\Program Files (x86)\MyBrowserCash\MBC_chrome.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\JIRKAA~1\AppData\Local\Temp\crxE74B.tmp [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [pfekkhdmhmddhjhfmkmfhojbjlihbopc] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ch\VideoPlayerV3beta63.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [pjbnadgnhhkoohnkddbceoldfibijgpk] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-10-09]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-11] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-06] (APN LLC.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3849720 2012-09-02] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-09] ()
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-07-17] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-11] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-05-31] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-07-17] ()
S3 M1000Srv; C:\Windows\System32\Drivers\M1000KNT.sys [506496 2012-03-05] ()
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-05-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-23] ()
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 TS_AR5416; C:\Windows\System32\DRIVERS\ts_athwx.sys [2156872 2011-09-05] (TamoSoft)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 ALSysIO; \??\C:\Users\JIRKAA~1\AppData\Local\Temp\ALSysIO64.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 dump_wmimmc; \??\D:\Jirka\GamesCampus\DriftCity\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
U3 tmlwf;
U3 tmwfp;
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-31 12:28 - 2014-01-31 12:28 - 00031323 _____ C:\Users\Jirka a Aneta\Desktop\FRST.txt
2014-01-31 12:28 - 2014-01-31 12:28 - 00029696 _____ C:\Users\Jirka a Aneta\AppData\Local\MSGBOX.EXE
2014-01-31 12:28 - 2014-01-31 12:28 - 00015327 _____ C:\Users\Jirka a Aneta\Desktop\LM.bat
2014-01-31 12:27 - 2014-01-31 12:27 - 00052510 _____ C:\Users\Jirka a Aneta\Desktop\FRST3.txt
2014-01-31 12:18 - 2014-01-31 12:18 - 00051795 _____ C:\Users\Jirka a Aneta\Desktop\Stargate-Universe-S01E13(0000153920).srt
2014-01-31 11:50 - 2014-01-31 11:50 - 04009167 _____ C:\Users\Jirka a Aneta\Desktop\ServicesRepair.exe
2014-01-31 11:50 - 2014-01-31 11:50 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2014-01-31 11:43 - 2014-01-31 11:43 - 00002614 _____ C:\Users\Jirka a Aneta\Desktop\FSS.txt
2014-01-31 11:30 - 2014-01-31 11:35 - 00000000 ____D C:\AdwCleaner
2014-01-31 11:28 - 2014-01-31 11:28 - 00361185 _____ (Farbar) C:\Users\Jirka a Aneta\Desktop\FSS.exe
2014-01-31 11:26 - 2014-01-31 11:26 - 01166132 _____ C:\Users\Jirka a Aneta\Desktop\adwcleaner.exe
2014-01-31 11:05 - 2014-01-31 11:05 - 00038118 _____ C:\Users\Jirka a Aneta\Desktop\Stargate-Universe-S01E12(0000153390).srt
2014-01-31 11:02 - 2014-01-31 11:02 - 00008667 _____ C:\ComboFix.rar
2014-01-31 10:55 - 2014-01-31 10:55 - 00104485 _____ C:\ComboFix.txt
2014-01-31 10:25 - 2014-01-31 10:25 - 05177551 ____R (Swearware) C:\Users\Jirka a Aneta\Desktop\ComboFix.exe
2014-01-31 10:22 - 2014-01-31 10:24 - 00005670 _____ C:\Users\Jirka a Aneta\Desktop\Rkill.txt
2014-01-31 10:22 - 2014-01-31 10:22 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Jirka a Aneta\Desktop\rkill64.com
2014-01-31 10:21 - 2014-01-31 10:22 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jirka a Aneta\Desktop\rkill.com
2014-01-31 09:36 - 2014-01-31 09:36 - 00016563 _____ C:\Users\Jirka a Aneta\Desktop\[CzT]Vdana_snoubenka_Accidental_Husband_2008_.torrent
2014-01-31 09:24 - 2014-01-31 12:28 - 00000000 ____D C:\FRST
2014-01-31 09:20 - 2014-01-31 09:20 - 00030014 _____ C:\Users\Jirka a Aneta\Desktop\Stargate-Universe-S01E11(0000152882).srt
2014-01-31 09:19 - 2014-01-31 09:19 - 00112640 _____ (forum.viry.cz) C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe
2014-01-31 09:17 - 2014-01-31 09:18 - 02079744 _____ (Farbar) C:\Users\Jirka a Aneta\Desktop\FRST64.exe
2014-01-30 23:48 - 2014-01-30 23:48 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-30 23:48 - 2014-01-30 23:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 23:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-30 23:43 - 2014-01-30 23:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jirka a Aneta\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-30 15:33 - 2014-01-30 15:33 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-01-30 15:18 - 2014-01-30 15:34 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-30 14:51 - 2014-01-30 14:51 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Malwarebytes
2014-01-30 14:50 - 2014-01-30 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-30 14:39 - 2014-01-30 14:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 23:48 - 2014-01-31 10:45 - 00000270 __RSH C:\ProgramData\ntuser.pol
2014-01-29 23:48 - 2014-01-29 23:48 - 00000000 ____D C:\Program Files (x86)\MediaPlayerV1
2014-01-26 09:35 - 2014-01-26 19:01 - 00000000 ____D C:\Users\Jirka a Aneta\Documents\ArcaniA - Gothic 4
2014-01-26 09:35 - 2014-01-26 09:35 - 00000000 __SHD C:\ProgramData\SecuROM
2014-01-24 21:59 - 2014-01-24 21:59 - 00000221 _____ C:\Users\Jirka a Aneta\Desktop\ArcaniA Gothic 4.url
2014-01-23 21:45 - 2014-01-23 21:45 - 00001135 _____ C:\Users\Jirka a Aneta\Desktop\Nový textový dokument.TXT
2014-01-19 16:16 - 2014-01-31 11:58 - 00010905 _____ C:\Windows\WindowsUpdate.log
2014-01-18 18:08 - 2014-01-18 18:08 - 00000221 _____ C:\Users\Jirka a Aneta\Desktop\Arma 2.url
2014-01-14 18:01 - 2014-01-14 18:01 - 00001016 _____ C:\Users\Public\Desktop\Mumble.lnk
2014-01-13 18:46 - 2014-01-13 18:46 - 00001238 _____ C:\Users\Jirka a Aneta\Desktop\TeamSpeak 3 Client.lnk
2014-01-13 18:46 - 2014-01-13 18:46 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-01-13 18:46 - 2014-01-13 18:46 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\TeamSpeak 3 Client
2014-01-13 16:48 - 2014-01-13 17:22 - 590753870 _____ C:\Users\Jirka a Aneta\Desktop\Quiet-Rage---The-Stanford-Prison-Experiment.mov
2014-01-11 14:50 - 2014-01-11 14:50 - 00000000 ____D C:\Users\Jirka a Aneta\Desktop\AS51
2014-01-10 20:36 - 2014-01-10 20:36 - 00002996 _____ C:\Windows\System32\Tasks\{6F1413CC-D5A1-40D3-93F3-D4B4CADEB814}
2014-01-10 20:35 - 2014-01-10 20:35 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\com.immersyve.Paladin.live
2014-01-10 08:28 - 2014-01-10 08:28 - 00001082 _____ C:\Users\Jirka a Aneta\Desktop\Wow – zástupce.lnk
2014-01-08 19:30 - 2014-01-31 10:45 - 00011398 _____ C:\Windows\PFRO.log
2014-01-05 14:18 - 2014-01-05 14:18 - 00000770 _____ C:\Users\Public\Desktop\Game Dev Tycoon.lnk
2014-01-01 14:40 - 2014-01-01 14:40 - 00000000 ____D C:\Users\Jirka a Aneta\Documents\SavedGames
==================== One Month Modified Files and Folders =======
2014-01-31 12:28 - 2014-01-31 12:28 - 00031323 _____ C:\Users\Jirka a Aneta\Desktop\FRST.txt
2014-01-31 12:28 - 2014-01-31 12:28 - 00029696 _____ C:\Users\Jirka a Aneta\AppData\Local\MSGBOX.EXE
2014-01-31 12:28 - 2014-01-31 12:28 - 00015327 _____ C:\Users\Jirka a Aneta\Desktop\LM.bat
2014-01-31 12:28 - 2014-01-31 09:24 - 00000000 ____D C:\FRST
2014-01-31 12:28 - 2012-08-23 21:20 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\uTorrent
2014-01-31 12:27 - 2014-01-31 12:27 - 00052510 _____ C:\Users\Jirka a Aneta\Desktop\FRST3.txt
2014-01-31 12:18 - 2014-01-31 12:18 - 00051795 _____ C:\Users\Jirka a Aneta\Desktop\Stargate-Universe-S01E13(0000153920).srt
2014-01-31 12:08 - 2009-08-03 21:00 - 00672386 _____ C:\Windows\system32\perfh005.dat
2014-01-31 12:08 - 2009-08-03 21:00 - 00142950 _____ C:\Windows\system32\perfc005.dat
2014-01-31 12:08 - 2009-07-14 06:13 - 01593024 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-31 12:02 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 12:02 - 2009-07-14 05:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 11:58 - 2014-01-19 16:16 - 00010905 _____ C:\Windows\WindowsUpdate.log
2014-01-31 11:57 - 2013-05-17 11:26 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz
2014-01-31 11:53 - 2010-02-02 17:52 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Skype
2014-01-31 11:52 - 2013-12-14 14:35 - 00004682 _____ C:\Windows\setupact.log
2014-01-31 11:52 - 2011-03-15 19:04 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 11:52 - 2009-12-26 21:30 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-31 11:52 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-31 11:50 - 2014-01-31 11:50 - 04009167 _____ C:\Users\Jirka a Aneta\Desktop\ServicesRepair.exe
2014-01-31 11:50 - 2014-01-31 11:50 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2014-01-31 11:46 - 2011-03-15 19:04 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 11:43 - 2014-01-31 11:43 - 00002614 _____ C:\Users\Jirka a Aneta\Desktop\FSS.txt
2014-01-31 11:36 - 2013-10-07 19:15 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2014-01-31 11:35 - 2014-01-31 11:30 - 00000000 ____D C:\AdwCleaner
2014-01-31 11:33 - 2013-02-23 09:52 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 11:28 - 2014-01-31 11:28 - 00361185 _____ (Farbar) C:\Users\Jirka a Aneta\Desktop\FSS.exe
2014-01-31 11:26 - 2014-01-31 11:26 - 01166132 _____ C:\Users\Jirka a Aneta\Desktop\adwcleaner.exe
2014-01-31 11:05 - 2014-01-31 11:05 - 00038118 _____ C:\Users\Jirka a Aneta\Desktop\Stargate-Universe-S01E12(0000153390).srt
2014-01-31 11:02 - 2014-01-31 11:02 - 00008667 _____ C:\ComboFix.rar
2014-01-31 10:55 - 2014-01-31 10:55 - 00104485 _____ C:\ComboFix.txt
2014-01-31 10:55 - 2011-12-23 10:10 - 00000000 ____D C:\Qoobox
2014-01-31 10:47 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-31 10:45 - 2014-01-29 23:48 - 00000270 __RSH C:\ProgramData\ntuser.pol
2014-01-31 10:45 - 2014-01-08 19:30 - 00011398 _____ C:\Windows\PFRO.log
2014-01-31 10:27 - 2009-07-14 06:08 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-31 10:25 - 2014-01-31 10:25 - 05177551 ____R (Swearware) C:\Users\Jirka a Aneta\Desktop\ComboFix.exe
2014-01-31 10:24 - 2014-01-31 10:22 - 00005670 _____ C:\Users\Jirka a Aneta\Desktop\Rkill.txt
2014-01-31 10:22 - 2014-01-31 10:22 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Jirka a Aneta\Desktop\rkill64.com
2014-01-31 10:22 - 2014-01-31 10:21 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jirka a Aneta\Desktop\rkill.com
2014-01-31 09:36 - 2014-01-31 09:36 - 00016563 _____ C:\Users\Jirka a Aneta\Desktop\[CzT]Vdana_snoubenka_Accidental_Husband_2008_.torrent
2014-01-31 09:20 - 2014-01-31 09:20 - 00030014 _____ C:\Users\Jirka a Aneta\Desktop\Stargate-Universe-S01E11(0000152882).srt
2014-01-31 09:19 - 2014-01-31 09:19 - 00112640 _____ (forum.viry.cz) C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe
2014-01-31 09:18 - 2014-01-31 09:17 - 02079744 _____ (Farbar) C:\Users\Jirka a Aneta\Desktop\FRST64.exe
2014-01-30 23:48 - 2014-01-30 23:48 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-30 23:48 - 2014-01-30 23:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 23:43 - 2014-01-30 23:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jirka a Aneta\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-30 18:53 - 2012-02-10 08:29 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-30 15:34 - 2014-01-30 15:18 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-30 15:33 - 2014-01-30 15:33 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-01-30 15:08 - 2013-10-07 18:14 - 00000000 __SHD C:\Users\Jirka a Aneta\fxiuy
2014-01-30 14:51 - 2014-01-30 14:51 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Malwarebytes
2014-01-30 14:50 - 2014-01-30 14:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-30 14:39 - 2014-01-30 14:39 - 00000000 ____D C:\Windows\ERUNT
2014-01-30 14:29 - 2010-01-23 14:31 - 00000000 ____D C:\ProgramData\ICQ
2014-01-29 23:48 - 2014-01-29 23:48 - 00000000 ____D C:\Program Files (x86)\MediaPlayerV1
2014-01-29 23:48 - 2010-01-21 18:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-29 23:48 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-29 23:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2014-01-29 15:20 - 2012-10-05 12:22 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\PMB Files
2014-01-28 23:31 - 2013-04-03 18:27 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\CrashDumps
2014-01-28 13:25 - 2013-08-29 11:13 - 00000000 ____D C:\Users\Jirka a Aneta\Desktop\Přidat
2014-01-26 19:01 - 2014-01-26 09:35 - 00000000 ____D C:\Users\Jirka a Aneta\Documents\ArcaniA - Gothic 4
2014-01-26 09:35 - 2014-01-26 09:35 - 00000000 __SHD C:\ProgramData\SecuROM
2014-01-26 09:34 - 2013-12-21 17:40 - 00052881 _____ C:\Windows\DirectX.log
2014-01-24 21:59 - 2014-01-24 21:59 - 00000221 _____ C:\Users\Jirka a Aneta\Desktop\ArcaniA Gothic 4.url
2014-01-23 21:45 - 2014-01-23 21:45 - 00001135 _____ C:\Users\Jirka a Aneta\Desktop\Nový textový dokument.TXT
2014-01-22 19:49 - 2012-01-16 16:38 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\TS3Client
2014-01-18 18:08 - 2014-01-18 18:08 - 00000221 _____ C:\Users\Jirka a Aneta\Desktop\Arma 2.url
2014-01-16 18:49 - 2010-02-02 12:26 - 00000600 _____ C:\Users\Jirka a Aneta\AppData\Roaming\winscp.rnd
2014-01-15 18:39 - 2011-05-26 17:20 - 06942208 ___SH C:\Users\Jirka a Aneta\Desktop\Thumbs.db
2014-01-14 18:01 - 2014-01-14 18:01 - 00001016 _____ C:\Users\Public\Desktop\Mumble.lnk
2014-01-14 18:01 - 2012-01-12 17:40 - 00000000 ____D C:\Program Files (x86)\Mumble
2014-01-13 18:46 - 2014-01-13 18:46 - 00001238 _____ C:\Users\Jirka a Aneta\Desktop\TeamSpeak 3 Client.lnk
2014-01-13 18:46 - 2014-01-13 18:46 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-01-13 18:46 - 2014-01-13 18:46 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\TeamSpeak 3 Client
2014-01-13 17:22 - 2014-01-13 16:48 - 590753870 _____ C:\Users\Jirka a Aneta\Desktop\Quiet-Rage---The-Stanford-Prison-Experiment.mov
2014-01-11 14:50 - 2014-01-11 14:50 - 00000000 ____D C:\Users\Jirka a Aneta\Desktop\AS51
2014-01-10 20:36 - 2014-01-10 20:36 - 00002996 _____ C:\Windows\System32\Tasks\{6F1413CC-D5A1-40D3-93F3-D4B4CADEB814}
2014-01-10 20:35 - 2014-01-10 20:35 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Roaming\com.immersyve.Paladin.live
2014-01-10 20:11 - 2012-11-21 15:24 - 00000000 __SHD C:\Users\Jirka a Aneta\Userdata
2014-01-10 08:28 - 2014-01-10 08:28 - 00001082 _____ C:\Users\Jirka a Aneta\Desktop\Wow – zástupce.lnk
2014-01-09 21:18 - 2013-05-17 11:42 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\Game Dev Tycoon
2014-01-09 17:21 - 2013-07-23 16:58 - 00000000 ____D C:\Users\Jirka a Aneta\Desktop\Anet
2014-01-09 17:19 - 2011-01-11 14:31 - 00000000 ___RD C:\Users\Jirka a Aneta\Desktop\Jjohny
2014-01-06 14:11 - 2013-11-08 14:44 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\VNT
2014-01-06 14:10 - 2013-11-08 14:44 - 00000000 ____D C:\Program Files (x86)\VNT
2014-01-05 14:18 - 2014-01-05 14:18 - 00000770 _____ C:\Users\Public\Desktop\Game Dev Tycoon.lnk
2014-01-01 20:47 - 2012-08-26 08:39 - 00000000 ____D C:\Users\Jirka a Aneta\AppData\Local\FalloutNV
2014-01-01 14:40 - 2014-01-01 14:40 - 00000000 ____D C:\Users\Jirka a Aneta\Documents\SavedGames
Some content of TEMP:
====================
C:\Users\Jirka a Aneta\AppData\Local\Temp\avgnt.exe
C:\Users\Jirka a Aneta\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 09:33
==================== End Of Log ============================
- Přílohy
-
- Addition.rar
- (10.84 KiB) Staženo 66 x
Re: Kontrola logu - BetterSurf
Udelam si kafe a mrknu na to, jelikoz je tam cela zoo i babkou pokladni 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu - BetterSurf
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-01-06] (APN LLC.) HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-02] (BitTorrent Inc.) HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] () HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] () HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd) HKU\Aňula\...\Run: [MyWebSearch Email Plugin] - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe HKU\Aňula\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd) HKU\Aňula\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKU\Aňula\...\Run: [Vagex] - C:\Users\Aňula\Desktop\Vagex\Vagex.exe HKU\Aňula\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe HKU\Aňula\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation) HKU\Aňula\...\Run: [] - [x] HKU\Aňula\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia) HKU\Aňula\...\Run: [AdobeBridge] - [x] HKU\Aňula\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Aňula\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] () HKU\Aňula\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Aňula\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] () HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKU\Guest\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd) HKU\Guest\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKU\Guest\...\Run: [Vagex] - C:\Users\Guest\Desktop\Vagex\Vagex.exe HKU\Guest\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe HKU\Guest\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-02] (BitTorrent Inc.) HKU\Guest\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation) HKU\Guest\...\Run: [] - [x] HKU\Guest\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia) HKU\Guest\...\Run: [LSVP] - C:\Program Files (x86)\LS\Vypnutí PC\vp.exe [155648 2005-05-18] (Ladislav SKOKAN, +420602507810, ladislav.skokan@seznam.cz) HKU\Guest\...\Run: [AdobeBridge] - [x] HKU\Guest\...\RunOnce: [LSVP] - C:\Program Files (x86)\LS\Vypnutí PC\vp.exe [155648 2005-05-18] (Ladislav SKOKAN, +420602507810, ladislav.skokan@seznam.cz) HKU\Tata\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd) HKU\Tata\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKU\Tata\...\Run: [Vagex] - C:\Users\Tata\Desktop\Vagex\Vagex.exe HKU\Tata\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe HKU\Tata\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation) HKU\Tata\...\Run: [] - [x] HKU\Tata\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia) HKU\Tata\...\Run: [AdobeBridge] - [x] HKU\Tata\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Tata\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] () HKU\Tata\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Tata\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] () HKU\UpdatusUser\...\Run: [] - [x] HKU\UpdatusUser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) Startup: C:\Users\Tata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.alawarhry.cz URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF SearchEngineOrder.1: Ask.com FF Homepage: hxxp://www.jobego.com/search/ FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Jirka a Aneta\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\searchplugins\jobegocom.xml FF Extension: Vagex Firefox Add-On - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\ffaddon@vagex.com [2013-03-29] FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\plugin@videofiledownload.com [2012-07-06] FF Extension: The Saloon Bar - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\saloonbar@ligny.org.uk [2011-02-18] FF Extension: Seznam lištička - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-05-17] FF Extension: Illimitux - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\illimitux@illimitux.net.xpi [2011-07-31] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-11] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-27] FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha510.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta63.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ff FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha142.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff [2014-01-29] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird CHR HKCU\...\Chrome\Extension: [bdkdmpigoicnmdhmhiafmpcfnfgpfnol] - C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx [2011-12-19] CHR HKLM-x32\...\Chrome\Extension: [aaaajfocmnnhjaajccaelhippajhaeod] - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx [2014-01-06] CHR HKLM-x32\...\Chrome\Extension: [bdkdmpigoicnmdhmhiafmpcfnfgpfnol] - C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx [2014-01-06] CHR HKLM-x32\...\Chrome\Extension: [egnimkioipookhfihpljiedpgjffibpa] - C:\Program Files (x86)\MyBrowserCash\MBC_chrome.crx [2014-01-06] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\JIRKAA~1\AppData\Local\Temp\crxE74B.tmp [2013-10-09] CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-10-09] CHR HKLM-x32\...\Chrome\Extension: [pfekkhdmhmddhjhfmkmfhojbjlihbopc] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ch\VideoPlayerV3beta63.crx [2013-10-09] CHR HKLM-x32\...\Chrome\Extension: [pjbnadgnhhkoohnkddbceoldfibijgpk] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx [2013-10-09] CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-10-09] R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-06] (APN LLC.) U3 tmlwf; U3 tmwfp; S3 usbbus; system32\DRIVERS\lgx64bus.sys [x] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x] S3 USBModem; system32\DRIVERS\lgx64modem.sys [x] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x] 2014-01-31 12:28 - 2014-01-31 12:28 - 00031323 _____ C:\Users\Jirka a Aneta\Desktop\FRST.txt 2014-01-31 12:28 - 2014-01-31 12:28 - 00029696 _____ C:\Users\Jirka a Aneta\AppData\Local\MSGBOX.EXE 2014-01-31 12:28 - 2014-01-31 12:28 - 00015327 _____ C:\Users\Jirka a Aneta\Desktop\LM.bat 2014-01-31 12:27 - 2014-01-31 12:27 - 00052510 _____ C:\Users\Jirka a Aneta\Desktop\FRST3.txt 2014-01-31 11:50 - 2014-01-31 11:50 - 04009167 _____ C:\Users\Jirka a Aneta\Desktop\ServicesRepair.exe 2014-01-31 11:50 - 2014-01-31 11:50 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2014-01-31 11:43 - 2014-01-31 11:43 - 00002614 _____ C:\Users\Jirka a Aneta\Desktop\FSS.txt 2014-01-31 11:28 - 2014-01-31 11:28 - 00361185 _____ (Farbar) C:\Users\Jirka a Aneta\Desktop\FSS.exe 2014-01-31 11:26 - 2014-01-31 11:26 - 01166132 _____ C:\Users\Jirka a Aneta\Desktop\adwcleaner.exe 2014-01-31 11:02 - 2014-01-31 11:02 - 00008667 _____ C:\ComboFix.rar 2014-01-31 10:55 - 2014-01-31 10:55 - 00104485 _____ C:\ComboFix.txt 2014-01-31 10:22 - 2014-01-31 10:24 - 00005670 _____ C:\Users\Jirka a Aneta\Desktop\Rkill.txt 2014-01-31 10:22 - 2014-01-31 10:22 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Jirka a Aneta\Desktop\rkill64.com 2014-01-31 10:21 - 2014-01-31 10:22 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jirka a Aneta\Desktop\rkill.com 2014-01-31 09:19 - 2014-01-31 09:19 - 00112640 _____ (forum.viry.cz) C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe 2014-01-30 23:43 - 2014-01-30 23:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jirka a Aneta\Desktop\mbam-setup-1.75.0.1300.exe 2014-01-30 15:33 - 2014-01-30 15:33 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe 2014-01-30 15:18 - 2014-01-30 15:34 - 00000000 ____D C:\ProgramData\HitmanPro 2014-01-29 23:48 - 2014-01-29 23:48 - 00000000 ____D C:\Program Files (x86)\MediaPlayerV1 C:\Users\Jirka a Aneta\AppData\Local\Temp\avgnt.exe C:\Users\Jirka a Aneta\AppData\Local\Temp\Quarantine.exe C:\ProgramData\AskPartnerNetwork C:\Program Files (x86)\BetterSurf C:\Program Files (x86)\WebexpEnhancedV1 C:\Program Files (x86)\MediaPlayerV1 C:\Program Files (x86)\AskPartnerNetwork Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4 AlternateDataStreams: C:\ProgramData\Temp:15024E60 AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 AlternateDataStreams: C:\ProgramData\Temp:596E2371 AlternateDataStreams: C:\ProgramData\Temp:68C295D4 AlternateDataStreams: C:\ProgramData\Temp:734E442A AlternateDataStreams: C:\ProgramData\Temp:75D366A3 AlternateDataStreams: C:\ProgramData\Temp:A724744F AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 AlternateDataStreams: C:\ProgramData\Temp:AB689DEA AlternateDataStreams: C:\ProgramData\Temp:B88E99C8 AlternateDataStreams: C:\ProgramData\Temp:BB24555F AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Soluto" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ JCC - AutoClickerBot.lnk" /f CMD: shutdown /r /f /t 2 End- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Kontrola logu - BetterSurf
Fixlog se objevil, NTB se nerestartoval. Resetnu manuálně.
- Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01
Ran by Jirka a Aneta at 2014-01-31 13:00:17 Run:1
Running from C:\Users\Jirka a Aneta\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [195536 2014-01-06] (APN LLC.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-02] (BitTorrent Inc.)
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Jirka a Aneta\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Aňula\...\Run: [MyWebSearch Email Plugin] - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKU\Aňula\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Aňula\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Aňula\...\Run: [Vagex] - C:\Users\Aňula\Desktop\Vagex\Vagex.exe
HKU\Aňula\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\Aňula\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\Aňula\...\Run: [] - [x]
HKU\Aňula\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKU\Aňula\...\Run: [AdobeBridge] - [x]
HKU\Aňula\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Aňula\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Aňula\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Aňula\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKU\Guest\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Guest\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Guest\...\Run: [Vagex] - C:\Users\Guest\Desktop\Vagex\Vagex.exe
HKU\Guest\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\Guest\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [802136 2013-05-02] (BitTorrent Inc.)
HKU\Guest\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\Guest\...\Run: [] - [x]
HKU\Guest\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKU\Guest\...\Run: [LSVP] - C:\Program Files (x86)\LS\Vypnutí PC\vp.exe [155648 2005-05-18] (Ladislav SKOKAN, +420602507810, ladislav.skokan@seznam.cz)
HKU\Guest\...\Run: [AdobeBridge] - [x]
HKU\Guest\...\RunOnce: [LSVP] - C:\Program Files (x86)\LS\Vypnutí PC\vp.exe [155648 2005-05-18] (Ladislav SKOKAN, +420602507810, ladislav.skokan@seznam.cz)
HKU\Tata\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Tata\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKU\Tata\...\Run: [Vagex] - C:\Users\Tata\Desktop\Vagex\Vagex.exe
HKU\Tata\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\Tata\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\Tata\...\Run: [] - [x]
HKU\Tata\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1088424 2012-10-13] (Nokia)
HKU\Tata\...\Run: [AdobeBridge] - [x]
HKU\Tata\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Tata\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\Tata\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Tata\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\UpdatusUser\...\Run: [] - [x]
HKU\UpdatusUser\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
Startup: C:\Users\Tata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.alawarhry.cz
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.jobego.com/search/
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Jirka a Aneta\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\searchplugins\jobegocom.xml
FF Extension: Vagex Firefox Add-On - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\ffaddon@vagex.com [2013-03-29]
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\plugin@videofiledownload.com [2012-07-06]
FF Extension: The Saloon Bar - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\saloonbar@ligny.org.uk [2011-02-18]
FF Extension: Seznam lištička - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-05-17]
FF Extension: Illimitux - C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\illimitux@illimitux.net.xpi [2011-07-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-27]
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha510.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta63.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha142.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff
FF Extension: Media Player - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff [2014-01-29]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
CHR HKCU\...\Chrome\Extension: [bdkdmpigoicnmdhmhiafmpcfnfgpfnol] - C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx [2011-12-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaajfocmnnhjaajccaelhippajhaeod] - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [bdkdmpigoicnmdhmhiafmpcfnfgpfnol] - C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [egnimkioipookhfihpljiedpgjffibpa] - C:\Program Files (x86)\MyBrowserCash\MBC_chrome.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\JIRKAA~1\AppData\Local\Temp\crxE74B.tmp [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [pfekkhdmhmddhjhfmkmfhojbjlihbopc] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ch\VideoPlayerV3beta63.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [pjbnadgnhhkoohnkddbceoldfibijgpk] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-10-09]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-06] (APN LLC.)
U3 tmlwf;
U3 tmwfp;
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
2014-01-31 12:28 - 2014-01-31 12:28 - 00031323 _____ C:\Users\Jirka a Aneta\Desktop\FRST.txt
2014-01-31 12:28 - 2014-01-31 12:28 - 00029696 _____ C:\Users\Jirka a Aneta\AppData\Local\MSGBOX.EXE
2014-01-31 12:28 - 2014-01-31 12:28 - 00015327 _____ C:\Users\Jirka a Aneta\Desktop\LM.bat
2014-01-31 12:27 - 2014-01-31 12:27 - 00052510 _____ C:\Users\Jirka a Aneta\Desktop\FRST3.txt
2014-01-31 11:50 - 2014-01-31 11:50 - 04009167 _____ C:\Users\Jirka a Aneta\Desktop\ServicesRepair.exe
2014-01-31 11:50 - 2014-01-31 11:50 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2014-01-31 11:43 - 2014-01-31 11:43 - 00002614 _____ C:\Users\Jirka a Aneta\Desktop\FSS.txt
2014-01-31 11:28 - 2014-01-31 11:28 - 00361185 _____ (Farbar) C:\Users\Jirka a Aneta\Desktop\FSS.exe
2014-01-31 11:26 - 2014-01-31 11:26 - 01166132 _____ C:\Users\Jirka a Aneta\Desktop\adwcleaner.exe
2014-01-31 11:02 - 2014-01-31 11:02 - 00008667 _____ C:\ComboFix.rar
2014-01-31 10:55 - 2014-01-31 10:55 - 00104485 _____ C:\ComboFix.txt
2014-01-31 10:22 - 2014-01-31 10:24 - 00005670 _____ C:\Users\Jirka a Aneta\Desktop\Rkill.txt
2014-01-31 10:22 - 2014-01-31 10:22 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Jirka a Aneta\Desktop\rkill64.com
2014-01-31 10:21 - 2014-01-31 10:22 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jirka a Aneta\Desktop\rkill.com
2014-01-31 09:19 - 2014-01-31 09:19 - 00112640 _____ (forum.viry.cz) C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe
2014-01-30 23:43 - 2014-01-30 23:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jirka a Aneta\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-30 15:33 - 2014-01-30 15:33 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe
2014-01-30 15:18 - 2014-01-30 15:34 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-29 23:48 - 2014-01-29 23:48 - 00000000 ____D C:\Program Files (x86)\MediaPlayerV1
C:\Users\Jirka a Aneta\AppData\Local\Temp\avgnt.exe
C:\Users\Jirka a Aneta\AppData\Local\Temp\Quarantine.exe
C:\ProgramData\AskPartnerNetwork
C:\Program Files (x86)\BetterSurf
C:\Program Files (x86)\WebexpEnhancedV1
C:\Program Files (x86)\MediaPlayerV1
C:\Program Files (x86)\AskPartnerNetwork
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:15024E60
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:596E2371
AlternateDataStreams: C:\ProgramData\Temp:68C295D4
AlternateDataStreams: C:\ProgramData\Temp:734E442A
AlternateDataStreams: C:\ProgramData\Temp:75D366A3
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:B88E99C8
AlternateDataStreams: C:\ProgramData\Temp:BB24555F
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Soluto" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ JCC - AutoClickerBot.lnk" /f
CMD: shutdown /r /f /t 2
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\avgnt => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VNT => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\Aňula\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin => Value deleted successfully.
HKU\Aňula\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\Aňula\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKU\Aňula\Software\Microsoft\Windows\CurrentVersion\Run\\Vagex => Value deleted successfully.
HKU\Aňula\Software\Microsoft\Windows\CurrentVersion\Run\\KPeerNexonEU => Value deleted successfully.
HKU\Aňula\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.
HKU\Aňula\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\Aňula\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaSuite.exe => Value deleted successfully.
HKU\Aňula\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKU\Aňula\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKU\Aňula\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\Vagex => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\KPeerNexonEU => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaSuite.exe => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\LSVP => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\RunOnce\\LSVP => Value deleted successfully.
HKU\Tata\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\Tata\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKU\Tata\Software\Microsoft\Windows\CurrentVersion\Run\\Vagex => Value deleted successfully.
HKU\Tata\Software\Microsoft\Windows\CurrentVersion\Run\\KPeerNexonEU => Value deleted successfully.
HKU\Tata\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.
HKU\Tata\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\Tata\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaSuite.exe => Value deleted successfully.
HKU\Tata\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKU\Tata\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKU\Tata\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
C:\Users\Tata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox homepage deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin => Key deleted successfully.
C:\Windows\system32\npOGPPlugin.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0 => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll not found.
HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3 => Key deleted successfully.
C:\Users\Jirka a Aneta\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll => Moved successfully.
HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\searchplugins\jobegocom.xml => Moved successfully.
C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\ffaddon@vagex.com => Moved successfully.
C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\plugin@videofiledownload.com => Moved successfully.
C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\saloonbar@ligny.org.uk => Moved successfully.
C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => Moved successfully.
C:\Users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\Extensions\illimitux@illimitux.net.xpi => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\xz123@ya456.com => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\12x3q@3244516.com => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@bettersurfplus.com => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha510.net => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta63.net => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@MediaPlayerV1alpha142.net => Value deleted successfully.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value deleted successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\bdkdmpigoicnmdhmhiafmpcfnfgpfnol => Key deleted successfully.
"C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaajfocmnnhjaajccaelhippajhaeod => Key deleted successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bdkdmpigoicnmdhmhiafmpcfnfgpfnol => Key deleted successfully.
"C:\Users\Jirka a Aneta\AppData\Local\CRE\bdkdmpigoicnmdhmhiafmpcfnfgpfnol.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\egnimkioipookhfihpljiedpgjffibpa => Key deleted successfully.
"C:\Program Files (x86)\MyBrowserCash\MBC_chrome.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid => Key deleted successfully.
"C:\Users\JIRKAA~1\AppData\Local\Temp\crxE74B.tmp" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl => Key deleted successfully.
"C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfekkhdmhmddhjhfmkmfhojbjlihbopc => Key deleted successfully.
"C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ch\VideoPlayerV3beta63.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pjbnadgnhhkoohnkddbceoldfibijgpk => Key deleted successfully.
"C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ch\WebexpEnhancedV1alpha510.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco => Key deleted successfully.
"C:\Program Files (x86)\Better-Surf\ch\Chrome.crx" => File/Directory not found.
APNMCP => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
usbbus => Service deleted successfully.
UsbDiag => Service deleted successfully.
USBModem => Service deleted successfully.
X6va012 => Service deleted successfully.
"C:\Users\Jirka a Aneta\Desktop\FRST.txt" => File/Directory not found.
C:\Users\Jirka a Aneta\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\Users\Jirka a Aneta\Desktop\LM.bat => Moved successfully.
"C:\Users\Jirka a Aneta\Desktop\FRST3.txt" => File/Directory not found.
C:\Users\Jirka a Aneta\Desktop\ServicesRepair.exe => Moved successfully.
C:\Users\Public\Desktop\CC Support => Moved successfully.
C:\Users\Jirka a Aneta\Desktop\FSS.txt => Moved successfully.
C:\Users\Jirka a Aneta\Desktop\FSS.exe => Moved successfully.
C:\Users\Jirka a Aneta\Desktop\adwcleaner.exe => Moved successfully.
C:\ComboFix.rar => Moved successfully.
C:\ComboFix.txt => Moved successfully.
C:\Users\Jirka a Aneta\Desktop\Rkill.txt => Moved successfully.
C:\Users\Jirka a Aneta\Desktop\rkill64.com => Moved successfully.
C:\Users\Jirka a Aneta\Desktop\rkill.com => Moved successfully.
C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe => Moved successfully.
C:\Users\Jirka a Aneta\Desktop\mbam-setup-1.75.0.1300.exe => Moved successfully.
C:\Windows\system32\bootdelete.exe => Moved successfully.
"C:\Users\Jirka a Aneta\Desktop\FRSTLauncher (2).exe" => File/Directory not found.
C:\ProgramData\HitmanPro => Moved successfully.
C:\Program Files (x86)\MediaPlayerV1 => Moved successfully.
C:\Users\Jirka a Aneta\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Jirka a Aneta\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\ProgramData\AskPartnerNetwork => Moved successfully.
"C:\Program Files (x86)\BetterSurf" => File/Directory not found.
"C:\Program Files (x86)\WebexpEnhancedV1" => File/Directory not found.
"C:\Program Files (x86)\MediaPlayerV1" => File/Directory not found.
C:\Program Files (x86)\AskPartnerNetwork => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32 => ":{4B9A1497-0817-47C4-9612-D6A1C53ACF57}" ADS removed successfully.
C:\ProgramData\Temp => ":07F6D9E4" ADS removed successfully.
C:\ProgramData\Temp => ":15024E60" ADS removed successfully.
C:\ProgramData\Temp => ":4CF61E54" ADS removed successfully.
C:\ProgramData\Temp => ":596E2371" ADS removed successfully.
C:\ProgramData\Temp => ":68C295D4" ADS removed successfully.
C:\ProgramData\Temp => ":734E442A" ADS removed successfully.
C:\ProgramData\Temp => ":75D366A3" ADS removed successfully.
C:\ProgramData\Temp => ":A724744F" ADS removed successfully.
C:\ProgramData\Temp => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.
C:\ProgramData\Temp => ":B88E99C8" ADS removed successfully.
C:\ProgramData\Temp => ":BB24555F" ADS removed successfully.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Soluto" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ JCC - AutoClickerBot.lnk" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= shutdown /r /f /t 2 =========
========= End of CMD: =========
The system needs a manual reboot.
==== End of Fixlog ====
Re: Kontrola logu - BetterSurf
Vyyyborne, jdeme dale 
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Folder:: c:\program files (x86)\MediaPlayerV1 c:\program files (x86)\IObit Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 Driver:: WinRing0_1_2_0 X6va012 DDS:: Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com Firefox:: FF - ProfilePath - c:\users\Jirka a Aneta\AppData\Roaming\Mozilla\Firefox\Profiles\sz0rqy03.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.jobego.com/search/ FF - ExtSQL: 2013-12-20 18:48; ext@WebexpEnhancedV1alpha510.net; c:\program files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha510\ff FF - ExtSQL: 2014-01-10 18:48; ext@VideoPlayerV3beta63.net; c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta63\ff FF - ExtSQL: 2014-01-29 23:48; ext@MediaPlayerV1alpha142.net; c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha142\ff RegLock:: [HKEY_USERS\S-1-5-21-3908090792-2955568676-2883752157-1001_Classes\CLSID] ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?