virus - zablokoval mi super antispyware

[nereide]

Dobrý den, jsem tu zase s žádostí o pomoc.

Při vyhledávání gen. testu mě to poslalo nečekaně na porno stránku, okamžitě mi byl nahlášen virus, ale prý bloklý. Avast test ale ukázal, že je v PC. Nemámm ho jak sejmout, protože doposud fungující super antispyware mi nejde spustit, ani po reinstalaci, otevře se a ihned se zavře. Vše ostatní zatím funguje.

Vkládám FRST a moc děkuji

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01 (ATTENTION: ====> FRST version is 20 days old and could be outdated)
Ran by uzivatel (administrator) on NTBACER on 17-02-2015 00:18:34
Running from C:\Documents and Settings\uzivatel\Plocha
Loaded Profiles: uzivatel (Available profiles: uzivatel)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lavasoft) C:\Documents and Settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-24] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\Documents and Settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.exe [558672 2013-09-11] (Lavasoft)
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2015-01-22] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: [S-1-5-21-343818398-1547161642-1801674531-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ujxhobqi.default-1423352464234
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @xstandard.com/XStandard -> C:\Program Files\XStandard\Bin\NPXStandard.dll (Belus Technology Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-08]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-08] (Oracle Corporation)
S3 CiSvc; %SystemRoot%\system32\cisvc.exe [X]
S4 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1585728 2009-09-30] (Atheros Communications, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-24] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-24] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-24] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-24] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-24] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-24] ()
R2 Ethpdrv; C:\WINDOWS\System32\DRIVERS\ethpdrv.sys [9728 2005-09-08] (Gemfor s.r.o.) [File not signed]
S3 IntcHdmiAddService; C:\WINDOWS\System32\drivers\IntcHdmi.sys [105984 2007-05-04] (Intel(R) Corporation) [File not signed]
S3 ipw_bus; C:\WINDOWS\System32\DRIVERS\ipw_bus.sys [58320 2005-09-27] (MCCI)
S3 ipw_mdfl; C:\WINDOWS\System32\DRIVERS\ipw_mdfl.sys [8272 2005-09-27] (MCCI)
S3 ipw_mdm; C:\WINDOWS\System32\DRIVERS\ipw_mdm.sys [95440 2005-09-27] (MCCI)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 00:18 - 2015-02-17 00:18 - 00009117 _____ () C:\Documents and Settings\uzivatel\Plocha\FRST.txt
2015-02-17 00:17 - 2015-02-17 00:18 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-17 00:17 - 2015-02-17 00:17 - 00001678 _____ () C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
2015-02-08 09:56 - 2015-02-09 07:18 - 00000516 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 3dc6b43c-7c9c-481a-982a-c600451c15b7.job
2015-02-08 09:56 - 2015-02-08 09:56 - 00000516 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a636bf06-ae79-43f7-996c-386bc938bdbe.job
2015-02-08 00:41 - 2015-02-08 00:41 - 00000000 ____D () C:\Documents and Settings\uzivatel\Plocha\Původní data aplikace Firefox
2015-02-01 20:50 - 2015-02-01 20:50 - 00000000 ____D () C:\Documents and Settings\uzivatel\Data aplikací\com.adobe.downloadassistant.AdobeDownloadAssistant
2015-02-01 20:49 - 2015-02-01 20:49 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-28 19:45 - 2015-02-17 00:18 - 00000000 ____D () C:\Documents and Settings\uzivatel\Local Settings\Temp
2015-01-27 22:15 - 2015-01-27 22:15 - 02194432 _____ () C:\Documents and Settings\uzivatel\Plocha\adwcleaner_4.109.exe
2015-01-26 20:28 - 2015-01-26 20:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 00:18 - 2013-10-02 09:43 - 00000000 ____D () C:\FRST
2015-02-17 00:18 - 2009-12-23 01:44 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-02-17 00:18 - 2009-12-23 00:59 - 00000000 ____D () C:\Documents and Settings\uzivatel\Plocha
2015-02-17 00:17 - 2009-12-23 01:44 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-17 00:14 - 2009-12-23 00:54 - 01841642 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-17 00:12 - 2009-12-23 01:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-17 00:12 - 2009-12-23 01:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-17 00:08 - 2009-12-23 00:59 - 00000272 ___SH () C:\Documents and Settings\uzivatel\ntuser.ini
2015-02-17 00:08 - 2009-12-23 00:59 - 00000000 ____D () C:\Documents and Settings\uzivatel
2015-02-16 23:16 - 2013-10-02 08:31 - 00000000 ____D () C:\AdwCleaner
2015-02-16 23:16 - 2010-03-14 13:26 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory
2015-02-16 20:21 - 2009-12-23 00:59 - 00000000 ___RD () C:\Documents and Settings\uzivatel\Dokumenty
2015-02-16 12:48 - 2014-09-18 20:36 - 00002563 _____ () C:\Documents and Settings\uzivatel\Plocha\Microsoft Office Word 2007.lnk
2015-02-16 09:48 - 2014-12-26 18:21 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Ad-Aware Browsing Protection
2015-02-16 09:42 - 2001-10-25 17:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-15 22:38 - 2014-09-18 20:36 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2015-02-15 16:57 - 2014-09-18 20:36 - 00002477 _____ () C:\Documents and Settings\uzivatel\Plocha\Microsoft Office Excel 2007.lnk
2015-02-10 13:55 - 2014-03-05 22:37 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\PRIVYDELKY
2015-02-10 13:55 - 2010-05-23 19:11 - 00149816 ____H () C:\treeinfo.wc
2015-02-10 13:54 - 2009-12-23 00:59 - 00000000 ___RD () C:\Documents and Settings\uzivatel\Dokumenty\Obrázky
2015-02-09 10:10 - 2010-01-15 17:29 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\works
2015-02-08 10:21 - 2009-12-23 02:12 - 00000000 ____D () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Adobe
2015-02-08 10:20 - 2013-03-18 22:31 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-08 10:20 - 2013-03-18 22:30 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-08 10:20 - 2011-05-23 07:40 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-08 10:10 - 2009-12-23 01:44 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-01 23:37 - 2014-03-02 14:10 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\www
2015-02-01 20:50 - 2009-12-23 00:59 - 00000000 __RHD () C:\Documents and Settings\uzivatel\Data aplikací
2015-02-01 20:49 - 2009-12-23 02:11 - 00000000 ____D () C:\Program Files\Adobe
2015-02-01 15:17 - 2014-05-07 18:38 - 00036363 _____ () C:\WINDOWS\CSTBox.INI
2015-01-28 19:37 - 2014-09-16 20:36 - 01121792 _____ (Farbar) C:\Documents and Settings\uzivatel\Plocha\FRST.exe
2015-01-27 22:19 - 2014-09-18 19:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 17:11 - 2011-08-06 10:24 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\prace

==================== Files in the root of some directories =======

2010-01-30 16:49 - 2012-03-16 08:31 - 0004397 _____ () C:\Documents and Settings\uzivatel\Data aplikací\HPCOM_48BitScanUpdate.log
2011-09-27 13:43 - 2011-09-27 13:43 - 0000268 ___RH () C:\Documents and Settings\uzivatel\Data aplikací\Sounds
2011-09-27 13:46 - 2012-01-04 22:20 - 0000000 _____ () C:\Documents and Settings\uzivatel\Data aplikací\Space Choir
2010-01-09 17:35 - 2013-09-28 00:21 - 0123392 _____ () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-16 22:03 - 2012-05-28 22:17 - 0002568 _____ () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader(1).err
2011-10-16 20:28 - 2012-11-03 14:07 - 0001080 _____ () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader(1).nast
2010-10-01 21:52 - 2012-08-10 17:48 - 0001064 ____C () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader.err
2010-10-01 21:59 - 2012-08-10 20:39 - 0001120 ____C () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader.nast

Some content of TEMP:
====================
C:\Documents and Settings\uzivatel\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\uzivatel\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[Márty84]

Zdravim

SuperAntiSpyware odinstalujte.

Take odinstalujte Ad-Aware Browsing Protection.

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

[nereide]

Dobrý den, děkuji za odpověď, musím se přiznat, že zrovna AdwCleaner jsem v noci akutně použila, protože se mi PC pak spustil v nouzáku... takže asi tento log bude čistý.

# AdwCleaner v4.110 - Logfile created 17/02/2015 at 11:18:43
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : uzivatel - NTBACER
# Running from : C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKCU\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v35.0.1 (x86 cs)


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [3613 bytes] - [02/10/2013 08:31:54]
AdwCleaner[R1].txt - [938 bytes] - [02/10/2013 08:46:14]
AdwCleaner[R2].txt - [997 bytes] - [02/10/2013 09:15:03]
AdwCleaner[R3].txt - [1413 bytes] - [16/09/2014 21:03:34]
AdwCleaner[R4].txt - [3682 bytes] - [27/01/2015 22:16:48]
AdwCleaner[R5].txt - [1389 bytes] - [16/02/2015 22:04:19]
AdwCleaner[R6].txt - [1765 bytes] - [17/02/2015 11:14:31]
AdwCleaner[S0].txt - [3584 bytes] - [02/10/2013 08:41:46]
AdwCleaner[S1].txt - [1057 bytes] - [02/10/2013 09:16:03]
AdwCleaner[S2].txt - [1476 bytes] - [16/09/2014 21:04:30]
AdwCleaner[S3].txt - [3795 bytes] - [27/01/2015 22:18:51]
AdwCleaner[S4].txt - [1452 bytes] - [16/02/2015 23:16:22]
AdwCleaner[S5].txt - [1700 bytes] - [17/02/2015 11:18:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1759 bytes] ##########

[Márty84]

takže asi tento log bude čistý.

I tak neco nasel


Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ (musite stahnout verzi 1.75, odmitnout upgrade na novejsi verzi a aktualizovat jen virovou databazi) a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

[nereide]

Tu je zpráva MBAM

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2015.02.17.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
uzivatel :: NTBACER [administrátor]

Ochrana: Zakázána

17.2.2015 12:23:09
MBAM-log-2015-02-17 (14-45-07).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 410073
Uplynulý čas: 2 hodin, 18 minut, 28 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Documents and Settings\uzivatel\Dokumenty\Downloads\SoftonicDownloader_for_irfanview.exe (PUP.Optional.Softonic) -> Nebyla provedena žádná instrukce.

(konec)

[Márty84]

Nalez hodte do karanteny, pak muzete MBAM odinstalovat.

Jaky vir vlastne Avast hlasi/l?

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remote disinfection tools
• Kliknete na Run

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

[nereide]

I když stáhnu správnou verzi 32 bit, tak mi FRST Launcher pořád hlásí, že mám špatnou verzi a bez toho nejede...

Už nevím, co přesně avast hlásil, dala jsem test hned, jak mi nahlásil, že blokuje nějaké malware. Objevilo se to při kontrole, dala jsem to do truhly atd., ale restart PC mi to hodil překvapivě do známé modré obrazovky..., kde běžel Avast, tak jsem to natvrdo ukončila (je hrozně těžkopádný) a jako nouzovku spustila adw a následné clean, naslepo. Pak se začal normálně chovat i ten superantisp.

Delfix proveden a ještě přikládám aspoň samotný FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by uzivatel (administrator) on NTBACER on 17-02-2015 23:22:54
Running from c:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory
Loaded Profiles: uzivatel (Available profiles: uzivatel)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\FRST(3).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-24] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040 2013-04-04] (Malwarebytes Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: [S-1-5-21-343818398-1547161642-1801674531-1003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF ProfilePath: C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ujxhobqi.default-1423352464234
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @xstandard.com/XStandard -> C:\Program Files\XStandard\Bin\NPXStandard.dll (Belus Technology Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-08]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-08] (Oracle Corporation)
S3 CiSvc; %SystemRoot%\system32\cisvc.exe [X]
S4 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1585728 2009-09-30] (Atheros Communications, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-24] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-24] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-24] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-24] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-24] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-24] ()
R2 Ethpdrv; C:\WINDOWS\System32\DRIVERS\ethpdrv.sys [9728 2005-09-08] (Gemfor s.r.o.) [File not signed]
S3 IntcHdmiAddService; C:\WINDOWS\System32\drivers\IntcHdmi.sys [105984 2007-05-04] (Intel(R) Corporation) [File not signed]
S3 ipw_bus; C:\WINDOWS\System32\DRIVERS\ipw_bus.sys [58320 2005-09-27] (MCCI)
S3 ipw_mdfl; C:\WINDOWS\System32\DRIVERS\ipw_mdfl.sys [8272 2005-09-27] (MCCI)
S3 ipw_mdm; C:\WINDOWS\System32\DRIVERS\ipw_mdm.sys [95440 2005-09-27] (MCCI)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 23:22 - 2015-02-17 23:22 - 00015327 _____ () C:\Documents and Settings\uzivatel\Plocha\LM.bat
2015-02-17 23:20 - 2015-02-17 23:22 - 00000000 ____D () C:\FRST
2015-02-17 23:16 - 2015-02-17 23:22 - 00029696 _____ () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\MSGBOX.EXE
2015-02-17 23:10 - 2015-02-17 23:11 - 00000756 _____ () C:\DelFix.txt
2015-02-17 12:19 - 2015-02-17 12:19 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2015-02-17 12:19 - 2015-02-17 12:19 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2015-02-17 12:10 - 2015-02-17 12:19 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-17 12:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-17 11:21 - 2015-02-17 11:21 - 00001192 _____ () C:\WINDOWS\setupapi.log
2015-02-08 00:41 - 2015-02-08 00:41 - 00000000 ____D () C:\Documents and Settings\uzivatel\Plocha\Původní data aplikace Firefox
2015-02-01 20:50 - 2015-02-01 20:50 - 00000000 ____D () C:\Documents and Settings\uzivatel\Data aplikací\com.adobe.downloadassistant.AdobeDownloadAssistant
2015-02-01 20:49 - 2015-02-01 20:49 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-28 19:45 - 2015-02-17 23:23 - 00000000 ____D () C:\Documents and Settings\uzivatel\Local Settings\Temp
2015-01-26 20:28 - 2015-01-26 20:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 23:22 - 2010-03-14 13:26 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory
2015-02-17 23:22 - 2009-12-23 00:59 - 00000000 ___RD () C:\Documents and Settings\uzivatel\Dokumenty
2015-02-17 23:22 - 2009-12-23 00:59 - 00000000 ___HD () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací
2015-02-17 23:22 - 2009-12-23 00:59 - 00000000 ____D () C:\Documents and Settings\uzivatel\Plocha
2015-02-17 18:34 - 2014-09-18 20:36 - 00002563 _____ () C:\Documents and Settings\uzivatel\Plocha\Microsoft Office Word 2007.lnk
2015-02-17 12:19 - 2009-12-23 01:44 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-17 12:19 - 2009-12-23 01:44 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-17 11:22 - 2009-12-23 00:54 - 01844832 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-17 11:20 - 2014-12-26 18:21 - 00000000 ____D () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\adawarebp
2015-02-17 11:20 - 2009-12-23 01:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-17 11:20 - 2009-12-23 01:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-17 11:20 - 2009-12-23 01:44 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-02-17 11:19 - 2009-12-23 00:59 - 00000272 ___SH () C:\Documents and Settings\uzivatel\ntuser.ini
2015-02-17 11:18 - 2009-12-23 00:59 - 00000000 ____D () C:\Documents and Settings\uzivatel
2015-02-17 11:12 - 2009-12-23 00:59 - 00000000 __RHD () C:\Documents and Settings\uzivatel\Data aplikací
2015-02-17 09:43 - 2014-03-05 22:37 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\PRIVYDELKY
2015-02-17 09:34 - 2009-12-23 00:59 - 00000000 ___RD () C:\Documents and Settings\uzivatel\Dokumenty\Obrázky
2015-02-16 09:42 - 2001-10-25 17:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-15 22:38 - 2014-09-18 20:36 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2015-02-15 16:57 - 2014-09-18 20:36 - 00002477 _____ () C:\Documents and Settings\uzivatel\Plocha\Microsoft Office Excel 2007.lnk
2015-02-10 13:55 - 2010-05-23 19:11 - 00149816 ____H () C:\treeinfo.wc
2015-02-09 10:10 - 2010-01-15 17:29 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\works
2015-02-08 10:21 - 2009-12-23 02:12 - 00000000 ____D () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\Adobe
2015-02-08 10:20 - 2013-03-18 22:31 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-08 10:20 - 2013-03-18 22:30 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-08 10:20 - 2011-05-23 07:40 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-01 23:37 - 2014-03-02 14:10 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\www
2015-02-01 20:49 - 2009-12-23 02:11 - 00000000 ____D () C:\Program Files\Adobe
2015-02-01 15:17 - 2014-05-07 18:38 - 00036363 _____ () C:\WINDOWS\CSTBox.INI
2015-01-27 22:19 - 2014-09-18 19:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 17:11 - 2011-08-06 10:24 - 00000000 ____D () C:\Documents and Settings\uzivatel\Dokumenty\prace

==================== Files in the root of some directories =======

2010-01-30 16:49 - 2012-03-16 08:31 - 0004397 _____ () C:\Documents and Settings\uzivatel\Data aplikací\HPCOM_48BitScanUpdate.log
2011-09-27 13:43 - 2011-09-27 13:43 - 0000268 ___RH () C:\Documents and Settings\uzivatel\Data aplikací\Sounds
2011-09-27 13:46 - 2012-01-04 22:20 - 0000000 _____ () C:\Documents and Settings\uzivatel\Data aplikací\Space Choir
2010-01-09 17:35 - 2013-09-28 00:21 - 0123392 _____ () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-17 23:16 - 2015-02-17 23:22 - 0029696 _____ () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\MSGBOX.EXE
2011-10-16 22:03 - 2012-05-28 22:17 - 0002568 _____ () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader(1).err
2011-10-16 20:28 - 2012-11-03 14:07 - 0001080 _____ () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader(1).nast
2010-10-01 21:52 - 2012-08-10 17:48 - 0001064 ____C () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader.err
2010-10-01 21:59 - 2012-08-10 20:39 - 0001120 ____C () C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\SRDownloader.nast

Some content of TEMP:
====================
C:\Documents and Settings\uzivatel\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\uzivatel\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[Márty84]

Tak se kouknete do truhly, tam by mel byt zaznam, o co slo

Kdyz je to tedy bez Launcheru, dejte mi sem jeste log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786 a budem mazat

[nereide]

Zdravím, přikládám RSIT i foto toho viru, co se našel. Mohl být i nemusel, já jsem to dala rovnou zničit, protože avast ho našel po rychle spuštěném testu po vlezení na infikovanou stránku, předtím tam nebyl Spíše mě vrtá hlavou, proč Avast nahodil po restartu modrou obrazovku (sám od sebe).

Logfile of random's system information tool 1.10 (written by random/random)
Run by uzivatel at 2015-02-18 08:14:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (25%) free of 153 GB
Total RAM: 953 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:15:01, on 18.2.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1530185827
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 4291 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\ujxhobqi.default-1423352464234

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.67.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@xstandard.com/XStandard]
"Description"=
"Path"=C:\Program Files\XStandard\Bin\NPXStandard.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-24 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-24 5226600]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-24 5226600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^KooBits 4.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AudioSrv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-19 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\WINDOWS\system32\igfxsrvc.exe"="C:\WINDOWS\system32\igfxsrvc.exe:*:Enabled:igfxsrvc Module"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\tlntsvr.exe"="C:\WINDOWS\system32\tlntsvr.exe:*:Disabled:telnet"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe"="C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe:*:Enabled:KMPProcess"
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe"="C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2015-02-18 08:14:45 ----D---- C:\rsit
2015-02-18 08:14:45 ----D---- C:\Program Files\trend micro
2015-02-17 23:20:31 ----D---- C:\FRST
2015-02-17 23:10:58 ----A---- C:\DelFix.txt
2015-02-17 12:10:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2015-02-17 12:10:23 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2015-02-01 20:50:16 ----D---- C:\Documents and Settings\uzivatel\Data aplikací\com.adobe.downloadassistant.AdobeDownloadAssistant
2015-02-01 20:49:49 ----D---- C:\Program Files\Common Files\Adobe AIR
2015-01-26 20:28:52 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2015-02-18 08:14:45 ----D---- C:\Program Files
2015-02-18 07:44:29 ----D---- C:\WINDOWS\temp
2015-02-18 00:25:18 ----D---- C:\WINDOWS\system32\CatRoot2
2015-02-17 23:23:56 ----D---- C:\WINDOWS
2015-02-17 17:25:13 ----SD---- C:\Documents and Settings\uzivatel\Data aplikací\Microsoft
2015-02-17 16:31:37 ----D---- C:\WINDOWS\system32\drivers
2015-02-17 12:18:55 ----SHD---- C:\WINDOWS\Installer
2015-02-17 12:18:55 ----D---- C:\Config.Msi
2015-02-17 11:12:56 ----SD---- C:\WINDOWS\Tasks
2015-02-08 10:20:19 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-01 20:49:53 ----D---- C:\Program Files\Adobe
2015-02-01 20:49:49 ----RD---- C:\Program Files\Common Files
2015-02-01 15:17:59 ----A---- C:\WINDOWS\CSTBox.INI
2015-01-27 22:19:50 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-11-24 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-11-24 206248]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-11-24 55240]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-11-24 787800]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-11-24 423784]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-11-24 57928]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-11-24 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-11-24 70384]
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2005-09-08 9728]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-03-19 175104]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-13 4754944]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 tap0901;TAP-Windows Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2013-08-22 35288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2007-05-04 105984]
S3 ipw_bus;IPWireless; C:\WINDOWS\system32\DRIVERS\ipw_bus.sys [2005-09-27 58320]
S3 ipw_mdfl;Wireless Broadband Modem Filter; C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys [2005-09-27 8272]
S3 ipw_mdm;Wireless Broadband Modem (WDM); C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys [2005-09-27 95440]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-19 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-19 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-24 50344]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-10-08 182696]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08 267440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-26 114800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE []

-----------------EOF-----------------

[Márty84]

Avast nasel havet v bodech obnovy. Pokud to stale hlasi, bude treba je vymazat http://forum.viry.cz/viewtopic.php?f=46&t=47040



Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040 2013-04-04] (Malwarebytes Corporation)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: [S-1-5-21-343818398-1547161642-1801674531-1003] ATTENTION ==> Default URLSearchHook is missing.
Handler: ipp - No CLSID Value -

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-08] (Oracle Corporation)
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08 267440]

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^KooBits 4.lnk" /f

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[nereide]

Děkuji, přikládám nový fixlog

S bodem obnovy se mi čachrovat moc nechce, zvláště poté, co jsme tak pečlivě uklidili veškerý bordel... dávám pro jistotu ještě avast test, uvidíme, co mi ukáže.

a nyní fixlist


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by uzivatel at 2015-02-18 21:04:23 Run:1
Running from C:\Documents and Settings\uzivatel\Plocha
Loaded Profiles: uzivatel (Available profiles: uzivatel)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040 2013-04-04] (Malwarebytes Corporation)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: [S-1-5-21-343818398-1547161642-1801674531-1003] ATTENTION ==> Default URLSearchHook is missing.
Handler: ipp - No CLSID Value -

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-08] (Oracle Corporation)
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08 267440]

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^KooBits 4.lnk" /f

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware => Value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-343818398-1547161642-1801674531-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
Error setting Default URLSearchHook.
"HKCR\PROTOCOLS\Handler\ipp" => Key deleted successfully.
JavaQuickStarterService => Service deleted successfully.
AdobeFlashPlayerUpdateSvc => Service deleted successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uzivatel^Nabídka Start^Programy^Po spuštění^KooBits 4.lnk" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 464.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 21:06:50 ====

[Márty84]

S bodem obnovy se mi čachrovat moc nechce, zvláště poté, co jsme tak pečlivě uklidili veškerý bordel...

Prave ze kdyz je pc cisty a pokud funguje jak ma, je nejvhodnejsi doba body obnovy vymazat a nechat vytvorit nove


Napiste mi velikost adresare plochy (C:\Documents and Settings\uzivatel\Plocha)

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remote disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[nereide]

S tím bodem obnovení jsem to špatně pochopila už jsem nastavila nový.

Všechno provedeno, PC je teď bezproblémový a hodný. Myslím, že to můžeme uzavřít, VELMI DĚKUJI za Váš čas a příspěvek ( jako vždycky) posílám (asi v pondělí, až dostanu peníze).

Moc díky za Vaše fórum.

[Márty84]

Sikulka

Nemate vubec zac, rado se stalo!

Za pripadny prispevek dekujeme

Mejte se krasne a treba zase nekdy