Vyskakují okna při prohlížení internetu

[aludik]

Dobrý den.
Sestra si do NB nainstalovala winamp a možná s ním se asi nainstaloval nějaký "bordel" (adresář "double click" v Program files), který způsobuje sem tam otevření dalšího okna internetového prohlížeče s reklamní stránkou.
Double click jsem odinstaloval, adresář v Program files smazal. Avast ostranil při restartu nějaké ty soubory. Spyware terminator pokaždé najde a odstraní Tracking cookie ve firefoxu "doubleclick.net", ale po restartu je to tam zase.
viz. log, díky =>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:51, on 18.7.2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Users\iwet\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Users\iwet\Desktop\HijackThis.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\totalcmd\tcmadmin.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\iwet\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\iwet\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 10550 bytes

[Rudy]

Zdravím!
Poprosím o log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=130786 .

[aludik]

Tak po spuštění na ploše jako správce vyskočí hláška:
"Line -1:
Error: Variable used without being declared."

Nenašel jsem nikde řešení.

A teď se nějaký program pokoušel připojit na "hxxp://66.199.231.59/f8e75ae0", Avast to zablokoval.

[Rudy]

Zkusíme jinak. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[aludik]

Zde je log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by iwet (administrator) on IWET-NB on 19-07-2014 18:17:41
Running from C:\Users\iwet\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\System32\srvany.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
() C:\Windows\KMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
() C:\Users\iwet\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\iwet\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-697469898-18923056-507340362-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\iwet\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-697469898-18923056-507340362-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\iwet\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-697469898-18923056-507340362-1000\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-697469898-18923056-507340362-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-697469898-18923056-507340362-1000\...\MountPoints2: {afb041b2-e748-11e3-a42f-c417fef26db3} - F:\Startme.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: S3.Download Statusbar - C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\s3download@statusbar.xpi [2014-02-20]
FF Extension: Google Translator for Firefox - C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\translator@zoli.bod.xpi [2014-02-20]
FF Extension: Download Statusbar Fixed - C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\{4204c864-50bf-467a-95b3-0912b7f15869}.xpi [2014-02-20]
FF Extension: Adblock Plus - C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-20]
FF Extension: Tab Mix Plus - C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-02-20]
FF Extension: DownThemAll! - C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-20]

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/?clid=13415
CHR StartupUrls: "hxxp://www.google.com/"
CHR NewTab: "chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR Extension: (Dokumenty Google) - C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-03]
CHR Extension: (Disk Google) - C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-03]
CHR Extension: (YouTube) - C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-03]
CHR Extension: (Vyhledávání Google) - C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-03]
CHR Extension: (avast! Online Security) - C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-09]
CHR Extension: (Plus-HD-7.6) - C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-06-06]
CHR Extension: (Peněženka Google) - C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-03]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-06-09]
CHR Extension: (Gmail) - C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]

========================== Services (Whitelisted) =================

R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [133416 2013-10-22] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [272680 2013-10-22] (Lenovo)
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [593376 2013-05-21] (Intel Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-09-12] (Intel(R) Corporation)
R2 KMService; C:\Windows\system32\srvany.exe [8192 2014-02-21] () [File not signed]
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [44024 2013-05-29] (Lenovo Group Limited)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [127072 2013-05-22] (Lenovo Group Limited)
R2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [62456 2013-05-29] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-08-02] ()
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664808 2013-06-14] (Lenovo Group Limited)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [141928 2010-07-15] (Realtek Semiconductor)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [585112 2014-05-13] (Crawler.com)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [116216 2013-05-24] (Lenovo Group Limited)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2525936 2013-08-02] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112608 2013-05-21] (Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [112608 2013-05-21] (Windows (R) Win 7 DDK provider)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-10] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-10] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-02-20] (Disc Soft Ltd)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10375680 2013-05-29] (Intel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [39280 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [11976 2011-05-30] (Authentec Inc.)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 18:17 - 2014-07-19 18:18 - 00014844 _____ () C:\Users\iwet\Desktop\FRST.txt
2014-07-19 18:17 - 2014-07-19 18:17 - 00000000 ____D () C:\FRST
2014-07-19 18:13 - 2014-07-19 18:13 - 00112640 _____ (forum.viry.cz) C:\Users\iwet\Desktop\FRSTLauncher.exe
2014-07-19 17:57 - 2014-07-19 17:57 - 01079808 _____ (Farbar) C:\Users\iwet\Desktop\FRST.exe
2014-07-18 23:08 - 2014-07-18 23:27 - 00000000 ____D () C:\Program Files\trend micro
2014-07-18 23:04 - 2014-07-18 23:04 - 00000000 ____D () C:\rsit
2014-07-18 23:00 - 2014-07-18 23:01 - 00781909 _____ () C:\Users\iwet\Desktop\RSIT.exe
2014-07-18 22:11 - 2014-07-18 22:11 - 00000000 ____D () C:\Users\iwet\AppData\Local\CrashDumps
2014-07-18 21:52 - 2014-07-18 23:08 - 00000000 ____D () C:\Program Files\HijackThis
2014-07-18 21:13 - 2014-07-18 23:09 - 00000112 _____ () C:\Windows\setupact.log
2014-07-18 21:13 - 2014-07-18 21:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 21:10 - 2014-07-16 21:10 - 00000000 __SHD () C:\Users\iwet\AppData\Local\EmieUserList
2014-07-16 21:10 - 2014-07-16 21:10 - 00000000 __SHD () C:\Users\iwet\AppData\Local\EmieSiteList
2014-07-15 20:21 - 2014-07-15 20:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-10 22:29 - 2014-07-18 21:14 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Users\iwet\AppData\Roaming\Spyware Terminator
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-07-10 22:29 - 2011-06-21 11:24 - 00032768 _____ () C:\Windows\system32\Drivers\sp_rsdrv2.sys
2014-07-10 22:17 - 2014-07-10 22:17 - 00002900 _____ () C:\cc_20140710_221723.reg
2014-07-10 22:06 - 2014-07-10 22:07 - 00000000 ____D () C:\Users\iwet\AppData\Roaming\DropboxMaster
2014-07-10 22:06 - 2014-07-10 22:06 - 00000000 ____D () C:\Users\iwet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-10 22:05 - 2014-07-10 22:07 - 00000000 ____D () C:\Users\iwet\AppData\Roaming\Dropbox
2014-07-10 20:57 - 2014-07-10 20:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-09 15:52 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 15:52 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 15:52 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 15:51 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 15:51 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 15:51 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 15:51 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 15:51 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 15:51 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 15:51 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 15:51 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 15:51 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 15:51 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 15:51 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 15:51 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 15:51 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 15:51 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 15:51 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 15:51 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 15:51 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 15:51 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 15:51 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 15:51 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 15:51 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 15:51 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 15:51 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 15:51 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 15:51 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 15:51 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 15:51 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 15:51 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 15:51 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 15:51 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 15:51 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 15:50 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 15:50 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 15:50 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 15:50 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 15:50 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 15:50 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 15:50 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 15:50 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 15:50 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 15:50 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-07 17:30 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-07 17:30 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-07 17:30 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-07 17:30 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-07 17:30 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-07 17:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-07 17:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-19 18:18 - 2014-07-19 18:17 - 00014844 _____ () C:\Users\iwet\Desktop\FRST.txt
2014-07-19 18:17 - 2014-07-19 18:17 - 00000000 ____D () C:\FRST
2014-07-19 18:13 - 2014-07-19 18:13 - 00112640 _____ (forum.viry.cz) C:\Users\iwet\Desktop\FRSTLauncher.exe
2014-07-19 18:13 - 2014-02-21 21:48 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 18:04 - 2014-06-03 13:48 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 17:57 - 2014-07-19 17:57 - 01079808 _____ (Farbar) C:\Users\iwet\Desktop\FRST.exe
2014-07-19 17:54 - 2014-06-03 13:50 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 17:54 - 2014-06-03 13:48 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 17:50 - 2014-02-20 19:40 - 01628634 _____ () C:\Windows\WindowsUpdate.log
2014-07-18 23:38 - 2010-11-20 23:01 - 01582262 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 23:27 - 2014-07-18 23:08 - 00000000 ____D () C:\Program Files\trend micro
2014-07-18 23:17 - 2014-02-20 22:22 - 00000000 ____D () C:\Users\iwet\AppData\Roaming\Seznam.cz
2014-07-18 23:17 - 2009-07-14 06:34 - 00023936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-18 23:17 - 2009-07-14 06:34 - 00023936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-18 23:09 - 2014-07-18 21:13 - 00000112 _____ () C:\Windows\setupact.log
2014-07-18 23:09 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-18 23:08 - 2014-07-18 21:52 - 00000000 ____D () C:\Program Files\HijackThis
2014-07-18 23:04 - 2014-07-18 23:04 - 00000000 ____D () C:\rsit
2014-07-18 23:01 - 2014-07-18 23:00 - 00781909 _____ () C:\Users\iwet\Desktop\RSIT.exe
2014-07-18 22:11 - 2014-07-18 22:11 - 00000000 ____D () C:\Users\iwet\AppData\Local\CrashDumps
2014-07-18 21:49 - 2014-02-20 19:48 - 00000000 ____D () C:\Users\iwet\AppData\Local\VirtualStore
2014-07-18 21:14 - 2014-07-10 22:29 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-07-18 21:13 - 2014-07-18 21:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-18 21:13 - 2014-02-20 20:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-16 21:10 - 2014-07-16 21:10 - 00000000 __SHD () C:\Users\iwet\AppData\Local\EmieUserList
2014-07-16 21:10 - 2014-07-16 21:10 - 00000000 __SHD () C:\Users\iwet\AppData\Local\EmieSiteList
2014-07-15 20:36 - 2014-06-03 13:58 - 00000000 ____D () C:\Users\iwet\AppData\Roaming\Winamp
2014-07-15 20:21 - 2014-07-15 20:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-15 18:56 - 2014-02-21 22:01 - 00000000 ____D () C:\Windows\system32\oodag
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Users\iwet\AppData\Roaming\Spyware Terminator
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
2014-07-10 22:29 - 2014-07-10 22:29 - 00000000 ____D () C:\Program Files\Spyware Terminator
2014-07-10 22:17 - 2014-07-10 22:17 - 00002900 _____ () C:\cc_20140710_221723.reg
2014-07-10 22:07 - 2014-07-10 22:06 - 00000000 ____D () C:\Users\iwet\AppData\Roaming\DropboxMaster
2014-07-10 22:07 - 2014-07-10 22:05 - 00000000 ____D () C:\Users\iwet\AppData\Roaming\Dropbox
2014-07-10 22:06 - 2014-07-10 22:06 - 00000000 ____D () C:\Users\iwet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-10 20:57 - 2014-07-10 20:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-10 20:57 - 2014-06-03 13:44 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-10 20:57 - 2014-06-03 13:43 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-10 20:57 - 2014-02-20 22:56 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-10 20:57 - 2014-02-20 22:56 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-10 20:57 - 2014-02-20 22:56 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-10 20:57 - 2014-02-20 22:56 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-10 20:57 - 2014-02-20 22:56 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-10 20:57 - 2014-02-20 22:56 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-10 20:57 - 2014-02-20 22:56 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-10 20:57 - 2014-02-20 22:56 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-10 20:55 - 2014-02-21 21:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-10 20:55 - 2014-02-21 21:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-10 20:52 - 2009-07-14 06:33 - 00287048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 20:50 - 2014-05-29 17:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 20:50 - 2010-11-21 03:25 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 20:43 - 2014-02-20 22:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 20:41 - 2014-02-20 22:39 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-30 03:40 - 2014-07-09 15:50 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 03:36 - 2014-07-09 15:50 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-20 21:39 - 2014-07-09 15:51 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-19 02:16 - 2014-07-09 15:51 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 01:56 - 2014-07-09 15:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 01:56 - 2014-07-09 15:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 01:38 - 2014-07-09 15:51 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 01:37 - 2014-07-09 15:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 01:36 - 2014-07-09 15:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 01:32 - 2014-07-09 15:51 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 01:28 - 2014-07-09 15:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 15:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 01:25 - 2014-07-09 15:51 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 01:23 - 2014-07-09 15:52 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 01:23 - 2014-07-09 15:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 15:51 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-09 15:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:12 - 2014-07-09 15:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 15:52 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 15:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 00:59 - 2014-07-09 15:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 15:51 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 15:51 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 00:52 - 2014-07-09 15:51 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 00:49 - 2014-07-09 15:51 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 15:51 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 15:51 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 15:51 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:13 - 2014-07-09 15:51 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:09 - 2014-07-09 15:51 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:07 - 2014-07-09 15:51 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\iwet\Desktop" je 1468 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Extension: Tab Mix Plus - C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-02-20]
FF Extension: DownThemAll! - C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-02]
CHR Extension: (Plus-HD-7.6) - C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-06-06]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte

[aludik]

fixnuto, zde je log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:19-07-2014
Ran by iwet at 2014-07-19 19:47:13 Run:1
Running from C:\Users\iwet\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Extension: Tab Mix Plus - C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-02-20]
FF Extension: DownThemAll! - C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-04-02]
CHR Extension: (Plus-HD-7.6) - C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-06-06]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
End
*****************

'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi => Moved successfully.
C:\Users\iwet\AppData\Roaming\Mozilla\Firefox\Profiles\3xg8ya2s.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi => Moved successfully.
C:\Users\iwet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

==== End of Fixlog ====

[Rudy]

Nastala nějaká změna?

[aludik]

Restartoval jsem, vyzkoušel jsem a zdá se, že je to OK.
Žádné vyskočivší okno při procházení stránek netu se neobjevilo, ale Spyware Terminator našel ještě cookie v příloze.

Du spat po perném dni a výborné zábavě s kapelou TIP TOP-Q, ahoj Tonda

[Rudy]

Cookies v podstatě nebezpečné nejsou. Jde o txt soubory, určené k tomu, aby si váš PC jednou navštívený server zapamatoval a při návratu vás poznal. Pokud si nepřejete jejich ukládání, zakažte ho v prohlížeči. Jsem rád, že je vše v pořádku.

[aludik]

Tak potom je problém vyřešen.
Děkuji za Váš čas a pomoc Tonda.

[Rudy]

Rádo se stalo!