Prosím o kontrolu logu

Zpráva

Romiska · #1 Příspěvek od **Romiska** » 09 říj 2013 08:34

Dobrý den, prosím o kontrolu logu, jedná se o pc mé kamarádky, předpokládám, že toho tam bude hodně

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ria at 2013-10-09 09:15:29
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 109 GB (77%) free of 141 GB
Total RAM: 1013 MB (34% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DBB6CE-3148-4FEC-B481-103CB3290427}]
Speed Analysis 2 - C:\Program Files\Speed Analysis 2\ScriptHost.dll [2013-05-30 382272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-03 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-01-20 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-03 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF103732-4528-4322-AA8B-F7849AB7776B}]
7Go Games - C:\Program Files\7Go Games\ScriptHost.dll [2013-07-30 386880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 947152]
"AtherosBtStack"=C:\Program Files\Bluetooth Suite\BtvStack.exe [2011-01-20 490656]
"AthBtTray"=C:\Program Files\Bluetooth Suite\AthBtTray.exe [2011-01-20 302240]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-27 138096]
"SDP"=C:\Users\Ria\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-01-31 201808]
"FLV Player"=C:\Users\Ria\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [2012-10-26 202752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Ria\AppData\Local\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2010-06-16 173592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-10-13 186904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2010-06-16 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2010-06-16 150552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S6000Mnt]
S6000Rmv.dll ,WinMainRmv /StartStillMnt []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-04-19 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"midi1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-10-09 09:15:30 ----D---- C:\Program Files\trend micro
2013-10-09 09:15:29 ----D---- C:\rsit
2013-10-08 19:01:36 ----N---- C:\Windows\KMSEmulator.exe
2013-09-18 20:22:10 ----D---- C:\Program Files\Defraggler
2013-09-16 03:02:43 ----A---- C:\Windows\system32\jscript.dll
2013-09-16 03:02:39 ----A---- C:\Windows\system32\jscript9.dll
2013-09-16 03:02:35 ----A---- C:\Windows\system32\jsproxy.dll
2013-09-16 03:02:35 ----A---- C:\Windows\system32\iesetup.dll
2013-09-16 03:02:32 ----A---- C:\Windows\system32\ieui.dll
2013-09-16 03:02:27 ----A---- C:\Windows\system32\msfeeds.dll
2013-09-16 03:02:26 ----A---- C:\Windows\system32\iernonce.dll
2013-09-16 03:02:26 ----A---- C:\Windows\system32\ie4uinit.exe
2013-09-16 03:02:25 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-16 03:02:23 ----A---- C:\Windows\system32\iesysprep.dll
2013-09-16 03:02:22 ----A---- C:\Windows\system32\urlmon.dll
2013-09-16 03:02:18 ----A---- C:\Windows\system32\iertutil.dll
2013-09-16 03:02:10 ----A---- C:\Windows\system32\wininet.dll
2013-09-16 03:01:59 ----A---- C:\Windows\system32\ieframe.dll
2013-09-16 03:01:36 ----A---- C:\Windows\system32\mshtml.dll
2013-09-12 23:37:53 ----A---- C:\Windows\system32\shell32.dll
2013-09-12 23:37:49 ----A---- C:\Windows\system32\shdocvw.dll
2013-09-12 23:37:07 ----A---- C:\Windows\system32\drivers\ataport.sys
2013-09-12 23:36:53 ----A---- C:\Windows\system32\win32k.sys
2013-09-12 23:00:32 ----A---- C:\Windows\system32\KernelBase.dll
2013-09-12 23:00:32 ----A---- C:\Windows\system32\kernel32.dll
2013-09-12 23:00:31 ----A---- C:\Windows\system32\winsrv.dll
2013-09-12 23:00:27 ----A---- C:\Windows\system32\conhost.exe
2013-09-12 23:00:26 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 23:00:26 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 23:00:25 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 23:00:25 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 23:00:24 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 23:00:23 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 23:00:23 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 23:00:22 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 23:00:21 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 23:00:21 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 23:00:20 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 23:00:19 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 23:00:19 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 23:00:18 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 23:00:18 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 23:00:17 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 23:00:16 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 23:00:15 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 23:00:14 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 23:00:13 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 23:00:12 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 23:00:11 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 23:00:10 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 23:00:08 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 23:00:07 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 23:00:05 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 23:00:02 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 22:59:45 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

======List of files/folders modified in the last 1 month======

2013-10-09 09:15:49 ----D---- C:\Windows\System32
2013-10-09 09:15:49 ----D---- C:\Windows\inf
2013-10-09 09:15:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-09 09:15:30 ----RD---- C:\Program Files
2013-10-09 09:15:10 ----D---- C:\Windows\Prefetch
2013-10-09 09:14:22 ----D---- C:\Windows\Temp
2013-10-09 09:03:39 ----D---- C:\Windows\system32\config
2013-10-09 08:55:01 ----D---- C:\Windows
2013-10-06 21:16:00 ----SHD---- C:\System Volume Information
2013-09-28 13:30:42 ----D---- C:\Users\Ria\AppData\Roaming\vlc
2013-09-27 11:20:22 ----D---- C:\Windows\system32\catroot2
2013-09-18 20:50:53 ----D---- C:\Windows\winsxs
2013-09-18 20:27:09 ----HD---- C:\Config.Msi
2013-09-18 20:25:21 ----SHD---- C:\Windows\Installer
2013-09-18 20:23:59 ----D---- C:\Program Files\Common Files
2013-09-18 20:20:51 ----D---- C:\Windows\system32\DriverStore
2013-09-18 20:20:51 ----D---- C:\Windows\system32\catroot
2013-09-18 20:19:47 ----D---- C:\Windows\twain_32
2013-09-18 20:14:00 ----D---- C:\ProgramData\HP
2013-09-18 20:13:59 ----RSD---- C:\Windows\Fonts
2013-09-18 20:13:29 ----HD---- C:\ProgramData
2013-09-18 20:11:55 ----D---- C:\Windows\system32\drivers
2013-09-18 20:11:38 ----D---- C:\Program Files\HP
2013-09-18 20:09:33 ----D---- C:\Program Files\DreamCom
2013-09-18 20:08:11 ----D---- C:\Windows\system32\Tasks
2013-09-18 20:08:10 ----D---- C:\Windows\Tasks
2013-09-18 20:08:05 ----D---- C:\Program Files\PC Performer
2013-09-18 20:08:01 ----D---- C:\Users\Ria\AppData\Roaming\PerformerSoft
2013-09-18 19:48:50 ----A---- C:\Windows\win.ini
2013-09-16 03:21:16 ----D---- C:\Program Files\Internet Explorer
2013-09-16 01:48:58 ----D---- C:\Windows\rescache
2013-09-13 13:07:02 ----D---- C:\Windows\Microsoft.NET
2013-09-13 13:05:24 ----RSD---- C:\Windows\assembly
2013-09-13 03:44:17 ----D---- C:\Windows\system32\cs-CZ
2013-09-13 03:27:33 ----D---- C:\ProgramData\Microsoft Help
2013-09-13 03:08:04 ----D---- C:\Windows\system32\MRT
2013-09-13 03:03:06 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-06-29 175176]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-10-13 331288]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 195296]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 61680]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-06-29 770344]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-06-29 369584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-01-04 1252392]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-01-20 24736]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-04-19 4806144]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys [2010-05-20 68208]
R3 S6000KNT;S6000KNT_WebCam Driver; C:\Windows\System32\Drivers\S6000KNT.sys [2010-05-14 3221120]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-01-20 34976]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-01-20 258720]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-01-20 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-01-20 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-01-20 141088]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AtherosSvc;AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [2011-01-20 72864]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 20456]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-03 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-03 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-01 1343400]
S4 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 09 říj 2013 08:39

Zdravim

V prve rade bych rad vedel, co udelame s temi nelegalnimi Office. Jako vzorny navstevnik jiste vite, ze nase forum se distancuje od SW piratstvi...

Romiska · #3 Příspěvek od **Romiska** » 09 říj 2013 08:45

Vyměníme za OpenOffice, které jsou free?

#4 Příspěvek od **vyosek** » 09 říj 2013 09:18

Muze byt, pak poprosim o log z FRSTL http://forum.viry.cz/viewtopic.php?f=24&t=132509

Romiska · #5 Příspěvek od **Romiska** » 09 říj 2013 09:30

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Ria (administrator) on RIA-PC on 09-10-2013 10:24:08
Running from C:\Users\Ria\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Somoto) C:\Users\Ria\AppData\Local\FilesFrog Update Checker\update_checker.exe
() C:\Users\Ria\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\old_chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\old_chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\old_chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\old_chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-01-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKCU\...\Run: [Facebook Update] - C:\Users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-27] (Facebook Inc.)
HKCU\...\Run: [SDP] - C:\Users\Ria\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKCU\...\Run: [FLV Player] - C:\Users\Ria\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
MountPoints2: {a6b3f0dd-512e-11e2-aa19-88ae1d8bad43} - D:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP ... 9&tsp=4985
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={search ... 9&tsp=4985
BHO: Speed Analysis 2 - {18DBB6CE-3148-4FEC-B481-103CB3290427} - C:\Program Files\Speed Analysis 2\ScriptHost.dll (SpeedAnalysis.com)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 195.113.144.233 195.113.144.194 195.113.135.10

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Funmoods) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.4_0
CHR Extension: (YouTube) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Ria\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\Ria\AppData\Roaming\SpeedAnalysis2\SpeedAnalysis.crx
CHR HKLM\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Ria\AppData\Roaming\7go\7go.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S4 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-29] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-29] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-29] ()
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-01-20] (Atheros)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [258720 2011-01-20] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-01-20] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-01-20] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-01-20] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-01-20] (Atheros)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [18856 2007-08-31] (Microsoft Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3221120 2010-05-14] (Windows (R) Win 7 DDK provider)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 Huawei; system32\DRIVERS\ewdcsc.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-09 10:23 - 2013-10-09 10:23 - 00000000 ____D C:\FRST
2013-10-09 10:22 - 2013-10-09 10:21 - 00000000 _____ C:\Users\Ria\Desktop\FRSTLauncher.exe
2013-10-09 10:22 - 2013-10-09 10:20 - 01087213 _____ (Farbar) C:\Users\Ria\Desktop\FRST.exe
2013-10-09 09:15 - 2013-10-09 09:16 - 00000000 ____D C:\rsit
2013-10-09 09:15 - 2013-10-09 09:16 - 00000000 ____D C:\Program Files\trend micro
2013-10-08 19:04 - 2013-10-08 20:31 - 00000000 ____D C:\Users\Ria\Desktop\6.10.fláje
2013-10-08 19:01 - 2013-10-09 08:55 - 00077824 ____N C:\Windows\KMSEmulator.exe
2013-09-18 23:04 - 2013-10-01 21:59 - 00000070 _____ C:\Users\Ria\AppData\Roaming\WB.CFG
2013-09-18 20:22 - 2013-09-18 20:22 - 00001863 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-09-18 20:22 - 2013-09-18 20:22 - 00000000 ____D C:\Program Files\Defraggler
2013-09-18 20:17 - 2013-09-18 20:19 - 10512969 _____ C:\Users\Ria\Downloads\dfsetup.exe
2013-09-16 03:02 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-16 03:02 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-16 03:02 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-16 03:02 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-16 03:02 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-16 03:02 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-16 03:01 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-16 03:01 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 16:51 - 2013-09-13 16:51 - 00000000 ____D C:\Users\Ria\Documents\HP Photosmart Projects
2013-09-12 23:37 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 23:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 23:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 23:36 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 23:00 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 23:00 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 23:00 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 23:00 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 22:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-09-25 11:44 - 00000000 ____D C:\Users\Ria\AppData\Local\WebPlayer
2013-09-11 09:03 - 2013-09-11 09:03 - 00000000 ____D C:\Users\Ria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player

==================== One Month Modified Files and Folders =======

2013-10-09 10:23 - 2013-10-09 10:23 - 00000000 ____D C:\FRST
2013-10-09 10:21 - 2013-10-09 10:22 - 00000000 _____ C:\Users\Ria\Desktop\FRSTLauncher.exe
2013-10-09 10:20 - 2013-10-09 10:22 - 01087213 _____ (Farbar) C:\Users\Ria\Desktop\FRST.exe
2013-10-09 09:59 - 2012-10-03 16:07 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 09:17 - 2009-07-14 06:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 09:17 - 2009-07-14 06:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 09:16 - 2013-10-09 09:15 - 00000000 ____D C:\rsit
2013-10-09 09:16 - 2013-10-09 09:15 - 00000000 ____D C:\Program Files\trend micro
2013-10-09 09:16 - 2012-10-01 18:34 - 01098813 _____ C:\Windows\WindowsUpdate.log
2013-10-09 09:15 - 2012-10-01 18:47 - 01470062 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-09 09:14 - 2009-07-14 06:39 - 00079872 _____ C:\Windows\setupact.log
2013-10-09 09:12 - 2013-05-27 18:07 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000UA.job
2013-10-09 08:55 - 2013-10-08 19:01 - 00077824 ____N C:\Windows\KMSEmulator.exe
2013-10-09 08:55 - 2012-10-02 18:10 - 00199112 _____ C:\Windows\AutoKMS.log
2013-10-09 08:55 - 2012-10-02 10:57 - 00000196 _____ C:\Windows\Tasks\AutoKMS.job
2013-10-09 08:54 - 2012-10-03 18:25 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-10-09 08:54 - 2012-10-03 16:07 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 08:53 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 20:31 - 2013-10-08 19:04 - 00000000 ____D C:\Users\Ria\Desktop\6.10.fláje
2013-10-03 22:20 - 2013-05-27 18:07 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000Core.job
2013-10-02 15:08 - 2012-10-02 21:12 - 00007214 _____ C:\Windows\PFRO.log
2013-10-01 21:59 - 2013-09-18 23:04 - 00000070 _____ C:\Users\Ria\AppData\Roaming\WB.CFG
2013-10-01 19:39 - 2013-02-01 20:38 - 00000211 _____ C:\ProgramData\acer.zip
2013-09-30 21:28 - 2009-07-14 06:53 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-28 13:30 - 2013-02-06 00:11 - 00000000 ____D C:\Users\Ria\AppData\Roaming\vlc
2013-09-25 11:44 - 2013-09-11 09:03 - 00000000 ____D C:\Users\Ria\AppData\Local\WebPlayer
2013-09-18 20:28 - 2012-10-01 23:06 - 00084576 _____ C:\Users\Ria\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-18 20:27 - 2009-07-14 06:33 - 00338968 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-18 20:25 - 2013-02-26 10:21 - 00005744 _____ C:\ProgramData\hpzinstall.log
2013-09-18 20:22 - 2013-09-18 20:22 - 00001863 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-09-18 20:22 - 2013-09-18 20:22 - 00000000 ____D C:\Program Files\Defraggler
2013-09-18 20:19 - 2013-09-18 20:17 - 10512969 _____ C:\Users\Ria\Downloads\dfsetup.exe
2013-09-18 20:19 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2013-09-18 20:14 - 2013-02-26 10:21 - 00000000 ____D C:\ProgramData\HP
2013-09-18 20:11 - 2013-02-26 10:41 - 00000000 ____D C:\Program Files\HP
2013-09-18 20:09 - 2013-05-06 07:55 - 00000000 ____D C:\Users\Ria\AppData\Local\CrashDumps
2013-09-18 20:09 - 2012-10-03 10:11 - 00000000 ____D C:\Program Files\DreamCom
2013-09-18 20:08 - 2013-08-25 12:32 - 00000000 ____D C:\Users\Ria\AppData\Roaming\PerformerSoft
2013-09-18 20:08 - 2013-08-25 12:32 - 00000000 ____D C:\Program Files\PC Performer
2013-09-18 19:48 - 2009-07-14 04:04 - 00000438 _____ C:\Windows\win.ini
2013-09-16 01:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-13 16:51 - 2013-09-13 16:51 - 00000000 ____D C:\Users\Ria\Documents\HP Photosmart Projects
2013-09-13 13:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-13 03:27 - 2012-10-02 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 03:08 - 2013-08-16 03:16 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 03:03 - 2012-10-01 21:47 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 09:03 - 2013-09-11 09:03 - 00000000 ____D C:\Users\Ria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player

Some content of TEMP:
====================
C:\Users\Ria\AppData\Local\Temp\7z920.exe
C:\Users\Ria\AppData\Local\Temp\9721uninstall.exe
C:\Users\Ria\AppData\Local\Temp\BabylonTB.exe
C:\Users\Ria\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Ria\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Ria\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Ria\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Ria\AppData\Local\Temp\ResetDevice.exe
C:\Users\Ria\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Ria\AppData\Local\Temp\vlc-2.0.7-win32.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 21:19

==================== End Of Log ============================

#6 Příspěvek od **vyosek** » 09 říj 2013 09:51

Ja tam porad vidim Microsoft Office a nikde zadne Open Office...

Ja psal, ze log z FRSTL chci az pak

Romiska · #7 Příspěvek od **Romiska** » 09 říj 2013 10:53

Aha, špatně jsem si vyložil význam slova pak, tak snad teď.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Ria (administrator) on RIA-PC on 09-10-2013 11:32:39
Running from C:\Users\Ria\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Somoto) C:\Users\Ria\AppData\Local\FilesFrog Update Checker\update_checker.exe
() C:\Users\Ria\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\avast.setup

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-01-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-01-20] (Atheros Commnucations)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKCU\...\Run: [Facebook Update] - C:\Users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-27] (Facebook Inc.)
HKCU\...\Run: [SDP] - C:\Users\Ria\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKCU\...\Run: [FLV Player] - C:\Users\Ria\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
MountPoints2: {a6b3f0dd-512e-11e2-aa19-88ae1d8bad43} - D:\AutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP ... 9&tsp=4985
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={search ... 9&tsp=4985
BHO: Speed Analysis 2 - {18DBB6CE-3148-4FEC-B481-103CB3290427} - C:\Program Files\Speed Analysis 2\ScriptHost.dll (SpeedAnalysis.com)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 195.113.144.233 195.113.144.194 195.113.135.10

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Funmoods) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.4_0
CHR Extension: (YouTube) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Ria\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\Ria\AppData\Roaming\SpeedAnalysis2\SpeedAnalysis.crx
CHR HKLM\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Ria\AppData\Roaming\7go\7go.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S4 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-29] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-29] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-29] ()
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-01-20] (Atheros)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [258720 2011-01-20] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-01-20] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-01-20] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-01-20] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-01-20] (Atheros)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [18856 2007-08-31] (Microsoft Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3221120 2010-05-14] (Windows (R) Win 7 DDK provider)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 Huawei; system32\DRIVERS\ewdcsc.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-09 11:16 - 2013-10-09 11:16 - 00000000 ____D C:\Users\Ria\AppData\Roaming\OpenOffice
2013-10-09 11:14 - 2013-10-09 11:14 - 00001058 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-10-09 11:11 - 2013-10-09 11:12 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-10-09 11:09 - 2013-10-09 11:09 - 00000000 ____D C:\Users\Ria\Desktop\OpenOffice 4.0.1 (cs) Installation Files
2013-10-09 10:23 - 2013-10-09 10:23 - 00000000 ____D C:\FRST
2013-10-09 10:22 - 2013-10-09 10:21 - 00000000 _____ C:\Users\Ria\Desktop\FRSTLauncher.exe
2013-10-09 10:22 - 2013-10-09 10:20 - 01087213 _____ (Farbar) C:\Users\Ria\Desktop\FRST.exe
2013-10-09 09:15 - 2013-10-09 09:16 - 00000000 ____D C:\rsit
2013-10-09 09:15 - 2013-10-09 09:16 - 00000000 ____D C:\Program Files\trend micro
2013-10-08 19:04 - 2013-10-08 20:31 - 00000000 ____D C:\Users\Ria\Desktop\6.10.fláje
2013-10-08 19:01 - 2013-10-09 08:55 - 00077824 ____N C:\Windows\KMSEmulator.exe
2013-09-18 23:04 - 2013-10-01 21:59 - 00000070 _____ C:\Users\Ria\AppData\Roaming\WB.CFG
2013-09-18 20:22 - 2013-09-18 20:22 - 00001863 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-09-18 20:22 - 2013-09-18 20:22 - 00000000 ____D C:\Program Files\Defraggler
2013-09-18 20:17 - 2013-09-18 20:19 - 10512969 _____ C:\Users\Ria\Downloads\dfsetup.exe
2013-09-16 03:02 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-16 03:02 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-16 03:02 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-16 03:02 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-16 03:02 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-16 03:02 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-16 03:02 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-16 03:01 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-16 03:01 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 16:51 - 2013-09-13 16:51 - 00000000 ____D C:\Users\Ria\Documents\HP Photosmart Projects
2013-09-12 23:37 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 23:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 23:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 23:36 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 23:00 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 23:00 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 23:00 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 23:00 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 23:00 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 22:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:03 - 2013-09-25 11:44 - 00000000 ____D C:\Users\Ria\AppData\Local\WebPlayer
2013-09-11 09:03 - 2013-09-11 09:03 - 00000000 ____D C:\Users\Ria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player

==================== One Month Modified Files and Folders =======

2013-10-09 11:43 - 2013-02-06 00:11 - 00000000 ____D C:\Users\Ria\AppData\Roaming\vlc
2013-10-09 11:39 - 2012-10-01 18:34 - 01149484 _____ C:\Windows\WindowsUpdate.log
2013-10-09 11:27 - 2012-10-03 16:07 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 11:27 - 2012-10-02 18:10 - 00199322 _____ C:\Windows\AutoKMS.log
2013-10-09 11:27 - 2012-10-02 10:57 - 00000196 _____ C:\Windows\Tasks\AutoKMS.job
2013-10-09 11:26 - 2012-10-03 18:25 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-10-09 11:26 - 2012-10-01 23:06 - 00088960 _____ C:\Users\Ria\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-09 11:25 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 11:25 - 2009-07-14 06:39 - 00079984 _____ C:\Windows\setupact.log
2013-10-09 11:25 - 2009-07-14 06:33 - 00363552 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 11:16 - 2013-10-09 11:16 - 00000000 ____D C:\Users\Ria\AppData\Roaming\OpenOffice
2013-10-09 11:14 - 2013-10-09 11:14 - 00001058 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-10-09 11:12 - 2013-10-09 11:11 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-10-09 11:09 - 2013-10-09 11:09 - 00000000 ____D C:\Users\Ria\Desktop\OpenOffice 4.0.1 (cs) Installation Files
2013-10-09 11:09 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-09 11:06 - 2012-10-02 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 11:06 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-09 11:03 - 2012-10-02 07:11 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-10-09 10:59 - 2012-10-03 16:07 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-09 10:58 - 2009-07-14 11:19 - 00000000 ____D C:\Windows\ShellNew
2013-10-09 10:23 - 2013-10-09 10:23 - 00000000 ____D C:\FRST
2013-10-09 10:21 - 2013-10-09 10:22 - 00000000 _____ C:\Users\Ria\Desktop\FRSTLauncher.exe
2013-10-09 10:20 - 2013-10-09 10:22 - 01087213 _____ (Farbar) C:\Users\Ria\Desktop\FRST.exe
2013-10-09 09:17 - 2009-07-14 06:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 09:17 - 2009-07-14 06:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 09:16 - 2013-10-09 09:15 - 00000000 ____D C:\rsit
2013-10-09 09:16 - 2013-10-09 09:15 - 00000000 ____D C:\Program Files\trend micro
2013-10-09 09:15 - 2012-10-01 18:47 - 01470062 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-09 09:12 - 2013-05-27 18:07 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000UA.job
2013-10-09 08:55 - 2013-10-08 19:01 - 00077824 ____N C:\Windows\KMSEmulator.exe
2013-10-08 20:31 - 2013-10-08 19:04 - 00000000 ____D C:\Users\Ria\Desktop\6.10.fláje
2013-10-03 22:20 - 2013-05-27 18:07 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000Core.job
2013-10-02 15:08 - 2012-10-02 21:12 - 00007214 _____ C:\Windows\PFRO.log
2013-10-01 21:59 - 2013-09-18 23:04 - 00000070 _____ C:\Users\Ria\AppData\Roaming\WB.CFG
2013-10-01 19:39 - 2013-02-01 20:38 - 00000211 _____ C:\ProgramData\acer.zip
2013-09-30 21:28 - 2009-07-14 06:53 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-25 11:44 - 2013-09-11 09:03 - 00000000 ____D C:\Users\Ria\AppData\Local\WebPlayer
2013-09-18 20:25 - 2013-02-26 10:21 - 00005744 _____ C:\ProgramData\hpzinstall.log
2013-09-18 20:22 - 2013-09-18 20:22 - 00001863 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-09-18 20:22 - 2013-09-18 20:22 - 00000000 ____D C:\Program Files\Defraggler
2013-09-18 20:19 - 2013-09-18 20:17 - 10512969 _____ C:\Users\Ria\Downloads\dfsetup.exe
2013-09-18 20:19 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2013-09-18 20:14 - 2013-02-26 10:21 - 00000000 ____D C:\ProgramData\HP
2013-09-18 20:11 - 2013-02-26 10:41 - 00000000 ____D C:\Program Files\HP
2013-09-18 20:09 - 2013-05-06 07:55 - 00000000 ____D C:\Users\Ria\AppData\Local\CrashDumps
2013-09-18 20:09 - 2012-10-03 10:11 - 00000000 ____D C:\Program Files\DreamCom
2013-09-18 20:08 - 2013-08-25 12:32 - 00000000 ____D C:\Users\Ria\AppData\Roaming\PerformerSoft
2013-09-18 20:08 - 2013-08-25 12:32 - 00000000 ____D C:\Program Files\PC Performer
2013-09-18 19:48 - 2009-07-14 04:04 - 00000438 _____ C:\Windows\win.ini
2013-09-16 01:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-13 16:51 - 2013-09-13 16:51 - 00000000 ____D C:\Users\Ria\Documents\HP Photosmart Projects
2013-09-13 03:08 - 2013-08-16 03:16 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 03:03 - 2012-10-01 21:47 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 09:03 - 2013-09-11 09:03 - 00000000 ____D C:\Users\Ria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player

Some content of TEMP:
====================
C:\Users\Ria\AppData\Local\Temp\7z920.exe
C:\Users\Ria\AppData\Local\Temp\9721uninstall.exe
C:\Users\Ria\AppData\Local\Temp\BabylonTB.exe
C:\Users\Ria\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Ria\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Ria\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Ria\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Ria\AppData\Local\Temp\ResetDevice.exe
C:\Users\Ria\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Ria\AppData\Local\Temp\vlc-2.0.7-win32.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 21:19

==================== End Of Log ============================

Mělo by to být nahrazeno free verzí.

#8 Příspěvek od **vyosek** » 09 říj 2013 17:06

Je tam MSE a Avast, jeden z nich musi pryc jinak spolu koliduji. Doporucuji odinstalovat MSE a ponechat Avast

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKCU\...\Run: [Facebook Update] - C:\Users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-27] (Facebook Inc.)
HKCU\...\Run: [SDP] - C:\Users\Ria\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKCU\...\Run: [FLV Player] - C:\Users\Ria\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
MountPoints2: {a6b3f0dd-512e-11e2-aa19-88ae1d8bad43} - D:\AutoRun.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP ... 9&tsp=4985
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=38985AAC4C55C1BE&affID=121299&tsp=4985

CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Ria\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\Ria\AppData\Roaming\SpeedAnalysis2\SpeedAnalysis.crx
CHR HKLM\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Ria\AppData\Roaming\7go\7go.crx
CHR Extension: (Funmoods) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.4_0
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

2013-10-08 19:01 - 2013-10-09 08:55 - 00077824 ____N C:\Windows\KMSEmulator.exe
2013-10-09 11:27 - 2012-10-02 18:10 - 00199322 _____ C:\Windows\AutoKMS.log
2013-10-09 11:27 - 2012-10-02 10:57 - 00000196 _____ C:\Windows\Tasks\AutoKMS.job
C:\Users\Ria\AppData\Local\Temp\7z920.exe
C:\Users\Ria\AppData\Local\Temp\9721uninstall.exe
C:\Users\Ria\AppData\Local\Temp\BabylonTB.exe
C:\Users\Ria\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Ria\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Ria\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Ria\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Ria\AppData\Local\Temp\ResetDevice.exe
C:\Users\Ria\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Ria\AppData\Local\Temp\vlc-2.0.7-win32.exe

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000Core.job => C:\Users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000UA.job => C:\Users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\TEMP:8927A071
AlternateDataStreams: C:\ProgramData\TEMP:B468194E

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S6000Mnt" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f

Hosts:
CMD: shutdown /r /f /t 2
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Romiska · #9 Příspěvek od **Romiska** » 09 říj 2013 17:15

MSE odinstalován, zde je log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Ria at 2013-10-09 18:13:21 Run:1
Running from C:\Users\Ria\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [Facebook Update] - C:\Users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-27] (Facebook Inc.)
HKCU\...\Run: [SDP] - C:\Users\Ria\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKCU\...\Run: [FLV Player] - C:\Users\Ria\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe [202752 2012-10-26] ()
MountPoints2: {a6b3f0dd-512e-11e2-aa19-88ae1d8bad43} - D:\AutoRun.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP ... 9&tsp=4985
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={search ... 9&tsp=4985

CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Ria\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\Ria\AppData\Roaming\SpeedAnalysis2\SpeedAnalysis.crx
CHR HKLM\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Ria\AppData\Roaming\7go\7go.crx
CHR Extension: (Funmoods) - C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.4_0
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

2013-10-08 19:01 - 2013-10-09 08:55 - 00077824 ____N C:\Windows\KMSEmulator.exe
2013-10-09 11:27 - 2012-10-02 18:10 - 00199322 _____ C:\Windows\AutoKMS.log
2013-10-09 11:27 - 2012-10-02 10:57 - 00000196 _____ C:\Windows\Tasks\AutoKMS.job
C:\Users\Ria\AppData\Local\Temp\7z920.exe
C:\Users\Ria\AppData\Local\Temp\9721uninstall.exe
C:\Users\Ria\AppData\Local\Temp\BabylonTB.exe
C:\Users\Ria\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Ria\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Ria\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Ria\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Ria\AppData\Local\Temp\ResetDevice.exe
C:\Users\Ria\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Ria\AppData\Local\Temp\vlc-2.0.7-win32.exe

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000Core.job => C:\Users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000UA.job => C:\Users\Ria\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\TEMP:8927A071
AlternateDataStreams: C:\ProgramData\TEMP:B468194E

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S6000Mnt" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f

Hosts:
CMD: shutdown /r /f /t 2
End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SDP => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\FLV Player => Value not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b3f0dd-512e-11e2-aa19-88ae1d8bad43} => Key deleted successfully.
HKCR\CLSID\{a6b3f0dd-512e-11e2-aa19-88ae1d8bad43} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh => Key deleted successfully.
C:\Users\Ria\AppData\Local\funmoods.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf => Key not found.
C:\Users\Ria\AppData\Roaming\SpeedAnalysis2\SpeedAnalysis.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi => Key deleted successfully.
C:\Users\Ria\AppData\Roaming\7go\7go.crx => Moved successfully.
C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh => Moved successfully.
C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL not found.
C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL not found.
C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Windows\KMSEmulator.exe => Moved successfully.
C:\Windows\AutoKMS.log => Moved successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
"C:\Users\Ria\AppData\Local\Temp\7z920.exe" => File/Directory not found.
"C:\Users\Ria\AppData\Local\Temp\9721uninstall.exe" => File/Directory not found.
"C:\Users\Ria\AppData\Local\Temp\BabylonTB.exe" => File/Directory not found.
"C:\Users\Ria\AppData\Local\Temp\DataCard_Setup.exe" => File/Directory not found.
C:\Users\Ria\AppData\Local\Temp\FLVPlayerSetup.exe => Moved successfully.
"C:\Users\Ria\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe" => File/Directory not found.
"C:\Users\Ria\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe" => File/Directory not found.
"C:\Users\Ria\AppData\Local\Temp\ResetDevice.exe" => File/Directory not found.
"C:\Users\Ria\AppData\Local\Temp\UpdateCheckerSetup.exe" => File/Directory not found.
"C:\Users\Ria\AppData\Local\Temp\vlc-2.0.7-win32.exe" => File/Directory not found.
C:\Windows\Tasks\AutoKMS.job not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-896374755-4125879869-431910503-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\TEMP => ":8927A071" ADS removed successfully.
C:\ProgramData\TEMP => ":B468194E" ADS removed successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S6000Mnt" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

#10 Příspěvek od **vyosek** » 09 říj 2013 17:16

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Romiska · #11 Příspěvek od **Romiska** » 09 říj 2013 19:22

# AdwCleaner v3.007 - Report created 09/10/2013 at 18:56:30
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Ria - RIA-PC
# Running from : C:\Users\Ria\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Users\Ria\AppData\Roaming\7go
Folder Deleted : C:\Users\Ria\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ria\AppData\Roaming\file scout
Folder Deleted : C:\Users\Ria\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Ria\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Ria\AppData\Roaming\SpeedAnalysis2
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\Ria\AppData\Roaming\speedanalysis.ico
File Deleted : C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Deleted : C:\Windows\System32\Tasks\Funmoods

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [7go@7go.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [7go@7go.com]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80EC94D3-10C2-4091-A294-84DF1F84B6B6}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80EC94D3-10C2-4091-A294-84DF1F84B6B6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DBB6CE-3148-4FEC-B481-103CB3290427}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF103732-4528-4322-AA8B-F7849AB7776B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Ria\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3682 octets] - [09/10/2013 18:54:46]
AdwCleaner[S0].txt - [3677 octets] - [09/10/2013 18:56:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3737 octets] ##########

Romiska · #12 Příspěvek od **Romiska** » 09 říj 2013 19:23

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.04.04.07

Windows 7 Service Pack 1 x86 FAT32
Internet Explorer 10.0.9200.16686
Ria :: RIA-PC [administrátor]

Ochrana: Povolena

9.10.2013 19:05:10
MBAM-log-2013-10-09 (20-20-56).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 271043
Uplynulý čas: 1 hodin, 15 minut, 24 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 7
C:\!!Install\BS.Player.Pro.v2.62.1068.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Nebyla provedena žádná instrukce.
C:\!!Install\BS.Player.Pro.v2.62.1068.Multilingual.Incl.Keymaker-CORE\keygen.exe (Trojan.Agent) -> Nebyla provedena žádná instrukce.
C:\!!Install\Microsoft Office Professional Plus 2010 CZ 32bit, 64bit\aida.64.extreme.2.00.1720.zip (Backdoor.RBot) -> Nebyla provedena žádná instrukce.
C:\FRST\Quarantine\KMSEmulator.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\ProgramData\SUS\SUS.02 (PUP.Ardamax) -> Nebyla provedena žádná instrukce.
C:\ProgramData\SUS\SUS.exe.BAK (PUP.Ardamax) -> Nebyla provedena žádná instrukce.
C:\Windows\AutoKMS.exe (Riskware.Keygen) -> Nebyla provedena žádná instrukce.

(konec)

#13 Příspěvek od **vyosek** » 09 říj 2013 19:28

Nalezy MBAMu smazte, objevi se log, ten rad uvidim...

Romiska · #14 Příspěvek od **Romiska** » 09 říj 2013 19:36

Smazal jsem, log se objevil, bohužel jsem PC restartoval, najdu někde ten log?

#15 Příspěvek od **vyosek** » 09 říj 2013 19:40

OK, nechte tedy tak. Neni zas az tak zivotne dulezity

Jak se chova PC

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu