Policejní vir

[Mili]

Dobrý večer

narazil jsem na promakanější policejní vir a veškeré návody se odráží na tom že dokážu přejít do nouzového režimu. Jenže u tutoho zmetka to nejde
Nebyl by návod nebo rada jak na to ?

Díky moc

[vyosek]

Zdravim a pekny vecer preji

Zkuste tento postup http://forum.viry.cz/viewtopic.php?f=29&t=132523

[Mili]

Děkuju za radu

to by mohlo pomoc akorát ne dnes večer budu se totiž muset přesunout někam kde chytnu internet přes kabel neb mam pouze připojení skrz Wifi
nebo pokud by to nějak by šlo i přes wifi tak za radu budu rád

[Mili]

tak nakonec jsem byl úspěšnej

vyhrabal jsem kabel RJ45 připojil jsem net přes USB a nasdílel z druhého laptopu. Dokončil jsem vše podle návodu PC naběhnul.

Co dál ?

[vyosek]

Sikula

Nyni poprosim o log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

[Mili]

Omlouvám se za zpoždění ale dřív to opravdu nešlo

FRSTLauncheru mě ale spustit nešel neplatná aplikace typu win32.
Tak jsem udělal log bez něj

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by MT (administrator) on JV-PC on 16-02-2014 22:53:46
Running from C:\Users\MT\Desktop
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Microsoft Corporation) C:\windows\system32\SLsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\windows\system32\AEADISRV.EXE
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) c:\SQL\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Absolute Software Corp.) C:\windows\system32\rpcnet.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Time Information Services Ltd.) C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Matsushita Electric Industrial Co., Ltd.) C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Nokia.) C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Nokia Corporation) C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\windows\System32\mobsync.exe
(Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe
(Microsoft Corporation) C:\windows\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-18] (Intel Corporation)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-27] (Synaptics, Inc.)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [70912 2008-04-15] (Hewlett-Packard)
HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [229376 2006-06-15] (Nokia)
HKLM\...\Run: [openvpn-gui] - C:\Program Files\OpenVPN\bin\openvpn-gui.exe [99328 2005-08-18] ()
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\Run: [PcSync] - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [1449984 2006-06-27] (Time Information Services Ltd.)
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\MountPoints2: {831ddce4-3dd9-11e0-b11d-00247e2737ef} - F:\AutoRun.exe
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\MountPoints2: {831ddd24-3dd9-11e0-b11d-00247e2737ef} - F:\AutoRun.exe
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\MountPoints2: {d937306c-24da-11de-8f32-00247e2737ef} - F:\Axesstel_Setup.exe
Startup: C:\Users\MT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={87E8 ... 2012-04-09 12:07:20&v=10.2.0.3&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTe ... ffa197654c
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... cale=en_EU
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={87E8 ... 2012-04-09 12:07:20&v=10.2.0.3&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... 093&lng=cs
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: RewardsArcadeSuite - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Quick Media Converter Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKCU - Quick Media Converter Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {57CD0DF4-DACC-439D-9173-3F6A8EC3FFE3} http://192.168.2.3/IPCamPluginMegaDM.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} https://www.mesh.com/0.9.4014.42/TSWeb.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\6sokl3wl.default
FF user.js: detected! => C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\6sokl3wl.default\user.js
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Extension: Babylon - C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\6sokl3wl.default\Extensions\ffxtlbr@babylon.com [2012-01-02]
FF Extension: Seznam lištička - C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\6sokl3wl.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2011-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-13]
FF HKLM\...\Firefox\Extensions: [crossriderapp1950@crossrider.com] - C:\Users\MT\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF Extension: RewardsArcade Suite - C:\Users\MT\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012-01-02]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-13]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe [443752 2008-10-24] (DisplayLink Corp.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\SQL\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [42727784 2011-02-05] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [16384 2006-10-01] ()
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
R2 rpcnet; C:\windows\system32\rpcnet.exe [58288 2012-05-07] (Absolute Software Corp.)
R3 ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)
S4 SQLAgent$SQLEXPRESS; c:\SQL\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe [44880 2010-06-27] (Microsoft Corporation)
S2 HitmanPro37CrusaderBoot; "F:\HitmanPro.exe" /crusader:boot [X]

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
S3 AVerAF15DMBTH; C:\windows\System32\Drivers\AVerAF15DMBTH.sys [487168 2009-01-05] (AVerMedia TECHNOLOGIES, Inc.)
R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\windows\System32\DRIVERS\ax88772.sys [48128 2008-08-20] (ASIX Electronics Corp.)
S3 Axtmvflt; C:\windows\System32\DRIVERS\Axtmvflt.sys [3456 2007-03-22] (Axesstel)
S3 Axtmvmdm; C:\windows\System32\DRIVERS\Axtmvmdm.sys [40064 2007-03-26] (Axesstel)
S3 Axtmvprt; C:\windows\System32\Drivers\Axtmvprt.sys [38784 2007-03-26] (Axesstel)
S3 DisplayLinkUsbPort; C:\windows\System32\DRIVERS\DisplayLinkUsbPort.sys [20992 2008-10-24] (http://libusb-win32.sourceforge.net)
R3 dlkmd; C:\windows\system32\drivers\dlkmd.sys [287344 2008-10-24] (DisplayLink Corp.)
R0 dlkmdldr; C:\windows\System32\drivers\dlkmdldr.sys [13424 2008-10-24] (DisplayLink Corp.)
S3 Dot4Scan; C:\windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-21] (Microsoft Corporation)
S3 eabfiltr; C:\windows\System32\DRIVERS\eabfiltr.sys [7808 2005-09-19] (Hewlett-Packard Development Company, L.P.)
S3 eabusb; C:\windows\System32\DRIVERS\eabusb.sys [5760 2005-09-19] (Hewlett-Packard Development Company, L.P.)
R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 KMWDFILTER; C:\windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-09] (Malwarebytes Corporation)
R3 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R3 RDPDISPM; C:\windows\System32\DRIVERS\rdpdispm.sys [9040 2010-06-27] (Microsoft Corporation)
R3 tap0801; C:\windows\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-16 23:32 - 2014-02-13 23:00 - 00262144 _____ () C:\windows\system32\config\sam.trk
2014-02-16 22:53 - 2014-02-16 22:55 - 00021588 _____ () C:\Users\MT\Desktop\FRST.txt
2014-02-16 22:52 - 2014-02-16 22:53 - 00000000 ____D () C:\FRST
2014-02-16 22:49 - 2014-02-16 22:49 - 01141248 _____ (Farbar) C:\Users\MT\Desktop\FRST.exe
2014-02-16 22:46 - 2014-02-16 22:46 - 00000000 _____ () C:\Users\MT\Desktop\FRSTLauncher.exe
2014-02-13 17:12 - 2014-02-13 17:17 - 00000000 ____D () C:\Program Files\Sudowin
2014-02-12 23:37 - 2014-02-12 23:37 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2014-02-12 23:37 - 2014-02-12 23:37 - 00004674 _____ () C:\windows\system32\.crusader
2014-02-12 23:37 - 2014-02-12 23:37 - 00004010 _____ () C:\windows\system32\bootdelete.lst
2014-02-12 22:01 - 2014-02-12 22:01 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-12 21:37 - 2014-02-12 23:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-09 22:11 - 2014-02-09 22:11 - 00000000 ____D () C:\Users\ADM\AppData\Roaming\Malwarebytes
2014-02-09 20:44 - 2014-02-09 20:44 - 00000000 ____D () C:\d558b9b509472b7cf92bd9e9470c
2014-02-08 19:08 - 2014-02-12 21:45 - 95027928 ____T () C:\ProgramData\aj6t7x1.fee
2014-02-08 19:08 - 2014-02-08 19:08 - 00144384 _____ () C:\ProgramData\1x7t6ja.cpp
2014-02-08 11:33 - 2014-02-08 11:33 - 00143176 _____ () C:\windows\Minidump\Mini020814-01.dmp
2014-02-08 00:11 - 2014-02-08 00:12 - 00000000 ____D () C:\121e22382a4bb0e7380b9e
2014-01-18 11:31 - 2014-01-18 11:47 - 00000000 ____D () C:\Users\MT\Desktop\pošta

==================== One Month Modified Files and Folders =======

2014-02-16 22:55 - 2014-02-16 22:53 - 00021588 _____ () C:\Users\MT\Desktop\FRST.txt
2014-02-16 22:55 - 2009-06-16 14:32 - 00000434 ____H () C:\windows\Tasks\User_Feed_Synchronization-{464A6F7B-D68C-4EC8-B4EE-F40977538F6E}.job
2014-02-16 22:54 - 2009-04-02 15:22 - 01583280 _____ () C:\windows\WindowsUpdate.log
2014-02-16 22:53 - 2014-02-16 22:52 - 00000000 ____D () C:\FRST
2014-02-16 22:49 - 2014-02-16 22:49 - 01141248 _____ (Farbar) C:\Users\MT\Desktop\FRST.exe
2014-02-16 22:46 - 2014-02-16 22:46 - 00000000 _____ () C:\Users\MT\Desktop\FRSTLauncher.exe
2014-02-16 22:43 - 2008-04-17 12:30 - 01781856 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-16 22:34 - 2012-01-02 13:29 - 00000380 _____ () C:\windows\Tasks\Final Media Player Update Checker.job
2014-02-16 22:34 - 2009-10-10 11:09 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2014-02-16 22:34 - 2009-09-27 14:32 - 00058288 _____ (Absolute Software Corp.) C:\windows\system32\rpcnet.dll
2014-02-16 22:34 - 2009-08-24 22:36 - 00017408 _____ () C:\windows\system32\rpcnetp.exe
2014-02-16 22:34 - 2009-05-12 13:02 - 00017408 _____ () C:\windows\system32\rpcnetp.dll
2014-02-16 22:34 - 2006-11-02 13:58 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-16 22:34 - 2006-11-02 13:45 - 00003344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 22:34 - 2006-11-02 13:45 - 00003344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 23:00 - 2014-02-16 23:32 - 00262144 _____ () C:\windows\system32\config\sam.trk
2014-02-13 23:00 - 2009-04-02 15:16 - 00000012 _____ () C:\windows\bthservsdp.dat
2014-02-13 23:00 - 2006-11-02 13:58 - 00032520 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-13 17:17 - 2014-02-13 17:12 - 00000000 ____D () C:\Program Files\Sudowin
2014-02-13 17:13 - 2012-04-25 05:45 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-12 23:56 - 2006-11-02 12:18 - 00000000 ____D () C:\windows\tracing
2014-02-12 23:38 - 2014-02-12 21:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-12 23:37 - 2014-02-12 23:37 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2014-02-12 23:37 - 2014-02-12 23:37 - 00004674 _____ () C:\windows\system32\.crusader
2014-02-12 23:37 - 2014-02-12 23:37 - 00004010 _____ () C:\windows\system32\bootdelete.lst
2014-02-12 22:01 - 2014-02-12 22:01 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-12 21:45 - 2014-02-08 19:08 - 95027928 ____T () C:\ProgramData\aj6t7x1.fee
2014-02-11 23:18 - 2012-04-09 14:26 - 00012348 _____ () C:\windows\setupact.log
2014-02-10 16:39 - 2006-11-02 13:44 - 00055296 _____ () C:\windows\system32\umstartup.etl
2014-02-09 22:11 - 2014-02-09 22:11 - 00000000 ____D () C:\Users\ADM\AppData\Roaming\Malwarebytes
2014-02-09 22:11 - 2013-08-03 08:39 - 00040776 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2014-02-09 21:58 - 2006-11-02 13:44 - 00039936 _____ () C:\windows\system32\umstartup000.etl
2014-02-09 20:44 - 2014-02-09 20:44 - 00000000 ____D () C:\d558b9b509472b7cf92bd9e9470c
2014-02-09 20:33 - 2011-01-05 10:34 - 00000000 ____D () C:\Users\MT\AppData\Roaming\Dropbox
2014-02-08 20:52 - 2011-01-05 10:36 - 00000000 ___RD () C:\Users\MT\Dropbox
2014-02-08 20:51 - 2011-01-18 06:48 - 00000000 ____D () C:\Users\ADM\AppData\Local\VirtualStore
2014-02-08 19:08 - 2014-02-08 19:08 - 00144384 _____ () C:\ProgramData\1x7t6ja.cpp
2014-02-08 16:33 - 2012-04-09 11:04 - 00000000 ____D () C:\windows\system32\Drivers\AVG
2014-02-08 12:13 - 2012-04-25 05:45 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-02-08 12:13 - 2011-05-18 05:42 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-08 11:33 - 2014-02-08 11:33 - 00143176 _____ () C:\windows\Minidump\Mini020814-01.dmp
2014-02-08 11:33 - 2012-08-06 08:11 - 295025664 _____ () C:\windows\MEMORY.DMP
2014-02-08 11:33 - 2011-11-29 12:45 - 00000000 ____D () C:\windows\Minidump
2014-02-08 08:57 - 2010-11-10 12:25 - 00000000 ____D () C:\Users\ADM
2014-02-08 08:57 - 2009-10-05 14:18 - 00000000 ____D () C:\Users\MT\AppData\Roaming\ICAClient
2014-02-08 08:57 - 2006-11-02 12:18 - 00000000 ____D () C:\windows\system32\spool
2014-02-08 08:57 - 2006-11-02 12:18 - 00000000 ____D () C:\windows\system32\Msdtc
2014-02-08 08:57 - 2006-11-02 12:18 - 00000000 ____D () C:\windows\registration
2014-02-08 08:57 - 2006-11-02 11:22 - 72089600 _____ () C:\windows\system32\config\software_previous
2014-02-08 08:57 - 2006-11-02 11:22 - 33816576 _____ () C:\windows\system32\config\system_previous
2014-02-08 08:51 - 2006-11-02 11:22 - 40108032 _____ () C:\windows\system32\config\components_previous
2014-02-08 08:51 - 2006-11-02 11:22 - 00262144 _____ () C:\windows\system32\config\sam_previous
2014-02-08 00:12 - 2014-02-08 00:11 - 00000000 ____D () C:\121e22382a4bb0e7380b9e
2014-02-07 23:59 - 2009-04-02 15:30 - 00000000 ____D () C:\Users\MT
2014-02-06 22:04 - 2006-11-02 11:22 - 00524288 _____ () C:\windows\system32\config\default_previous
2014-02-06 22:04 - 2006-11-02 11:22 - 00262144 _____ () C:\windows\system32\config\security_previous
2014-01-19 08:50 - 2009-10-30 14:17 - 00000000 ____D () C:\Dokumenty
2014-01-18 11:47 - 2014-01-18 11:31 - 00000000 ____D () C:\Users\MT\Desktop\pošta

Files to move or delete:
====================
C:\Users\MT\AppData\Roaming\desktop.ini
C:\ProgramData\aj6t7x1.fee
C:\ProgramData\ezsid.dat


Some content of TEMP:
====================
C:\Users\MT\AppData\Local\Temp\avguidx.dll
C:\Users\MT\AppData\Local\Temp\CommonInstaller.exe
C:\Users\MT\AppData\Local\Temp\iGearedHelper.dll
C:\Users\MT\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\MT\AppData\Local\Temp\SkypeSetup.exe
C:\Users\MT\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\MT\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-16 23:02

==================== End Of Log ============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [229376 2006-06-15] (Nokia)
  HKLM\...\Run: [openvpn-gui] - C:\Program Files\OpenVPN\bin\openvpn-gui.exe [99328 2005-08-18] ()
  HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
  HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
  HKLM\...\Run: [] - [X]
  HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
  HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
  HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
  HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
  HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\Run: [PcSync] - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [1449984 2006-06-27] (Time Information Services Ltd.)
  HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
  HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\MountPoints2: {831ddce4-3dd9-11e0-b11d-00247e2737ef} - F:\AutoRun.exe
  HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\MountPoints2: {831ddd24-3dd9-11e0-b11d-00247e2737ef} - F:\AutoRun.exe
  HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\MountPoints2: {d937306c-24da-11de-8f32-00247e2737ef} - F:\Axesstel_Setup.exe
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
  HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
  URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
  SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={87E883F0-439E-4E69-8D85-9A0CEA53550B}&mid=17e49770b43647d09c30d9493d54bd7a-470c522b3d2ec5f6cbd6ba48457603e896c0ecaa&lang=cs&ds=AVG&pr=pr&d=2012-04-09 12:07:20&v=10.2.0.3&sap=dsp&q={searchTerms}
  SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100762&mntrId=7062c2c400000000000000ffa197654c
  SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU
  SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={87E883F0-439E-4E69-8D85-9A0CEA53550B}&mid=17e49770b43647d09c30d9493d54bd7a-470c522b3d2ec5f6cbd6ba48457603e896c0ecaa&lang=cs&ds=AVG&pr=pr&d=2012-04-09 12:07:20&v=10.2.0.3&sap=dsp&q={searchTerms}
  SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80093&lng=cs
  Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
  Toolbar: HKLM - Quick Media Converter Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
  Toolbar: HKCU - Quick Media Converter Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
  Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
  
  FF DefaultSearchEngine: AVG Secure Search
  FF SelectedSearchEngine: AVG Secure Search
  FF NetworkProxy: "type", 0
  FF Extension: Babylon - C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\6sokl3wl.default\Extensions\ffxtlbr@babylon.com [2012-01-02]
  
  S2 HitmanPro37CrusaderBoot; "F:\HitmanPro.exe" /crusader:boot [X]
  S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
  S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
  S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
  
  2014-02-16 22:46 - 2014-02-16 22:46 - 00000000 _____ () C:\Users\MT\Desktop\FRSTLauncher.exe
  2014-02-12 23:37 - 2014-02-12 23:37 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
  2014-02-12 23:37 - 2014-02-12 23:37 - 00004674 _____ () C:\windows\system32\.crusader
  2014-02-12 23:37 - 2014-02-12 23:37 - 00004010 _____ () C:\windows\system32\bootdelete.lst
  2014-02-12 22:01 - 2014-02-12 22:01 - 00000000 ____D () C:\Program Files\HitmanPro
  2014-02-12 21:37 - 2014-02-12 23:38 - 00000000 ____D () C:\ProgramData\HitmanPro
  2014-02-08 19:08 - 2014-02-12 21:45 - 95027928 ____T () C:\ProgramData\aj6t7x1.fee
  2014-02-08 19:08 - 2014-02-08 19:08 - 00144384 _____ () C:\ProgramData\1x7t6ja.cpp
  C:\Users\MT\AppData\Roaming\desktop.ini
  C:\ProgramData\aj6t7x1.fee
  C:\ProgramData\ezsid.dat
  C:\Users\MT\AppData\Local\Temp\avguidx.dll
  C:\Users\MT\AppData\Local\Temp\CommonInstaller.exe
  C:\Users\MT\AppData\Local\Temp\iGearedHelper.dll
  C:\Users\MT\AppData\Local\Temp\MachineIdCreator.exe
  C:\Users\MT\AppData\Local\Temp\SkypeSetup.exe
  C:\Users\MT\AppData\Local\Temp\ToolbarInstaller.exe
  C:\Users\MT\AppData\Local\Temp\UNINSTALL.EXE
  C:\Program Files\Ask.com
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[Mili]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-02-2014
Ran by MT at 2014-02-17 15:34:54 Run:1
Running from C:\Users\MT\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [229376 2006-06-15] (Nokia)
HKLM\...\Run: [openvpn-gui] - C:\Program Files\OpenVPN\bin\openvpn-gui.exe [99328 2005-08-18] ()
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\Run: [PcSync] - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [1449984 2006-06-27] (Time Information Services Ltd.)
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\MountPoints2: {831ddce4-3dd9-11e0-b11d-00247e2737ef} - F:\AutoRun.exe
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\MountPoints2: {831ddd24-3dd9-11e0-b11d-00247e2737ef} - F:\AutoRun.exe
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\...\MountPoints2: {d937306c-24da-11de-8f32-00247e2737ef} - F:\Axesstel_Setup.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={87E8 ... 2012-04-09 12:07:20&v=10.2.0.3&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTe ... ffa197654c
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={87E8 ... 2012-04-09 12:07:20&v=10.2.0.3&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80093&lng=cs
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Quick Media Converter Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKCU - Quick Media Converter Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF NetworkProxy: "type", 0
FF Extension: Babylon - C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\6sokl3wl.default\Extensions\ffxtlbr@babylon.com [2012-01-02]

S2 HitmanPro37CrusaderBoot; "F:\HitmanPro.exe" /crusader:boot [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

2014-02-16 22:46 - 2014-02-16 22:46 - 00000000 _____ () C:\Users\MT\Desktop\FRSTLauncher.exe
2014-02-12 23:37 - 2014-02-12 23:37 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2014-02-12 23:37 - 2014-02-12 23:37 - 00004674 _____ () C:\windows\system32\.crusader
2014-02-12 23:37 - 2014-02-12 23:37 - 00004010 _____ () C:\windows\system32\bootdelete.lst
2014-02-12 22:01 - 2014-02-12 22:01 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-12 21:37 - 2014-02-12 23:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-08 19:08 - 2014-02-12 21:45 - 95027928 ____T () C:\ProgramData\aj6t7x1.fee
2014-02-08 19:08 - 2014-02-08 19:08 - 00144384 _____ () C:\ProgramData\1x7t6ja.cpp
C:\Users\MT\AppData\Roaming\desktop.ini
C:\ProgramData\aj6t7x1.fee
C:\ProgramData\ezsid.dat
C:\Users\MT\AppData\Local\Temp\avguidx.dll
C:\Users\MT\AppData\Local\Temp\CommonInstaller.exe
C:\Users\MT\AppData\Local\Temp\iGearedHelper.dll
C:\Users\MT\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\MT\AppData\Local\Temp\SkypeSetup.exe
C:\Users\MT\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\MT\AppData\Local\Temp\UNINSTALL.EXE
C:\Program Files\Ask.com

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PCSuiteTrayApplication => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\openvpn-gui => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ArcSoft Connection Service => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => Value deleted successfully.
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\Software\Microsoft\Windows\CurrentVersion\Run\\PcSync => Value deleted successfully.
HKU\S-1-5-21-2522943316-1474324370-2208020708-1004\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG => Value deleted successfully.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{831ddce4-3dd9-11e0-b11d-00247e2737ef} => Key not found.
HKCR\CLSID\{831ddce4-3dd9-11e0-b11d-00247e2737ef} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{831ddd24-3dd9-11e0-b11d-00247e2737ef} => Key not found.
HKCR\CLSID\{831ddd24-3dd9-11e0-b11d-00247e2737ef} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d937306c-24da-11de-8f32-00247e2737ef} => Key not found.
HKCR\CLSID\{d937306c-24da-11de-8f32-00247e2737ef} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\SearchAssistant => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\CustomizeSearch => Value deleted successfully.
Default URLSearchHook was restored successfully .
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Value deleted successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Proxy settings were reset.
C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\6sokl3wl.default\Extensions\ffxtlbr@babylon.com => Moved successfully.
HitmanPro37CrusaderBoot => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Users\MT\Desktop\FRSTLauncher.exe => Moved successfully.
C:\windows\system32\bootdelete.exe => Moved successfully.
C:\windows\system32\.crusader => Moved successfully.
C:\windows\system32\bootdelete.lst => Moved successfully.
C:\Program Files\HitmanPro => Moved successfully.
C:\ProgramData\HitmanPro => Moved successfully.
C:\ProgramData\aj6t7x1.fee => Moved successfully.
C:\ProgramData\1x7t6ja.cpp => Moved successfully.
C:\Users\MT\AppData\Roaming\desktop.ini => Moved successfully.
"C:\ProgramData\aj6t7x1.fee" => File/Directory not found.
C:\ProgramData\ezsid.dat => Moved successfully.
C:\Users\MT\AppData\Local\Temp\avguidx.dll => Moved successfully.
C:\Users\MT\AppData\Local\Temp\CommonInstaller.exe => Moved successfully.
C:\Users\MT\AppData\Local\Temp\iGearedHelper.dll => Moved successfully.
C:\Users\MT\AppData\Local\Temp\MachineIdCreator.exe => Moved successfully.
C:\Users\MT\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\MT\AppData\Local\Temp\ToolbarInstaller.exe => Moved successfully.
C:\Users\MT\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Program Files\Ask.com => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====

[vyosek]

Fajn, jak se chova PC??

[Mili]

Trochu to trvalo instalovali se aktualizace systému

Po startu vypadá že je vše OK zatím jsem nenarazil na nic co by nefungovalo

[vyosek]

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[Mili]

OK večer provedu kdyby byli problémy ozvu se teď už musim zmizet instalovat VDSL práce volá

Děkuju za pomoc a přeju super den

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat