VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

1place.org a hotspotaward malware..

https://forum.viry.cz:443/viewtopic.php?t=136223

Stránka 2 z 2

Re: 1place.org a hotspotaward malware..

Napsal: 16 úno 2014 13:04
od festk
LastRegBack: 2014-02-09 23:32




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:435.31 GB) NTFS
Drive e: (AC4 t2k9) (CDROM) (Total:2.26 GB) (Free:0 GB) UDF

Available physical RAM: 2202.47 MB
Total physical RAM: 4091.94 MB
Percentage of memory in use: 46%

==================== MBR and Partition Table ==================

v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 43DD4543)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Phan Chung Hieu\Desktop" je 9919 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccuWeatherWidget
"C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync
"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI
C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\Phan Chung Hieu\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\Phan Chung Hieu\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Registration
C:\Program Files (x86)\System Registration\prodreg.exe /boot [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool
"c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroLauncher
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray
"c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Phan Chung Hieu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Phan Chung Hieu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts.lnk



***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================


addition:


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2014 00:36:57 PM) (Source: TOASTER.EXE) (User: )
Description: An Unhandled Exception occured.
Proces nemůže přistupovat k souboru C:\Users\Phan Chung Hieu\AppData\local\softthinks\scheduler.xml, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
v System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
v System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
v System.Threading.CompressedStack.runTryCode(Object userData)
v System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
v System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
v System.Xml.XmlTextReaderImpl.OpenUrl()
v System.Xml.XmlTextReaderImpl.Read()
v System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
v System.Xml.XmlDocument.Load(XmlReader reader)
v System.Xml.XmlDocument.Load(String filename)
v Toaster.SchedulerReader.read()
v Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
v Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
v Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
v Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
v System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
v System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
v System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (02/16/2014 00:31:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 00:07:52 PM) (Source: TOASTER.EXE) (User: )
Description: An Unhandled Exception occured.
Proces nemůže přistupovat k souboru C:\Users\Phan Chung Hieu\AppData\local\softthinks\scheduler.xml, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
v System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
v System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
v System.Threading.CompressedStack.runTryCode(Object userData)
v System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
v System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
v System.Xml.XmlTextReaderImpl.OpenUrl()
v System.Xml.XmlTextReaderImpl.Read()
v System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
v System.Xml.XmlDocument.Load(XmlReader reader)
v System.Xml.XmlDocument.Load(String filename)
v Toaster.SchedulerReader.read()
v Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
v Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
v Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
v Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
v System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
v System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
v System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (02/16/2014 11:55:25 AM) (Source: TOASTER.EXE) (User: )
Description: An Unhandled Exception occured.
Proces nemůže přistupovat k souboru C:\Users\Phan Chung Hieu\AppData\local\softthinks\scheduler.xml, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
v System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
v System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
v System.Threading.CompressedStack.runTryCode(Object userData)
v System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
v System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
v System.Xml.XmlTextReaderImpl.OpenUrl()
v System.Xml.XmlTextReaderImpl.Read()
v System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
v System.Xml.XmlDocument.Load(XmlReader reader)
v System.Xml.XmlDocument.Load(String filename)
v Toaster.SchedulerReader.read()
v Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
v Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
v Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
v Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
v System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
v System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
v System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (02/16/2014 11:49:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 11:42:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 11:34:34 AM) (Source: Application Hang) (User: )
Description: Program Explorer.EXE verze 6.1.7601.17567 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: a94

Čas spuštění: 01cf2b02621807aa

Čas ukončení: 0

Cesta k aplikaci: C:\windows\Explorer.EXE

ID hlášení: d05a0879-96f5-11e3-84d7-db31dc24a290

Error: (02/16/2014 11:32:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2014 05:47:19 PM) (Source: TOASTER.EXE) (User: )
Description: An Unhandled Exception occured.
Proces nemůže přistupovat k souboru C:\Users\Phan Chung Hieu\AppData\local\softthinks\scheduler.xml, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
v System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
v System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
v System.Threading.CompressedStack.runTryCode(Object userData)
v System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
v System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
v System.Xml.XmlTextReaderImpl.OpenUrl()
v System.Xml.XmlTextReaderImpl.Read()
v System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
v System.Xml.XmlDocument.Load(XmlReader reader)
v System.Xml.XmlDocument.Load(String filename)
v Toaster.SchedulerReader.read()
v Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
v Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
v Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
v Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
v System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
v System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
v System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (02/15/2014 05:41:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/16/2014 00:34:08 PM) (Source: Service Control Manager) (User: )
Description: Služba Zprostředkovatel domácích skupin závisí na službě Publikování prostředků rozpoznávání funkcí, která neuspěla při spuštění v důsledku následující chyby:
%%1058

Error: (02/16/2014 00:32:28 PM) (Source: Service Control Manager) (User: )
Description: Při čekání na odezvu transakce služby SftService bylo dosaženo časového limitu (30000 ms).

Error: (02/16/2014 00:32:26 PM) (Source: Service Control Manager) (User: )
Description: Služba PirritDesktop přestala během spouštění reagovat.

Error: (02/16/2014 00:31:58 PM) (Source: Service Control Manager) (User: )
Description: Při čekání na odezvu transakce služby SftService bylo dosaženo časového limitu (30000 ms).

Error: (02/16/2014 00:30:15 PM) (Source: Service Control Manager) (User: )
Description: Služba iSafeService neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (02/16/2014 00:19:58 PM) (Source: Service Control Manager) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2014 00:19:56 PM) (Source: Service Control Manager) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2014 00:19:54 PM) (Source: Service Control Manager) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2014 00:19:52 PM) (Source: Service Control Manager) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/16/2014 00:19:50 PM) (Source: Service Control Manager) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


Microsoft Office Sessions:
=========================
Error: (02/16/2014 00:36:57 PM) (Source: TOASTER.EXE)(User: )
Description: An Unhandled Exception occured.
Proces nemůže přistupovat k souboru C:\Users\Phan Chung Hieu\AppData\local\softthinks\scheduler.xml, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
v System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
v System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
v System.Threading.CompressedStack.runTryCode(Object userData)
v System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
v System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
v System.Xml.XmlTextReaderImpl.OpenUrl()
v System.Xml.XmlTextReaderImpl.Read()
v System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
v System.Xml.XmlDocument.Load(XmlReader reader)
v System.Xml.XmlDocument.Load(String filename)
v Toaster.SchedulerReader.read()
v Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
v Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
v Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
v Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
v System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
v System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
v System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (02/16/2014 00:31:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 00:07:52 PM) (Source: TOASTER.EXE)(User: )
Description: An Unhandled Exception occured.
Proces nemůže přistupovat k souboru C:\Users\Phan Chung Hieu\AppData\local\softthinks\scheduler.xml, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
v System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
v System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
v System.Threading.CompressedStack.runTryCode(Object userData)
v System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
v System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
v System.Xml.XmlTextReaderImpl.OpenUrl()
v System.Xml.XmlTextReaderImpl.Read()
v System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
v System.Xml.XmlDocument.Load(XmlReader reader)
v System.Xml.XmlDocument.Load(String filename)
v Toaster.SchedulerReader.read()
v Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
v Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
v Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
v Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
v System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
v System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
v System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (02/16/2014 11:55:25 AM) (Source: TOASTER.EXE)(User: )
Description: An Unhandled Exception occured.
Proces nemůže přistupovat k souboru C:\Users\Phan Chung Hieu\AppData\local\softthinks\scheduler.xml, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
v System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
v System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
v System.Threading.CompressedStack.runTryCode(Object userData)
v System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
v System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
v System.Xml.XmlTextReaderImpl.OpenUrl()
v System.Xml.XmlTextReaderImpl.Read()
v System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
v System.Xml.XmlDocument.Load(XmlReader reader)
v System.Xml.XmlDocument.Load(String filename)
v Toaster.SchedulerReader.read()
v Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
v Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
v Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
v Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
v System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
v System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
v System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (02/16/2014 11:49:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 11:42:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/16/2014 11:34:34 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567a9401cf2b02621807aa0C:\windows\Explorer.EXEd05a0879-96f5-11e3-84d7-db31dc24a290

Error: (02/16/2014 11:32:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/15/2014 05:47:19 PM) (Source: TOASTER.EXE)(User: )
Description: An Unhandled Exception occured.
Proces nemůže přistupovat k souboru C:\Users\Phan Chung Hieu\AppData\local\softthinks\scheduler.xml, protože soubor je využíván jiným procesem.
v System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
v System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
v System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
v System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
v System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
v System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
v System.Threading.CompressedStack.runTryCode(Object userData)
v System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
v System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
v System.Xml.XmlTextReaderImpl.OpenUrl()
v System.Xml.XmlTextReaderImpl.Read()
v System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
v System.Xml.XmlDocument.Load(XmlReader reader)
v System.Xml.XmlDocument.Load(String filename)
v Toaster.SchedulerReader.read()
v Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
v Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
v Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
v Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
v System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
v System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
v System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (02/15/2014 05:41:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 4091.94 MB
Available physical RAM: 2202.47 MB
Total Pagefile: 8182.05 MB
Available Pagefile: 5834.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:435.31 GB) NTFS
Drive e: (AC4 t2k9) (CDROM) (Total:2.26 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 43DD4543)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Re: 1place.org a hotspotaward malware..

Napsal: 16 úno 2014 14:09
od festk
kdyz na neco kliknu tak mi casto vyskoci nejaky okno s reklamou :/

Re: 1place.org a hotspotaward malware..

Napsal: 16 úno 2014 14:10
od vyosek
Spustte FRST a kliknete na Scan - log mi sem dejte

Re: 1place.org a hotspotaward malware..

Napsal: 16 úno 2014 14:30
od festk
vyosek píše:Spustte FRST a kliknete na Scan - log mi sem dejte
1. příspěvek na této stránce

Re: 1place.org a hotspotaward malware..

Napsal: 16 úno 2014 14:31
od vyosek
Jenze ja potrebuji novy

Re: 1place.org a hotspotaward malware..

Napsal: 16 úno 2014 14:32
od festk
pro jistotu

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Phan Chung Hieu (administrator) on PHANCHUNGHIEU on 16-02-2014 14:31:18
Running from C:\Users\Phan Chung Hieu\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Users\Phan Chung Hieu\AppData\Local\PirritSuggestor\PirritService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(IObit) C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
() C:\Users\Phan Chung Hieu\AppData\Local\PirritSuggestor\PirritDesktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Phan Chung Hieu\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-30] ()
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [seznam-listicka-distribuce] - C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\721172b8-eae2-4647-95c0-11375760eb7a.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation)
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Run: [WebcamMaxAutoRun] - C:\Program Files (x86)\WebcamMax\wcmmon.exe [1038848 2011-07-17] ()
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Run: [Zoner Photo Studio Autoupdate] - C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [774168 2013-02-18] (ZONER software)
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\RunOnce: [Uninstall C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\RunOnce: [Uninstall C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9880
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 85.13.80.80 85.13.80.90

FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Phan Chung Hieu\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-10-16]

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\Phan Chung Hieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-15]
CHR Extension: (Disk Google) - C:\Users\Phan Chung Hieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-15]
CHR Extension: (YouTube) - C:\Users\Phan Chung Hieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-15]
CHR Extension: (Vyhledávání Google) - C:\Users\Phan Chung Hieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-15]
CHR Extension: (Skype Click to Call) - C:\Users\Phan Chung Hieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-15]
CHR Extension: (Peněženka Google) - C:\Users\Phan Chung Hieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-15]
CHR Extension: (Gmail) - C:\Users\Phan Chung Hieu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 PirritDesktop; C:\Users\Phan Chung Hieu\AppData\Local\PirritSuggestor\PirritService.exe [52568 2014-02-14] ()
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5741568 2010-11-30] (Dell Inc.)
S2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-30] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-05] (Disc Soft Ltd)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-02-15] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iSafeKrnl; \??\C:\Program Files (x86)\iSafe\iSafeKrnl.sys [X]
R1 iSafeNetFilter; \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-16 14:31 - 2014-02-16 14:31 - 00029696 _____ () C:\Users\Phan Chung Hieu\AppData\Local\MSGBOX.EXE
2014-02-16 14:31 - 2014-02-16 14:31 - 00016712 _____ () C:\Users\Phan Chung Hieu\Desktop\FRST.txt
2014-02-16 14:31 - 2014-02-16 14:31 - 00015327 _____ () C:\Users\Phan Chung Hieu\Desktop\LM.bat
2014-02-16 13:00 - 2014-02-16 13:00 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Downloads\Nepotvrzeno 534044.crdownload
2014-02-16 13:00 - 2014-02-16 13:00 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Downloads\Nepotvrzeno 358780.crdownload
2014-02-16 12:59 - 2014-02-16 13:00 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Desktop\FRSTLauncher.exe
2014-02-16 12:29 - 2014-02-16 12:03 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-02-16 12:22 - 2014-02-16 12:25 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Roaming\iSafe
2014-02-16 12:03 - 2014-02-16 12:33 - 00095334 _____ () C:\zoek-results.log
2014-02-16 11:58 - 2014-02-16 12:30 - 00000000 ____D () C:\zoek_backup
2014-02-16 11:58 - 2014-02-16 11:59 - 01283584 _____ () C:\Users\Phan Chung Hieu\Desktop\zoek.exe
2014-02-16 11:58 - 2014-02-16 11:58 - 04227036 _____ () C:\Users\Phan Chung Hieu\Downloads\zoek.rar
2014-02-16 11:45 - 2014-02-16 11:45 - 01166132 _____ () C:\Users\Phan Chung Hieu\Downloads\adwcleaner (1).exe
2014-02-16 11:30 - 2014-02-16 12:30 - 00000880 _____ () C:\windows\PFRO.log
2014-02-15 22:42 - 2014-02-15 22:42 - 00002556 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_D_02152014_224210.txt
2014-02-15 22:42 - 2014-02-15 22:42 - 00001905 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_H_02152014_224254.txt
2014-02-15 22:41 - 2014-02-15 22:41 - 00002681 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_S_02152014_224154.txt
2014-02-15 19:10 - 2014-02-15 19:10 - 00002832 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_D_02152014_191034.txt
2014-02-15 18:31 - 2014-02-15 18:31 - 00002948 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_S_02152014_183100.txt
2014-02-15 18:27 - 2014-02-15 18:27 - 03813376 _____ () C:\Users\Phan Chung Hieu\Desktop\RogueKiller (1).exe
2014-02-15 18:24 - 2014-02-15 19:10 - 00000000 ____D () C:\Users\Phan Chung Hieu\Desktop\RK_Quarantine
2014-02-15 18:23 - 2014-02-15 18:24 - 03813376 _____ () C:\Users\Phan Chung Hieu\Downloads\RogueKiller.exe
2014-02-15 18:02 - 2014-02-15 18:02 - 02152960 _____ (Farbar) C:\Users\Phan Chung Hieu\Desktop\FRST64.exe
2014-02-15 17:56 - 2014-02-16 14:31 - 00000000 ____D () C:\FRST
2014-02-15 17:55 - 2014-02-15 17:55 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-15 17:53 - 2014-02-16 13:58 - 00000970 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-15 17:53 - 2014-02-16 12:31 - 00000966 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-15 17:53 - 2014-02-15 17:53 - 00003966 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 17:53 - 2014-02-15 17:53 - 00003714 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 17:40 - 2014-02-16 12:30 - 00000280 _____ () C:\windows\setupact.log
2014-02-15 17:40 - 2014-02-15 17:40 - 00000000 _____ () C:\windows\setuperr.log
2014-02-15 17:01 - 2014-02-15 17:01 - 02433253 _____ (MightyUninstaller.com ) C:\Users\Phan Chung Hieu\Downloads\MightyUninstaller_Setup.exe
2014-02-15 14:39 - 2014-02-15 14:39 - 00001166 _____ () C:\Users\Phan Chung Hieu\Desktop\JRT.txt
2014-02-15 14:22 - 2014-02-15 14:22 - 00000000 ____D () C:\windows\ERUNT
2014-02-15 14:18 - 2014-02-15 14:18 - 01037530 _____ (Thisisu) C:\Users\Phan Chung Hieu\Downloads\JRT (2).exe
2014-02-15 13:59 - 2014-02-15 13:59 - 00001786 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-02-15 13:58 - 2014-02-15 13:59 - 09741296 _____ () C:\Users\Phan Chung Hieu\Downloads\yet_another_cleaner.exe
2014-02-15 13:51 - 2014-02-15 13:51 - 00001746 _____ () C:\windows\system32\.crusader
2014-02-15 13:37 - 2014-02-15 13:54 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-02-15 13:36 - 2014-02-15 13:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-15 13:35 - 2014-02-15 13:36 - 10820032 _____ (SurfRight B.V.) C:\Users\Phan Chung Hieu\Downloads\HitmanPro_x64.exe
2014-02-15 13:25 - 2014-02-16 11:46 - 00000000 ____D () C:\AdwCleaner
2014-02-15 13:23 - 2014-02-15 13:24 - 01166132 _____ () C:\Users\Phan Chung Hieu\Downloads\adwcleaner.exe
2014-02-15 13:16 - 2014-02-15 13:16 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-15 13:13 - 2014-02-15 13:15 - 39905256 _____ (GridinSoft LLC) C:\Users\Phan Chung Hieu\Downloads\gtk-2.2.1.6-setup.exe
2014-02-15 10:59 - 2014-02-15 10:59 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Local\PirritSuggestor
2014-02-13 15:25 - 2014-02-13 15:25 - 00013167 _____ () C:\Users\Phan Chung Hieu\Downloads\Vysledky_A_B.xlsx
2014-02-12 13:43 - 2014-02-12 13:54 - 00000000 ____D () C:\Users\Phan Chung Hieu\Downloads\dsl1
2014-02-06 18:17 - 2014-02-06 18:17 - 01823232 _____ () C:\Users\Phan Chung Hieu\Downloads\Kubat_Zaklady_dedicnosti_final.ppt
2014-02-05 17:27 - 2014-02-05 17:27 - 01688723 _____ () C:\Users\Phan Chung Hieu\Desktop\ffff.wma
2014-02-05 17:20 - 2014-02-05 17:20 - 01298093 _____ () C:\Users\Phan Chung Hieu\Desktop\Bez názvu.wma
2014-02-01 22:06 - 2014-02-01 22:06 - 01301621 _____ () C:\Users\Phan Chung Hieu\Downloads\Komunikace živočichů.pptx
2014-01-21 17:22 - 2014-01-21 17:22 - 00023552 _____ () C:\Users\Phan Chung Hieu\Downloads\VysledkyNjO_SK_2014 (6).xls
2014-01-20 20:04 - 2014-01-20 20:04 - 00112640 _____ () C:\Users\Phan Chung Hieu\Downloads\vetny_rozbor_algoritmus.ppt
2014-01-20 20:04 - 2014-01-20 20:04 - 00112640 _____ () C:\Users\Phan Chung Hieu\Downloads\vetny_rozbor_algoritmus (1).ppt
2014-01-18 11:29 - 2014-01-18 11:29 - 00007597 _____ () C:\Users\Phan Chung Hieu\AppData\Local\Resmon.ResmonCfg
2014-01-17 15:25 - 2014-01-17 15:25 - 00023552 _____ () C:\Users\Phan Chung Hieu\Downloads\VysledkyNjO_SK_2014 (5).xls

==================== One Month Modified Files and Folders =======

2014-02-16 14:31 - 2014-02-16 14:31 - 00029696 _____ () C:\Users\Phan Chung Hieu\AppData\Local\MSGBOX.EXE
2014-02-16 14:31 - 2014-02-16 14:31 - 00016712 _____ () C:\Users\Phan Chung Hieu\Desktop\FRST.txt
2014-02-16 14:31 - 2014-02-16 14:31 - 00015327 _____ () C:\Users\Phan Chung Hieu\Desktop\LM.bat
2014-02-16 14:31 - 2014-02-15 17:56 - 00000000 ____D () C:\FRST
2014-02-16 14:31 - 2014-01-01 19:48 - 00000000 ____D () C:\Users\Phan Chung Hieu\Desktop\neznamy
2014-02-16 14:30 - 2013-06-02 15:23 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Local\Last.fm
2014-02-16 13:58 - 2014-02-15 17:53 - 00000970 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-16 13:03 - 2014-01-05 22:18 - 00000000 ____D () C:\Users\Phan Chung Hieu\Desktop\Hudebka mix
2014-02-16 13:00 - 2014-02-16 13:00 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Downloads\Nepotvrzeno 534044.crdownload
2014-02-16 13:00 - 2014-02-16 13:00 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Downloads\Nepotvrzeno 358780.crdownload
2014-02-16 13:00 - 2014-02-16 12:59 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Desktop\FRSTLauncher.exe
2014-02-16 12:39 - 2009-07-14 05:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 12:39 - 2009-07-14 05:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 12:35 - 2013-12-25 14:01 - 01052120 _____ () C:\windows\WindowsUpdate.log
2014-02-16 12:34 - 2013-05-26 21:05 - 00000000 ____D () C:\Users\Phan Chung Hieu\Tracing
2014-02-16 12:33 - 2014-02-16 12:03 - 00095334 _____ () C:\zoek-results.log
2014-02-16 12:31 - 2014-02-15 17:53 - 00000966 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-16 12:31 - 2011-07-28 08:40 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-02-16 12:30 - 2014-02-16 11:58 - 00000000 ____D () C:\zoek_backup
2014-02-16 12:30 - 2014-02-16 11:30 - 00000880 _____ () C:\windows\PFRO.log
2014-02-16 12:30 - 2014-02-15 17:40 - 00000280 _____ () C:\windows\setupact.log
2014-02-16 12:30 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-16 12:25 - 2014-02-16 12:22 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Roaming\iSafe
2014-02-16 12:03 - 2014-02-16 12:29 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-02-16 11:59 - 2014-02-16 11:58 - 01283584 _____ () C:\Users\Phan Chung Hieu\Desktop\zoek.exe
2014-02-16 11:58 - 2014-02-16 11:58 - 04227036 _____ () C:\Users\Phan Chung Hieu\Downloads\zoek.rar
2014-02-16 11:49 - 2013-08-30 12:41 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-02-16 11:46 - 2014-02-15 13:25 - 00000000 ____D () C:\AdwCleaner
2014-02-16 11:45 - 2014-02-16 11:45 - 01166132 _____ () C:\Users\Phan Chung Hieu\Downloads\adwcleaner (1).exe
2014-02-15 22:42 - 2014-02-15 22:42 - 00002556 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_D_02152014_224210.txt
2014-02-15 22:42 - 2014-02-15 22:42 - 00001905 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_H_02152014_224254.txt
2014-02-15 22:41 - 2014-02-15 22:41 - 00002681 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_S_02152014_224154.txt
2014-02-15 19:10 - 2014-02-15 19:10 - 00002832 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_D_02152014_191034.txt
2014-02-15 19:10 - 2014-02-15 18:24 - 00000000 ____D () C:\Users\Phan Chung Hieu\Desktop\RK_Quarantine
2014-02-15 18:31 - 2014-02-15 18:31 - 00002948 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_S_02152014_183100.txt
2014-02-15 18:27 - 2014-02-15 18:27 - 03813376 _____ () C:\Users\Phan Chung Hieu\Desktop\RogueKiller (1).exe
2014-02-15 18:25 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-02-15 18:24 - 2014-02-15 18:23 - 03813376 _____ () C:\Users\Phan Chung Hieu\Downloads\RogueKiller.exe
2014-02-15 18:02 - 2014-02-15 18:02 - 02152960 _____ (Farbar) C:\Users\Phan Chung Hieu\Desktop\FRST64.exe
2014-02-15 17:55 - 2014-02-15 17:55 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-15 17:55 - 2013-05-19 17:54 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Local\Google
2014-02-15 17:55 - 2013-05-19 17:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-15 17:53 - 2014-02-15 17:53 - 00003966 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 17:53 - 2014-02-15 17:53 - 00003714 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 17:50 - 2013-05-19 17:53 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Local\Deployment
2014-02-15 17:40 - 2014-02-15 17:40 - 00000000 _____ () C:\windows\setuperr.log
2014-02-15 17:09 - 2013-11-26 18:09 - 00000000 ____D () C:\windows\pss
2014-02-15 17:04 - 2013-06-22 19:32 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Roaming\uTorrent
2014-02-15 17:04 - 2013-05-23 15:58 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Local\CrashDumps
2014-02-15 17:01 - 2014-02-15 17:01 - 02433253 _____ (MightyUninstaller.com ) C:\Users\Phan Chung Hieu\Downloads\MightyUninstaller_Setup.exe
2014-02-15 14:39 - 2014-02-15 14:39 - 00001166 _____ () C:\Users\Phan Chung Hieu\Desktop\JRT.txt
2014-02-15 14:22 - 2014-02-15 14:22 - 00000000 ____D () C:\windows\ERUNT
2014-02-15 14:18 - 2014-02-15 14:18 - 01037530 _____ (Thisisu) C:\Users\Phan Chung Hieu\Downloads\JRT (2).exe
2014-02-15 14:12 - 2013-10-16 16:15 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Roaming\Seznam.cz
2014-02-15 14:11 - 2013-11-09 22:21 - 00000000 ____D () C:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2014-02-15 13:59 - 2014-02-15 13:59 - 00001786 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-02-15 13:59 - 2014-02-15 13:58 - 09741296 _____ () C:\Users\Phan Chung Hieu\Downloads\yet_another_cleaner.exe
2014-02-15 13:54 - 2014-02-15 13:37 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-02-15 13:51 - 2014-02-15 13:51 - 00001746 _____ () C:\windows\system32\.crusader
2014-02-15 13:51 - 2014-02-15 13:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-15 13:36 - 2014-02-15 13:35 - 10820032 _____ (SurfRight B.V.) C:\Users\Phan Chung Hieu\Downloads\HitmanPro_x64.exe
2014-02-15 13:24 - 2014-02-15 13:23 - 01166132 _____ () C:\Users\Phan Chung Hieu\Downloads\adwcleaner.exe
2014-02-15 13:16 - 2014-02-15 13:16 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-15 13:15 - 2014-02-15 13:13 - 39905256 _____ (GridinSoft LLC) C:\Users\Phan Chung Hieu\Downloads\gtk-2.2.1.6-setup.exe
2014-02-15 10:59 - 2014-02-15 10:59 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Local\PirritSuggestor
2014-02-13 21:32 - 2011-07-28 08:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-13 17:36 - 2013-05-22 16:45 - 00099328 _____ () C:\Users\Phan Chung Hieu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-13 15:25 - 2014-02-13 15:25 - 00013167 _____ () C:\Users\Phan Chung Hieu\Downloads\Vysledky_A_B.xlsx
2014-02-12 13:54 - 2014-02-12 13:43 - 00000000 ____D () C:\Users\Phan Chung Hieu\Downloads\dsl1
2014-02-10 13:26 - 2013-08-20 10:03 - 00002496 _____ () C:\Users\Phan Chung Hieu\Desktop\forgotten songs.txt
2014-02-06 18:17 - 2014-02-06 18:17 - 01823232 _____ () C:\Users\Phan Chung Hieu\Downloads\Kubat_Zaklady_dedicnosti_final.ppt
2014-02-05 22:36 - 2011-07-28 10:02 - 00666444 _____ () C:\windows\system32\perfh005.dat
2014-02-05 22:36 - 2011-07-28 10:02 - 00140108 _____ () C:\windows\system32\perfc005.dat
2014-02-05 22:36 - 2009-07-14 06:13 - 01576554 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-05 17:27 - 2014-02-05 17:27 - 01688723 _____ () C:\Users\Phan Chung Hieu\Desktop\ffff.wma
2014-02-05 17:20 - 2014-02-05 17:20 - 01298093 _____ () C:\Users\Phan Chung Hieu\Desktop\Bez názvu.wma
2014-02-03 16:57 - 2013-05-22 17:36 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Roaming\Skype
2014-02-02 19:20 - 2013-05-27 22:03 - 00000000 ____D () C:\Users\Phan Chung Hieu\Documents\Meine empfangenen Dateien
2014-02-01 22:06 - 2014-02-01 22:06 - 01301621 _____ () C:\Users\Phan Chung Hieu\Downloads\Komunikace živočichů.pptx
2014-01-31 18:49 - 2013-11-27 16:11 - 00003094 _____ () C:\windows\System32\Tasks\Game_Booster_Startup
2014-01-31 15:15 - 2014-01-05 22:25 - 00000000 ____D () C:\Users\Phan Chung Hieu\Desktop\ff
2014-01-29 17:08 - 2013-08-31 09:59 - 00000266 _____ () C:\Users\Phan Chung Hieu\Desktop\Nový textový dokument (2).txt
2014-01-21 21:36 - 2014-01-03 20:41 - 01301621 _____ () C:\Users\Phan Chung Hieu\Desktop\Komunikace živočichů.pptx
2014-01-21 17:22 - 2014-01-21 17:22 - 00023552 _____ () C:\Users\Phan Chung Hieu\Downloads\VysledkyNjO_SK_2014 (6).xls
2014-01-20 20:04 - 2014-01-20 20:04 - 00112640 _____ () C:\Users\Phan Chung Hieu\Downloads\vetny_rozbor_algoritmus.ppt
2014-01-20 20:04 - 2014-01-20 20:04 - 00112640 _____ () C:\Users\Phan Chung Hieu\Downloads\vetny_rozbor_algoritmus (1).ppt
2014-01-18 15:30 - 2013-08-31 17:02 - 00001136 _____ () C:\Users\Phan Chung Hieu\Desktop\matura.txt
2014-01-18 11:29 - 2014-01-18 11:29 - 00007597 _____ () C:\Users\Phan Chung Hieu\AppData\Local\Resmon.ResmonCfg
2014-01-17 15:25 - 2014-01-17 15:25 - 00023552 _____ () C:\Users\Phan Chung Hieu\Downloads\VysledkyNjO_SK_2014 (5).xls

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 23:32

==================== End Of Log ============================

Re: 1place.org a hotspotaward malware..

Napsal: 16 úno 2014 16:39
od festk
potřebujete i addition?

Re: 1place.org a hotspotaward malware..

Napsal: 17 úno 2014 12:21
od vyosek
:arrow: Ty dva usery co se nam sem nacpaly jsem oddelil :wink:

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
2014-02-15 14:18 - 2014-02-15 14:18 - 01037530 _____ (Thisisu) C:\Users\Phan Chung Hieu\Downloads\JRT (2).exe
2014-02-15 14:39 - 2014-02-15 14:39 - 00001166 _____ () C:\Users\Phan Chung Hieu\Desktop\JRT.txt
2014-02-15 18:24 - 2014-02-15 18:23 - 03813376 _____ () C:\Users\Phan Chung Hieu\Downloads\RogueKiller.exe
2014-02-16 11:45 - 2014-02-16 11:45 - 01166132 _____ () C:\Users\Phan Chung Hieu\Downloads\adwcleaner (1).exe
2014-02-15 22:42 - 2014-02-15 22:42 - 00002556 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_D_02152014_224210.txt
2014-02-15 22:42 - 2014-02-15 22:42 - 00001905 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_H_02152014_224254.txt
2014-02-15 22:41 - 2014-02-15 22:41 - 00002681 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_S_02152014_224154.txt
2014-02-15 19:10 - 2014-02-15 19:10 - 00002832 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_D_02152014_191034.txt
2014-02-15 19:10 - 2014-02-15 18:24 - 00000000 ____D () C:\Users\Phan Chung Hieu\Desktop\RK_Quarantine
2014-02-15 18:31 - 2014-02-15 18:31 - 00002948 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_S_02152014_183100.txt
2014-02-15 18:27 - 2014-02-15 18:27 - 03813376 _____ () C:\Users\Phan Chung Hieu\Desktop\RogueKiller (1).exe
2014-02-16 12:25 - 2014-02-16 12:22 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Roaming\iSafe
2014-02-16 12:03 - 2014-02-16 12:29 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-02-16 11:59 - 2014-02-16 11:58 - 01283584 _____ () C:\Users\Phan Chung Hieu\Desktop\zoek.exe
2014-02-16 11:58 - 2014-02-16 11:58 - 04227036 _____ () C:\Users\Phan Chung Hieu\Downloads\zoek.rar
2014-02-16 12:30 - 2014-02-16 11:58 - 00000000 ____D () C:\zoek_backup
2014-02-16 12:33 - 2014-02-16 12:03 - 00095334 _____ () C:\zoek-results.log
2014-02-16 13:00 - 2014-02-16 13:00 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Downloads\Nepotvrzeno 534044.crdownload
2014-02-16 13:00 - 2014-02-16 13:00 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Downloads\Nepotvrzeno 358780.crdownload
2014-02-16 13:00 - 2014-02-16 12:59 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Desktop\FRSTLauncher.exe
2014-02-16 14:31 - 2014-02-16 14:31 - 00029696 _____ () C:\Users\Phan Chung Hieu\AppData\Local\MSGBOX.EXE
2014-02-16 14:31 - 2014-02-16 14:31 - 00016712 _____ () C:\Users\Phan Chung Hieu\Desktop\FRST.txt
2014-02-16 14:31 - 2014-02-16 14:31 - 00015327 _____ () C:\Users\Phan Chung Hieu\Desktop\LM.bat
C:\Program Files\Enigma Software Group
C:\Program Files (x86)\iSafe

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iSafeKrnl; \??\C:\Program Files (x86)\iSafe\iSafeKrnl.sys [X]
R1 iSafeNetFilter; \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [X]
S2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [X]

HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Run: [Zoner Photo Studio Autoupdate] - C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [774168 2013-02-18] (ZONER software)
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\RunOnce: [Uninstall C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\RunOnce: [Uninstall C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [seznam-listicka-distribuce] - C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\721172b8-eae2-4647-95c0-11375760eb7a.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Registration" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroLauncher" /f

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
CMD: shutdown /r /f /t 2

End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: 1place.org a hotspotaward malware..

Napsal: 17 úno 2014 15:55
od festk
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-02-2014
Ran by Phan Chung Hieu at 2014-02-17 15:49:31 Run:1
Running from C:\Users\Phan Chung Hieu\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
2014-02-15 14:18 - 2014-02-15 14:18 - 01037530 _____ (Thisisu) C:\Users\Phan Chung Hieu\Downloads\JRT (2).exe
2014-02-15 14:39 - 2014-02-15 14:39 - 00001166 _____ () C:\Users\Phan Chung Hieu\Desktop\JRT.txt
2014-02-15 18:24 - 2014-02-15 18:23 - 03813376 _____ () C:\Users\Phan Chung Hieu\Downloads\RogueKiller.exe
2014-02-16 11:45 - 2014-02-16 11:45 - 01166132 _____ () C:\Users\Phan Chung Hieu\Downloads\adwcleaner (1).exe
2014-02-15 22:42 - 2014-02-15 22:42 - 00002556 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_D_02152014_224210.txt
2014-02-15 22:42 - 2014-02-15 22:42 - 00001905 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_H_02152014_224254.txt
2014-02-15 22:41 - 2014-02-15 22:41 - 00002681 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_S_02152014_224154.txt
2014-02-15 19:10 - 2014-02-15 19:10 - 00002832 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_D_02152014_191034.txt
2014-02-15 19:10 - 2014-02-15 18:24 - 00000000 ____D () C:\Users\Phan Chung Hieu\Desktop\RK_Quarantine
2014-02-15 18:31 - 2014-02-15 18:31 - 00002948 _____ () C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_S_02152014_183100.txt
2014-02-15 18:27 - 2014-02-15 18:27 - 03813376 _____ () C:\Users\Phan Chung Hieu\Desktop\RogueKiller (1).exe
2014-02-16 12:25 - 2014-02-16 12:22 - 00000000 ____D () C:\Users\Phan Chung Hieu\AppData\Roaming\iSafe
2014-02-16 12:03 - 2014-02-16 12:29 - 00024064 _____ () C:\windows\zoek-delete.exe
2014-02-16 11:59 - 2014-02-16 11:58 - 01283584 _____ () C:\Users\Phan Chung Hieu\Desktop\zoek.exe
2014-02-16 11:58 - 2014-02-16 11:58 - 04227036 _____ () C:\Users\Phan Chung Hieu\Downloads\zoek.rar
2014-02-16 12:30 - 2014-02-16 11:58 - 00000000 ____D () C:\zoek_backup
2014-02-16 12:33 - 2014-02-16 12:03 - 00095334 _____ () C:\zoek-results.log
2014-02-16 13:00 - 2014-02-16 13:00 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Downloads\Nepotvrzeno 534044.crdownload
2014-02-16 13:00 - 2014-02-16 13:00 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Downloads\Nepotvrzeno 358780.crdownload
2014-02-16 13:00 - 2014-02-16 12:59 - 00112640 _____ (forum.viry.cz) C:\Users\Phan Chung Hieu\Desktop\FRSTLauncher.exe
2014-02-16 14:31 - 2014-02-16 14:31 - 00029696 _____ () C:\Users\Phan Chung Hieu\AppData\Local\MSGBOX.EXE
2014-02-16 14:31 - 2014-02-16 14:31 - 00016712 _____ () C:\Users\Phan Chung Hieu\Desktop\FRST.txt
2014-02-16 14:31 - 2014-02-16 14:31 - 00015327 _____ () C:\Users\Phan Chung Hieu\Desktop\LM.bat
C:\Program Files\Enigma Software Group
C:\Program Files (x86)\iSafe

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iSafeKrnl; \??\C:\Program Files (x86)\iSafe\iSafeKrnl.sys [X]
R1 iSafeNetFilter; \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [X]
S2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [X]

HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Run: [Zoner Photo Studio Autoupdate] - C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [774168 2013-02-18] (ZONER software)
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\RunOnce: [Uninstall C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\RunOnce: [Uninstall C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [seznam-listicka-distribuce] - C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\721172b8-eae2-4647-95c0-11375760eb7a.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Registration" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroLauncher" /f

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

C:\Users\Phan Chung Hieu\Downloads\JRT (2).exe => Moved successfully.
C:\Users\Phan Chung Hieu\Desktop\JRT.txt => Moved successfully.
C:\Users\Phan Chung Hieu\Downloads\RogueKiller.exe => Moved successfully.
C:\Users\Phan Chung Hieu\Downloads\adwcleaner (1).exe => Moved successfully.
C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_D_02152014_224210.txt => Moved successfully.
C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_H_02152014_224254.txt => Moved successfully.
C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_S_02152014_224154.txt => Moved successfully.
C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_D_02152014_191034.txt => Moved successfully.
C:\Users\Phan Chung Hieu\Desktop\RK_Quarantine => Moved successfully.
C:\Users\Phan Chung Hieu\Desktop\RKreport[0]_S_02152014_183100.txt => Moved successfully.
C:\Users\Phan Chung Hieu\Desktop\RogueKiller (1).exe => Moved successfully.
C:\Users\Phan Chung Hieu\AppData\Roaming\iSafe => Moved successfully.
C:\windows\zoek-delete.exe => Moved successfully.
C:\Users\Phan Chung Hieu\Desktop\zoek.exe => Moved successfully.
C:\Users\Phan Chung Hieu\Downloads\zoek.rar => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\zoek-results.log => Moved successfully.
"C:\Users\Phan Chung Hieu\Downloads\Nepotvrzeno 534044.crdownload" => File/Directory not found.
"C:\Users\Phan Chung Hieu\Downloads\Nepotvrzeno 358780.crdownload" => File/Directory not found.
"C:\Users\Phan Chung Hieu\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\Users\Phan Chung Hieu\AppData\Local\MSGBOX.EXE => Moved successfully.
"C:\Users\Phan Chung Hieu\Desktop\FRST.txt" => File/Directory not found.
C:\Users\Phan Chung Hieu\Desktop\LM.bat => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
"C:\Program Files (x86)\iSafe" => File/Directory not found.
esgiguard => Service deleted successfully.
iSafeKrnl => Service deleted successfully.
iSafeNetFilter => Service deleted successfully.
iSafeService => Service deleted successfully.
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => Value deleted successfully.
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 => Value deleted successfully.
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Phan Chung Hieu\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 => Value deleted successfully.
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\20131121 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKU\S-1-5-21-3195401569-4096988449-4207316193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Registration" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroLauncher" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========

C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====

Re: 1place.org a hotspotaward malware..

Napsal: 17 úno 2014 15:56
od vyosek
Fajn, jak se chova PC??

Re: 1place.org a hotspotaward malware..

Napsal: 17 úno 2014 16:03
od festk
vyosek píše:Fajn, jak se chova PC??
stale tam jsou ty odkazy na awardhotspot a vyskakujou reklamy pokazdy kdyz na neco kliknu :/

Re: 1place.org a hotspotaward malware..

Napsal: 17 úno 2014 16:05
od vyosek
V jakem prohlizeci??

Re: 1place.org a hotspotaward malware..

Napsal: 17 úno 2014 16:09
od festk
vyosek píše:V jakem prohlizeci??
chrome

ale jak tak koukam tak i v exploreru

Re: 1place.org a hotspotaward malware..

Napsal: 17 úno 2014 16:13
od vyosek
:arrow: T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222
  • Provedte aktualizaci
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz