Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

1place.org a hotspotaward malware - bosss15

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
bosss15
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 16 úno 2014 23:08

1place.org a hotspotaward malware - bosss15

#1 Příspěvek od bosss15 »

Ahoj, tak mě to dneska taky potkalo... níže je výpis z toho chytrého prográmku, díky za info jak pokračovat dál

RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Josef [Práva správce]
Mód : Kontrola -- Datum : 02/16/2014 22:38:42
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 4 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- C:\Users\Josef\AppData\Roaming\newnext.me\nengine.dll [-] -> rundll32.exe SMAZÁNO [TermProc]
[SUSP PATH] Foxit Reader Updater.exe -- C:\Users\Josef\AppData\Local\Temp\Foxit Reader Updater.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] PirritService.exe -- C:\Users\Josef\AppData\Local\PirritSuggestor\PirritService.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] PirritDesktop.exe -- C:\Users\Josef\AppData\Local\PirritSuggestor\PirritDesktop.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\Josef\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [7][-][x]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-4046643792-4147377480-1180286658-1000\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\Josef\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [7][-][x]) -> NALEZENO
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=hxxp://127.0.0.1:9880 [Country: , City: ]) -> NALEZENO
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


216.239.32.20 google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh
[...]


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545050A7E380 ATA Device +++++
--- User ---
[MBR] 9442db923da249103c63def65bf8eca6
[BSP] 5a02220f3496f75ce72db3a86c8422fd : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HTC Android Phone USB Device +++++
--- User ---
[MBR] ad915ca31c089354d4363a8daad50f98
[BSP] ac742ae9a512813c403b1762f0c6c246 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 30432 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

Dokončeno : << RKreport[0]_S_02162014_223842.txt >>
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: 1place.org a hotspotaward malware - bosss15

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Prispevek jsem vam oddelil - do cizich temat se nevetsupuje

:arrow: Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
bosss15
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 16 úno 2014 23:08

Re: 1place.org a hotspotaward malware - bosss15

#3 Příspěvek od bosss15 »

omlouvám se za vstup do cizího tématu. zde je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Josef at 2014-02-17 15:53:52
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 397 GB (83%) free of 477 GB
Total RAM: 3036 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:59, on 17.2.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files\Microsoft Office\Office15\GROOVE.EXE
C:\Users\Josef\AppData\Local\PirritSuggestor\PirritDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office 15\root\Office15\MsoSync.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Josef\Downloads\RSIT.exe
C:\Program Files\trend micro\Josef.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL
O2 - BHO: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Odeslat do OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O4 - Startup: SkyDrive Pro.lnk = C:\Program Files\Microsoft Office\Office15\GROOVE.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
O23 - Service: PirritDesktop - Unknown owner - C:\Users\Josef\AppData\Local\PirritSuggestor\PirritService.exe
O23 - Service: PirritUpdater - Unknown owner - C:\Program Files\Pirrit\AutoUpdater.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6980 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-01-15 707288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [2013-11-02 1727176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}]
IEExtension.Extension - C:\Windows\system32\mscoree.dll [2010-11-20 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
""= []
"AdAwareTray"=C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [2014-01-23 3643224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-11-14 20584608]

C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odeslat do OneNote.lnk - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
SkyDrive Pro.lnk - C:\Program Files\Microsoft Office\Office15\GROOVE.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-02-17 15:53:53 ----D---- C:\Program Files\trend micro
2014-02-17 15:53:52 ----D---- C:\rsit
2014-02-17 15:41:52 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-17 15:41:48 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-17 15:41:45 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-02-17 15:41:42 ----A---- C:\Windows\system32\wksprtPS.dll
2014-02-17 15:41:42 ----A---- C:\Windows\system32\wksprt.exe
2014-02-17 15:41:42 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-02-17 15:41:42 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-17 15:41:42 ----A---- C:\Windows\system32\tsgqec.dll
2014-02-17 15:41:42 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-02-17 15:41:42 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-02-17 15:41:41 ----A---- C:\Windows\system32\mstscax.dll
2014-02-17 15:41:41 ----A---- C:\Windows\system32\mstsc.exe
2014-02-17 15:41:20 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-02-17 15:37:34 ----A---- C:\Windows\system32\javaws.exe
2014-02-17 15:37:28 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2014-02-17 15:37:28 ----A---- C:\Windows\system32\javaw.exe
2014-02-17 15:37:28 ----A---- C:\Windows\system32\java.exe
2014-02-17 13:31:30 ----A---- C:\Windows\system32\bootdelete.exe
2014-02-17 13:26:50 ----D---- C:\Program Files\HitmanPro
2014-02-17 13:25:26 ----D---- C:\ProgramData\HitmanPro
2014-02-17 12:46:08 ----D---- C:\Users\Josef\AppData\Roaming\Malwarebytes
2014-02-17 12:45:44 ----D---- C:\ProgramData\Malwarebytes
2014-02-17 12:45:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 12:45:42 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-02-17 12:35:00 ----D---- C:\Windows\ERUNT
2014-02-17 12:23:52 ----D---- C:\AdwCleaner
2014-02-16 23:41:21 ----D---- C:\Users\Josef\AppData\Roaming\LavasoftStatistics
2014-02-16 23:40:56 ----D---- C:\Users\Josef\AppData\Roaming\Lavasoft
2014-02-16 23:23:41 ----D---- C:\Program Files\Lavasoft
2014-02-16 23:22:02 ----D---- C:\Program Files\Common Files\Lavasoft
2014-02-16 23:21:23 ----D---- C:\ProgramData\Lavasoft
2014-02-13 09:29:47 ----A---- C:\Windows\system32\ieui.dll
2014-02-13 09:29:46 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-13 09:29:45 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 09:29:43 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-13 09:29:42 ----A---- C:\Windows\system32\msrating.dll
2014-02-13 09:29:41 ----A---- C:\Windows\system32\iesetup.dll
2014-02-13 09:29:41 ----A---- C:\Windows\system32\iernonce.dll
2014-02-13 09:29:40 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-13 09:29:39 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-13 09:29:39 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-13 09:29:39 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-13 09:29:38 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-13 09:29:37 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-13 09:29:34 ----A---- C:\Windows\system32\iertutil.dll
2014-02-13 09:29:33 ----A---- C:\Windows\system32\wininet.dll
2014-02-13 09:29:32 ----A---- C:\Windows\system32\urlmon.dll
2014-02-13 09:29:29 ----A---- C:\Windows\system32\ieframe.dll
2014-02-13 09:29:27 ----A---- C:\Windows\system32\mshtml.dll
2014-02-13 09:29:27 ----A---- C:\Windows\system32\jscript9.dll
2014-02-13 09:14:03 ----A---- C:\Windows\system32\vbscript.dll
2014-02-12 21:07:38 ----D---- C:\Windows\cs
2014-02-12 21:06:46 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2014-02-12 21:05:20 ----D---- C:\Program Files\Windows Live
2014-02-12 21:04:11 ----A---- C:\Windows\system32\XAudio2_7.dll
2014-02-12 21:04:11 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2014-02-12 21:04:11 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2014-02-12 21:04:10 ----A---- C:\Windows\system32\d3dx11_43.dll
2014-02-12 21:03:40 ----A---- C:\Windows\system32\d3dx10_42.dll
2014-02-12 21:02:33 ----A---- C:\Windows\system32\d3dx9_32.dll
2014-02-12 21:00:08 ----D---- C:\Program Files\Common Files\Windows Live
2014-02-12 07:37:37 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 07:37:37 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 07:37:14 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37:14 ----A---- C:\Windows\system32\d2d1.dll
2014-02-12 07:37:09 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 07:37:08 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 07:37:08 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 07:37:07 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 07:37:07 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 07:37:06 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 07:37:05 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 07:37:05 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 07:37:05 ----A---- C:\Windows\system32\msdrm.dll
2014-02-05 22:10:54 ----D---- C:\Program Files\Microsoft Silverlight
2014-01-30 08:46:59 ----D---- C:\pracovni
2014-01-29 18:19:15 ----D---- C:\Program Files\GreenTree Applications
2014-01-29 18:13:18 ----D---- C:\Users\Josef\AppData\Roaming\Macromedia
2014-01-29 18:13:11 ----D---- C:\Users\Josef\AppData\Roaming\Xilisoft
2014-01-29 12:37:16 ----D---- C:\Program Files\Common Files\DESIGNER
2014-01-28 13:32:50 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 1 month======

2014-02-17 15:53:53 ----RD---- C:\Program Files
2014-02-17 15:53:31 ----D---- C:\Windows\Temp
2014-02-17 15:47:36 ----D---- C:\Users\Josef\AppData\Roaming\Skype
2014-02-17 15:46:38 ----D---- C:\Windows\winsxs
2014-02-17 15:44:52 ----D---- C:\Windows\system32\config
2014-02-17 15:43:29 ----D---- C:\Windows\system32\cs-CZ
2014-02-17 15:43:29 ----D---- C:\Windows\System32
2014-02-17 15:43:28 ----D---- C:\Windows\system32\wbem
2014-02-17 15:43:28 ----D---- C:\Windows\system32\DriverStore
2014-02-17 15:43:28 ----D---- C:\Windows\system32\drivers\en-US
2014-02-17 15:43:28 ----D---- C:\Windows\system32\drivers
2014-02-17 15:43:25 ----D---- C:\Windows\inf
2014-02-17 15:42:09 ----D---- C:\Windows\system32\catroot
2014-02-17 15:42:06 ----D---- C:\Windows\system32\catroot2
2014-02-17 15:41:29 ----SHD---- C:\System Volume Information
2014-02-17 15:40:01 ----SHD---- C:\Windows\Installer
2014-02-17 15:40:01 ----HD---- C:\Config.Msi
2014-02-17 15:38:19 ----D---- C:\ProgramData\Oracle
2014-02-17 15:37:28 ----D---- C:\Program Files\Java
2014-02-17 15:36:38 ----D---- C:\Program Files\Google
2014-02-17 15:35:31 ----D---- C:\Windows\Tasks
2014-02-17 15:35:31 ----D---- C:\Windows\system32\Tasks
2014-02-17 15:09:10 ----D---- C:\Windows
2014-02-17 13:51:23 ----D---- C:\Program Files\Common Files
2014-02-17 13:48:16 ----D---- C:\Program Files\Y+ Image Converter
2014-02-17 13:25:26 ----HD---- C:\ProgramData
2014-02-17 13:08:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-17 12:34:57 ----D---- C:\Windows\Prefetch
2014-02-16 22:47:29 ----D---- C:\Windows\Logs
2014-02-16 22:47:29 ----D---- C:\Windows\debug
2014-02-15 15:27:57 ----D---- C:\Windows\system32\drivers\etc
2014-02-14 13:38:35 ----D---- C:\Windows\rescache
2014-02-14 09:57:36 ----D---- C:\Windows\Microsoft.NET
2014-02-14 09:56:48 ----RSD---- C:\Windows\assembly
2014-02-14 07:55:37 ----D---- C:\Program Files\Internet Explorer
2014-02-13 09:28:59 ----D---- C:\Windows\system32\MRT
2014-02-13 09:18:59 ----A---- C:\Windows\system32\MRT.exe
2014-02-13 00:08:47 ----SD---- C:\Users\Josef\AppData\Roaming\Microsoft
2014-02-12 21:06:03 ----SD---- C:\ProgramData\Microsoft
2014-02-12 21:04:59 ----D---- C:\Program Files\Common Files\microsoft shared
2014-02-10 18:19:33 ----SHD---- C:\$Recycle.Bin
2014-02-03 13:42:47 ----RSD---- C:\Windows\Fonts
2014-02-02 14:06:35 ----D---- C:\Windows\LiveKernelReports
2014-01-29 12:37:46 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-01-28 13:56:41 ----D---- C:\Windows\Panther
2014-01-28 13:56:40 ----D---- C:\Windows\Minidump
2014-01-21 22:02:51 ----D---- C:\Users\Josef\AppData\Roaming\FlvtoConverter
2014-01-19 08:32:23 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 381440]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
R3 Trufos;Trufos; C:\Windows\system32\DRIVERS\Trufos.sys [2013-07-17 340624]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-01-26 1163328]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 30208]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 WSDScan;Podpora skenování WSD přes UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-12-03 26112]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 LavasoftAdAwareService11;Ad-Aware Service 11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-01-23 651232]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-05-17 1590560]
R2 MSSQL$ATTIS;SQL Server (ATTIS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 OfficeSvc;Služba Microsoft Office; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-10-31 1320120]
R2 PirritDesktop;PirritDesktop; C:\Users\Josef\AppData\Local\PirritSuggestor\PirritService.exe [2014-02-14 52568]
R2 PirritUpdater;PirritUpdater; C:\Program Files\Pirrit\AutoUpdater.exe [2014-02-14 59904]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 1713904]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-17 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-17 116648]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-12-23 136120]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 108032]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-12-04 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2013-12-04 4846168]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-18 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

díky za informace, již jsem to zkoušel projet vším, a stejně to tam furt je, grrr.
Nahoru
bosss15
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 16 úno 2014 23:08

Re: 1place.org a hotspotaward malware - bosss15

#4 Příspěvek od bosss15 »

omlouvám se za vstup do cizího tématu. zde je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Josef at 2014-02-17 15:53:52
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 397 GB (83%) free of 477 GB
Total RAM: 3036 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:59, on 17.2.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files\Microsoft Office\Office15\GROOVE.EXE
C:\Users\Josef\AppData\Local\PirritSuggestor\PirritDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office 15\root\Office15\MsoSync.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Josef\Downloads\RSIT.exe
C:\Program Files\trend micro\Josef.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL
O2 - BHO: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Odeslat do OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O4 - Startup: SkyDrive Pro.lnk = C:\Program Files\Microsoft Office\Office15\GROOVE.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
O23 - Service: PirritDesktop - Unknown owner - C:\Users\Josef\AppData\Local\PirritSuggestor\PirritService.exe
O23 - Service: PirritUpdater - Unknown owner - C:\Program Files\Pirrit\AutoUpdater.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6980 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-01-15 707288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~3\Office15\GROOVEEX.DLL [2013-11-02 1727176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}]
IEExtension.Extension - C:\Windows\system32\mscoree.dll [2010-11-20 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
""= []
"AdAwareTray"=C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [2014-01-23 3643224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-11-14 20584608]

C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odeslat do OneNote.lnk - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
SkyDrive Pro.lnk - C:\Program Files\Microsoft Office\Office15\GROOVE.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-02-17 15:53:53 ----D---- C:\Program Files\trend micro
2014-02-17 15:53:52 ----D---- C:\rsit
2014-02-17 15:41:52 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-17 15:41:48 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-17 15:41:45 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-02-17 15:41:42 ----A---- C:\Windows\system32\wksprtPS.dll
2014-02-17 15:41:42 ----A---- C:\Windows\system32\wksprt.exe
2014-02-17 15:41:42 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-02-17 15:41:42 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-17 15:41:42 ----A---- C:\Windows\system32\tsgqec.dll
2014-02-17 15:41:42 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-02-17 15:41:42 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-02-17 15:41:41 ----A---- C:\Windows\system32\mstscax.dll
2014-02-17 15:41:41 ----A---- C:\Windows\system32\mstsc.exe
2014-02-17 15:41:20 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-02-17 15:37:34 ----A---- C:\Windows\system32\javaws.exe
2014-02-17 15:37:28 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2014-02-17 15:37:28 ----A---- C:\Windows\system32\javaw.exe
2014-02-17 15:37:28 ----A---- C:\Windows\system32\java.exe
2014-02-17 13:31:30 ----A---- C:\Windows\system32\bootdelete.exe
2014-02-17 13:26:50 ----D---- C:\Program Files\HitmanPro
2014-02-17 13:25:26 ----D---- C:\ProgramData\HitmanPro
2014-02-17 12:46:08 ----D---- C:\Users\Josef\AppData\Roaming\Malwarebytes
2014-02-17 12:45:44 ----D---- C:\ProgramData\Malwarebytes
2014-02-17 12:45:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 12:45:42 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-02-17 12:35:00 ----D---- C:\Windows\ERUNT
2014-02-17 12:23:52 ----D---- C:\AdwCleaner
2014-02-16 23:41:21 ----D---- C:\Users\Josef\AppData\Roaming\LavasoftStatistics
2014-02-16 23:40:56 ----D---- C:\Users\Josef\AppData\Roaming\Lavasoft
2014-02-16 23:23:41 ----D---- C:\Program Files\Lavasoft
2014-02-16 23:22:02 ----D---- C:\Program Files\Common Files\Lavasoft
2014-02-16 23:21:23 ----D---- C:\ProgramData\Lavasoft
2014-02-13 09:29:47 ----A---- C:\Windows\system32\ieui.dll
2014-02-13 09:29:46 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-13 09:29:45 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 09:29:43 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-13 09:29:42 ----A---- C:\Windows\system32\msrating.dll
2014-02-13 09:29:41 ----A---- C:\Windows\system32\iesetup.dll
2014-02-13 09:29:41 ----A---- C:\Windows\system32\iernonce.dll
2014-02-13 09:29:40 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-13 09:29:39 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-13 09:29:39 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-13 09:29:39 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-13 09:29:38 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-13 09:29:37 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-13 09:29:34 ----A---- C:\Windows\system32\iertutil.dll
2014-02-13 09:29:33 ----A---- C:\Windows\system32\wininet.dll
2014-02-13 09:29:32 ----A---- C:\Windows\system32\urlmon.dll
2014-02-13 09:29:29 ----A---- C:\Windows\system32\ieframe.dll
2014-02-13 09:29:27 ----A---- C:\Windows\system32\mshtml.dll
2014-02-13 09:29:27 ----A---- C:\Windows\system32\jscript9.dll
2014-02-13 09:14:03 ----A---- C:\Windows\system32\vbscript.dll
2014-02-12 21:07:38 ----D---- C:\Windows\cs
2014-02-12 21:06:46 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2014-02-12 21:05:20 ----D---- C:\Program Files\Windows Live
2014-02-12 21:04:11 ----A---- C:\Windows\system32\XAudio2_7.dll
2014-02-12 21:04:11 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2014-02-12 21:04:11 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2014-02-12 21:04:10 ----A---- C:\Windows\system32\d3dx11_43.dll
2014-02-12 21:03:40 ----A---- C:\Windows\system32\d3dx10_42.dll
2014-02-12 21:02:33 ----A---- C:\Windows\system32\d3dx9_32.dll
2014-02-12 21:00:08 ----D---- C:\Program Files\Common Files\Windows Live
2014-02-12 07:37:37 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 07:37:37 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 07:37:14 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37:14 ----A---- C:\Windows\system32\d2d1.dll
2014-02-12 07:37:09 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 07:37:08 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 07:37:08 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 07:37:07 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 07:37:07 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 07:37:06 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 07:37:05 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 07:37:05 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 07:37:05 ----A---- C:\Windows\system32\msdrm.dll
2014-02-05 22:10:54 ----D---- C:\Program Files\Microsoft Silverlight
2014-01-30 08:46:59 ----D---- C:\pracovni
2014-01-29 18:19:15 ----D---- C:\Program Files\GreenTree Applications
2014-01-29 18:13:18 ----D---- C:\Users\Josef\AppData\Roaming\Macromedia
2014-01-29 18:13:11 ----D---- C:\Users\Josef\AppData\Roaming\Xilisoft
2014-01-29 12:37:16 ----D---- C:\Program Files\Common Files\DESIGNER
2014-01-28 13:32:50 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 1 month======

2014-02-17 15:53:53 ----RD---- C:\Program Files
2014-02-17 15:53:31 ----D---- C:\Windows\Temp
2014-02-17 15:47:36 ----D---- C:\Users\Josef\AppData\Roaming\Skype
2014-02-17 15:46:38 ----D---- C:\Windows\winsxs
2014-02-17 15:44:52 ----D---- C:\Windows\system32\config
2014-02-17 15:43:29 ----D---- C:\Windows\system32\cs-CZ
2014-02-17 15:43:29 ----D---- C:\Windows\System32
2014-02-17 15:43:28 ----D---- C:\Windows\system32\wbem
2014-02-17 15:43:28 ----D---- C:\Windows\system32\DriverStore
2014-02-17 15:43:28 ----D---- C:\Windows\system32\drivers\en-US
2014-02-17 15:43:28 ----D---- C:\Windows\system32\drivers
2014-02-17 15:43:25 ----D---- C:\Windows\inf
2014-02-17 15:42:09 ----D---- C:\Windows\system32\catroot
2014-02-17 15:42:06 ----D---- C:\Windows\system32\catroot2
2014-02-17 15:41:29 ----SHD---- C:\System Volume Information
2014-02-17 15:40:01 ----SHD---- C:\Windows\Installer
2014-02-17 15:40:01 ----HD---- C:\Config.Msi
2014-02-17 15:38:19 ----D---- C:\ProgramData\Oracle
2014-02-17 15:37:28 ----D---- C:\Program Files\Java
2014-02-17 15:36:38 ----D---- C:\Program Files\Google
2014-02-17 15:35:31 ----D---- C:\Windows\Tasks
2014-02-17 15:35:31 ----D---- C:\Windows\system32\Tasks
2014-02-17 15:09:10 ----D---- C:\Windows
2014-02-17 13:51:23 ----D---- C:\Program Files\Common Files
2014-02-17 13:48:16 ----D---- C:\Program Files\Y+ Image Converter
2014-02-17 13:25:26 ----HD---- C:\ProgramData
2014-02-17 13:08:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-17 12:34:57 ----D---- C:\Windows\Prefetch
2014-02-16 22:47:29 ----D---- C:\Windows\Logs
2014-02-16 22:47:29 ----D---- C:\Windows\debug
2014-02-15 15:27:57 ----D---- C:\Windows\system32\drivers\etc
2014-02-14 13:38:35 ----D---- C:\Windows\rescache
2014-02-14 09:57:36 ----D---- C:\Windows\Microsoft.NET
2014-02-14 09:56:48 ----RSD---- C:\Windows\assembly
2014-02-14 07:55:37 ----D---- C:\Program Files\Internet Explorer
2014-02-13 09:28:59 ----D---- C:\Windows\system32\MRT
2014-02-13 09:18:59 ----A---- C:\Windows\system32\MRT.exe
2014-02-13 00:08:47 ----SD---- C:\Users\Josef\AppData\Roaming\Microsoft
2014-02-12 21:06:03 ----SD---- C:\ProgramData\Microsoft
2014-02-12 21:04:59 ----D---- C:\Program Files\Common Files\microsoft shared
2014-02-10 18:19:33 ----SHD---- C:\$Recycle.Bin
2014-02-03 13:42:47 ----RSD---- C:\Windows\Fonts
2014-02-02 14:06:35 ----D---- C:\Windows\LiveKernelReports
2014-01-29 12:37:46 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-01-28 13:56:41 ----D---- C:\Windows\Panther
2014-01-28 13:56:40 ----D---- C:\Windows\Minidump
2014-01-21 22:02:51 ----D---- C:\Users\Josef\AppData\Roaming\FlvtoConverter
2014-01-19 08:32:23 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 381440]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
R3 Trufos;Trufos; C:\Windows\system32\DRIVERS\Trufos.sys [2013-07-17 340624]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-01-26 1163328]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 30208]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 WSDScan;Podpora skenování WSD přes UMB; C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-12-03 26112]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 26168]
R2 LavasoftAdAwareService11;Ad-Aware Service 11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-01-23 651232]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-05-17 1590560]
R2 MSSQL$ATTIS;SQL Server (ATTIS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 OfficeSvc;Služba Microsoft Office; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-10-31 1320120]
R2 PirritDesktop;PirritDesktop; C:\Users\Josef\AppData\Local\PirritSuggestor\PirritService.exe [2014-02-14 52568]
R2 PirritUpdater;PirritUpdater; C:\Program Files\Pirrit\AutoUpdater.exe [2014-02-14 59904]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 1713904]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-17 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-17 116648]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-12-23 136120]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 108032]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-12-04 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2013-12-04 4846168]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-18 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

díky za informace, již jsem to zkoušel projet vším, a stejně to tam furt je, grrr.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: 1place.org a hotspotaward malware - bosss15

#5 Příspěvek od vyosek »

:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
bosss15
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 16 úno 2014 23:08

Re: 1place.org a hotspotaward malware - bosss15

#6 Příspěvek od bosss15 »

Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by Josef on po 17.02.2014 at 16:27:21,95.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Josef\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17.2.2014 16:28:00 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PirritUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PirritUpdater deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

Added to C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\Josef\AppData\Local\genienext deleted
C:\Users\Josef\daemonprocess.txt deleted
C:\Users\Josef\.android deleted
C:\Program Files\GreenTree Applications deleted
C:\Users\Josef\AppData\Local\cache deleted
C:\Users\Josef\Documents\Mobogenie deleted
"C:\Users\Josef\AppData\Roaming\Pirrit\Config.json" deleted
"C:\Program Files\Pirrit\AutoUpdater.exe" deleted
"C:\Program Files\Pirrit\msvcp100.dll" deleted
"C:\Program Files\Pirrit\msvcr100.dll" not deleted
"C:\Program Files\Pirrit\QtCore4.dll" deleted
"C:\Program Files\Pirrit\QtNetwork4.dll" deleted
"C:\Users\Josef\AppData\Roaming\Pirrit" deleted
"C:\Program Files\Pirrit" not deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Undetermined - %ProfilePath%\extensions\suggestor@suggestor.pirrit.com.xpi

ExtDir: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Undetermined - %ExtDir%\suggestor@suggestor.pirrit.com.xpi

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hglljpndoeopcpehilglkbnincooinnb - C:\Users\Josef\AppData\Local\Flvto Plugin for Google Chrome\the_extension.crx[30.08.2013 15:28]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Users\Josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3V01KBVH will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=152 folders=91 26783586 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Josef\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Josef\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files\Pirrit\msvcr100.dll" not found
"C:\Program Files\Pirrit" not found
"C:\Users\Josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3V01KBVH" not found

==== EOF on po 17.02.2014 at 16:45:08,52 ======================
Nahoru
bosss15
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 16 úno 2014 23:08

Re: 1place.org a hotspotaward malware - bosss15

#7 Příspěvek od bosss15 »

omlouvam, se, neměl jsem to na ploše a nespustil jako správce, takže jsem to raději udělal ještě jednou. předem díky


Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by Josef on po 17.02.2014 at 16:48:36,19.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Josef\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-02-17-154508.log 7818 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions ======================

ProfilePath: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Undetermined - %ProfilePath%\extensions\suggestor@suggestor.pirrit.com.xpi

ExtDir: C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- Undetermined - %ExtDir%\suggestor@suggestor.pirrit.com.xpi

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hglljpndoeopcpehilglkbnincooinnb - C:\Users\Josef\AppData\Local\Flvto Plugin for Google Chrome\the_extension.crx[30.08.2013 15:28]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Users\Josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LQYEFDK will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=152 folders=91 26783586 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Josef\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Josef\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Josef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LQYEFDK" not found

==== EOF on po 17.02.2014 at 17:00:22,09 ======================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: 1place.org a hotspotaward malware - bosss15

#8 Příspěvek od vyosek »

OK, nyni log dle tohoto http://forum.viry.cz/viewtopic.php?f=13&t=133100
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
bosss15
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 16 úno 2014 23:08

Re: 1place.org a hotspotaward malware - bosss15

#9 Příspěvek od bosss15 »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Josef (administrator) on JOSEF-PC on 17-02-2014 17:20:23
Running from C:\Users\Josef\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
() C:\Users\Josef\AppData\Local\PirritSuggestor\PirritService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\Josef\AppData\Local\PirritSuggestor\PirritDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\GROOVE.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\Office15\MsoSync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Josef\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [3643224 2014-01-23] ()
HKU\S-1-5-21-4046643792-4147377480-1180286658-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4046643792-4147377480-1180286658-1000\...\MountPoints2: {57bb0d32-56f8-11e3-8485-00247eb51cad} - F:\SETUP.EXE
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkyDrive Pro.lnk
ShortcutTarget: SkyDrive Pro.lnk -> C:\Program Files\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9880
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.32.1 192.168.1.1

FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-01-10]
FF Extension: Pirrit Suggestor - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi [2014-01-04]

Chrome:
=======
CHR Extension: (Disk Google) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (YouTube) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Vyhledávání Google) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (Peněženka Google) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Gmail) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKLM\...\Chrome\Extension: [hglljpndoeopcpehilglkbnincooinnb] - C:\Users\Josef\AppData\Local\Flvto Plugin for Google Chrome\the_extension.crx [2014-02-17]

========================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [651232 2014-01-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1590560 2012-05-17] (Microsoft Corp.)
R2 MSSQL$ATTIS; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-10-31] (Microsoft Corporation)
U2 PirritDesktop; C:\Users\Josef\AppData\Local\PirritSuggestor\PirritService.exe [52568 2014-02-14] ()

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 17:20 - 2014-02-17 17:20 - 00011065 _____ () C:\Users\Josef\Desktop\FRST.txt
2014-02-17 17:20 - 2014-02-17 17:20 - 00000000 ____D () C:\FRST
2014-02-17 17:18 - 2014-02-17 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Desktop\FRSTLauncher.exe
2014-02-17 17:18 - 2014-02-17 17:15 - 01141248 _____ (Farbar) C:\Users\Josef\Desktop\FRST.exe
2014-02-17 17:17 - 2014-02-17 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\Nepotvrzeno 473550.crdownload
2014-02-17 17:17 - 2014-02-17 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\FRSTLauncher (2).exe
2014-02-17 17:16 - 2014-02-17 17:16 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\Nepotvrzeno 856973.crdownload
2014-02-17 17:15 - 2014-02-17 17:15 - 01141248 _____ (Farbar) C:\Users\Josef\Downloads\FRST.exe
2014-02-17 16:57 - 2014-02-17 16:48 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-17 16:49 - 2014-02-17 16:45 - 00007818 _____ () C:\zoek-results2014-02-17-154508.log
2014-02-17 16:48 - 2014-02-17 16:26 - 01284608 _____ () C:\Users\Josef\Desktop\zoek.exe
2014-02-17 16:27 - 2014-02-17 17:00 - 00006719 _____ () C:\zoek-results.log
2014-02-17 16:27 - 2014-02-17 16:35 - 00000000 ____D () C:\zoek_backup
2014-02-17 16:26 - 2014-02-17 16:26 - 01284608 _____ () C:\Users\Josef\Downloads\zoek.exe
2014-02-17 15:53 - 2014-02-17 15:54 - 00000000 ____D () C:\rsit
2014-02-17 15:53 - 2014-02-17 15:53 - 00781383 _____ () C:\Users\Josef\Downloads\RSIT.exe
2014-02-17 15:53 - 2014-02-17 15:53 - 00000000 ____D () C:\Program Files\trend micro
2014-02-17 15:41 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-17 15:41 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-17 15:41 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-17 15:41 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-17 15:41 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-17 15:41 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-17 15:41 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-17 15:41 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-17 15:41 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-17 15:41 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-17 15:41 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-17 15:41 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-17 15:41 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-17 15:37 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-02-17 15:37 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-17 15:37 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-17 15:37 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-17 15:36 - 2014-02-17 15:37 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-02-17 15:36 - 2014-02-17 15:36 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-17 15:35 - 2014-02-17 16:58 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 15:35 - 2014-02-17 16:40 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 15:22 - 2014-02-17 15:22 - 00007584 _____ () C:\Users\Josef\Documents\záložky_17.2.14.html
2014-02-17 15:09 - 2014-02-17 16:58 - 00001316 _____ () C:\Windows\PFRO.log
2014-02-17 15:09 - 2014-02-17 16:58 - 00000280 _____ () C:\Windows\setupact.log
2014-02-17 15:09 - 2014-02-17 15:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-17 15:05 - 2014-02-17 15:05 - 00060866 _____ () C:\Users\Josef\Documents\cc_20140217_150544.reg
2014-02-17 13:31 - 2014-02-17 15:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-02-17 13:31 - 2014-02-17 13:31 - 00010278 _____ () C:\Users\Josef\Documents\HitmanPro_20140217_1331.log
2014-02-17 13:26 - 2014-02-17 13:26 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-17 13:26 - 2014-02-17 13:26 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-17 13:25 - 2014-02-17 13:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-17 13:17 - 2014-02-17 13:17 - 09988304 _____ (SurfRight B.V.) C:\Users\Josef\Downloads\HitmanPro.exe
2014-02-17 12:46 - 2014-02-17 12:46 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Malwarebytes
2014-02-17 12:45 - 2014-02-17 12:45 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-17 12:45 - 2014-02-17 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 12:45 - 2014-02-17 12:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 12:45 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-17 12:44 - 2014-02-17 12:44 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Josef\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-17 12:35 - 2014-02-17 12:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 12:34 - 2014-02-17 12:34 - 01037530 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-02-17 12:23 - 2014-02-17 14:32 - 00000000 ____D () C:\AdwCleaner
2014-02-17 12:23 - 2014-02-17 12:23 - 01166132 _____ () C:\Users\Josef\Downloads\adwcleaner.exe
2014-02-17 09:10 - 2014-02-17 09:10 - 02347384 _____ (ESET) C:\Users\Josef\Downloads\esetsmartinstaller_enu.exe
2014-02-17 07:39 - 2014-02-17 15:05 - 00000000 ____D () C:\Users\Josef\AppData\Local\CrashDumps
2014-02-16 23:41 - 2014-02-16 23:41 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\LavasoftStatistics
2014-02-16 23:40 - 2014-02-16 23:40 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Lavasoft
2014-02-16 23:24 - 2014-02-17 16:58 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-16 23:23 - 2014-02-16 23:23 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-16 23:22 - 2014-02-16 23:22 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-16 23:21 - 2014-02-16 23:21 - 01727624 _____ () C:\Users\Josef\Downloads\Adaware_Installer.exe
2014-02-16 23:21 - 2014-02-16 23:21 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-16 22:49 - 2014-02-16 22:49 - 00006286 _____ () C:\Users\Josef\Documents\cc_20140216_224930.reg
2014-02-16 22:44 - 2014-02-16 22:44 - 00003938 _____ () C:\Users\Josef\Documents\RKreport[0]_S_02162014_223842.txt
2014-02-16 22:33 - 2014-02-17 14:49 - 00000000 ____D () C:\Users\Josef\Desktop\RK_Quarantine
2014-02-16 22:31 - 2014-02-16 22:31 - 03813376 _____ () C:\Users\Josef\Downloads\RogueKiller (1).exe
2014-02-16 22:30 - 2014-02-16 22:30 - 03809280 _____ () C:\Users\Josef\Downloads\RogueKiller.exe
2014-02-16 19:12 - 2014-02-16 23:05 - 01893194 _____ () C:\Users\Josef\Documents\Dream senescence - Josef Ulrich.pptx
2014-02-15 12:36 - 2014-02-16 22:27 - 00000000 ____D () C:\Users\Josef\AppData\Local\PirritSuggestor
2014-02-13 12:51 - 2014-02-13 12:52 - 09409045 _____ () C:\Users\Josef\Downloads\ZSEI-Základy-světové-a-evropské-integrace.rar
2014-02-13 12:42 - 2014-02-13 12:57 - 00000000 ____D () C:\Users\Josef\Documents\Karolka - učení
2014-02-13 12:41 - 2014-02-13 12:41 - 00305174 _____ () C:\Users\Josef\Downloads\Filosofie-a-základy-etiky.rar
2014-02-13 09:29 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 09:29 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 09:29 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 09:29 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 09:29 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 09:29 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 09:29 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 09:29 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 09:29 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 09:29 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 09:29 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 09:29 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 09:29 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 09:29 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 09:29 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 09:29 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 09:29 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 09:29 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 09:29 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 09:29 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 09:29 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 09:14 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 09:13 - 2014-02-13 09:13 - 00001316 _____ () C:\Users\Josef\Desktop\Dokumenty CEPA.lnk
2014-02-13 00:21 - 2014-02-13 00:21 - 00035022 ____H () C:\Users\Josef\Documents\~WRL0450.tmp
2014-02-12 21:07 - 2014-02-12 21:07 - 00000000 ____D () C:\Windows\cs
2014-02-12 21:06 - 2014-02-12 21:06 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-02-12 21:05 - 2014-02-12 21:06 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-12 21:04 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-02-12 21:04 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-02-12 21:04 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-02-12 21:04 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-02-12 21:03 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-02-12 21:02 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-02-12 21:00 - 2014-02-12 21:15 - 00000000 ____D () C:\Users\Josef\AppData\Local\Windows Live
2014-02-12 21:00 - 2014-02-12 21:00 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-02-12 20:59 - 2014-02-12 20:59 - 01243120 _____ (společnost Microsoft Corporation) C:\Users\Josef\Downloads\wlsetup-web.exe
2014-02-12 14:35 - 2014-02-12 14:35 - 00014438 _____ () C:\Users\Josef\Downloads\zivotopis Lucie.odt
2014-02-12 07:37 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 07:37 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:37 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 07:37 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 07:37 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 07:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 07:37 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 07:37 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 07:37 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 07:37 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 07:37 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 07:37 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 07:37 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 23:20 - 2014-02-10 23:20 - 00232960 _____ () C:\Users\Josef\Downloads\Calc_NZU_0710.xlsm
2014-02-10 23:19 - 2014-02-10 23:19 - 02077490 _____ () C:\Users\Josef\Downloads\NZU web.zip
2014-02-10 15:09 - 2014-02-10 15:09 - 00014438 _____ () C:\Users\Josef\Downloads\ivotopis Lucie.odt
2014-02-09 17:47 - 2014-02-09 17:47 - 00545880 _____ () C:\Users\Josef\Downloads\PRÁVO FRANC.zip
2014-02-07 14:48 - 2014-02-07 14:48 - 02067968 _____ () C:\Users\Josef\Downloads\1400lRizeni_zasob.ppt
2014-02-05 22:10 - 2014-02-05 22:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-05 22:00 - 2014-02-05 22:01 - 06951048 _____ (Microsoft Corporation) C:\Users\Josef\Downloads\Silverlight.exe
2014-02-05 14:29 - 2014-02-05 14:29 - 00160256 _____ () C:\Users\Josef\Downloads\MOTIVACE.ppt
2014-02-05 11:20 - 2014-02-05 11:21 - 01270272 _____ () C:\Users\Josef\Downloads\SvF_rezim-schvalovani-sablon_2014_02_03.xls
2014-02-05 08:28 - 2014-02-05 08:28 - 00000165 ____H () C:\Users\Josef\Documents\~$Evidenční tabulka.xlsx
2014-02-04 14:23 - 2014-02-04 14:23 - 00046592 _____ () C:\Users\Josef\Downloads\uznámí předmětu.xls
2014-02-04 13:32 - 2014-02-04 13:32 - 00019968 _____ () C:\Users\Josef\Downloads\Uzn__n___z__po__t___a_zkou__ek.xls
2014-02-04 13:26 - 2014-02-04 13:33 - 00041472 _____ () C:\Users\Josef\Downloads\zadost_o_uznani_zapoctu_a_zkousek-2.xls
2014-02-03 19:39 - 2014-02-03 19:39 - 00047961 _____ () C:\Users\Josef\Desktop\Bylo nás pět.htm
2014-02-03 09:29 - 2014-02-16 17:23 - 00021183 _____ () C:\Users\Josef\Documents\Evidenční tabulka.xlsx
2014-01-31 10:27 - 2014-01-31 10:30 - 01308784 _____ () C:\Users\Josef\Documents\862_Harmonogram-Ulrich-změna.xlsx
2014-01-30 11:35 - 2014-01-30 14:38 - 00027083 _____ () C:\Users\Josef\Documents\Schválené projekty výzvy 94 - Adaptabilita VELKÉ PODNIKY.xlsx
2014-01-30 08:46 - 2014-02-17 17:12 - 00000000 ____D () C:\pracovni
2014-01-29 18:13 - 2014-01-29 18:17 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Xilisoft
2014-01-29 18:13 - 2014-01-29 18:13 - 00000000 ____D () C:\Users\Josef\Documents\Xilisoft
2014-01-29 18:13 - 2014-01-29 18:13 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Macromedia
2014-01-29 18:13 - 2014-01-29 18:13 - 00000000 ____D () C:\Users\Josef\AppData\Local\Xilisoft
2014-01-29 18:10 - 2014-01-29 18:10 - 20761594 _____ () C:\Users\Josef\Downloads\x-download-youtube-video2.exe
2014-01-29 12:37 - 2014-01-29 12:37 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-01-28 18:59 - 2014-01-28 18:59 - 00000165 ____H () C:\Users\Josef\Documents\~$Dream senescence s.r.o. - Josef Ulrich - final.pptx
2014-01-28 18:56 - 2014-01-28 19:07 - 00678085 ____H () C:\Users\Josef\Documents\~WRL1636.tmp
2014-01-28 15:27 - 2014-01-30 11:30 - 00028761 _____ () C:\Users\Josef\Documents\Kopie - Schválené-projekty-výzvy94-Adaptabilita-MALÉ PODNIKY.xlsx
2014-01-28 15:27 - 2014-01-28 15:27 - 00000165 ____H () C:\Users\Josef\Documents\~$Kopie - Schválené-projekty-výzvy94-Adaptabilita-MALÉ PODNIKY.xlsx
2014-01-28 13:33 - 2014-01-28 13:33 - 00155504 _____ () C:\Users\Josef\Documents\cc_20140128_133346.reg
2014-01-28 13:32 - 2014-01-28 13:32 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-28 13:32 - 2014-01-28 13:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-28 13:29 - 2014-01-28 13:30 - 04721920 _____ (Piriform Ltd) C:\Users\Josef\Downloads\ccsetup410.exe
2014-01-27 21:57 - 2014-01-27 21:57 - 00061147 _____ () C:\Users\Josef\Documents\Pracovní výkaz stážisty - Ulrich Josef.xlsm
2014-01-27 21:44 - 2014-01-27 21:52 - 00084992 _____ () C:\Users\Josef\Documents\Pracovní výkaz stážisty - Ulrich Josef.xls
2014-01-27 08:30 - 2014-01-27 08:30 - 11839880 _____ (Hewlett-Packard ) C:\Users\Josef\Downloads\sp48679.exe
2014-01-27 08:25 - 2014-01-27 08:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Josef\Downloads\MicrosoftFixit.Devices.RNP.1393135888561776.2.1.Run.exe
2014-01-26 17:09 - 2014-01-26 17:09 - 00026677 _____ () C:\Users\Josef\Downloads\20. Listina základních práv a svobod.odt
2014-01-26 17:08 - 2014-01-26 17:08 - 00031797 _____ () C:\Users\Josef\Downloads\15.Evropská unie – vznik, hlavní smlouvy, pilíře, orgány EU.odt
2014-01-26 15:41 - 2014-01-26 17:09 - 731924480 _____ () C:\Users\Josef\Downloads\50-krát-a-stále-poprvé-cz.avi
2014-01-25 20:38 - 2014-01-25 21:23 - 373745101 _____ () C:\Users\Josef\Downloads\50-krát-a-stále-poprvé-cz.avi.crdownload
2014-01-25 19:09 - 2014-01-25 19:09 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-22 22:26 - 2014-01-22 22:29 - 00000000 ____D () C:\Users\Josef\Downloads\ples
2014-01-22 22:04 - 2014-01-22 22:25 - 1188112131 _____ () C:\Users\Josef\Downloads\ples.zip
2014-01-20 21:59 - 2014-01-20 22:21 - 00635620 _____ () C:\Users\Josef\Documents\a-medicos - prezentace - final2.pptx
2014-01-20 15:44 - 2014-01-20 15:44 - 01260032 _____ () C:\Users\Josef\Downloads\Kopie - Rezim sablon stazi 18 12 2013_aktualizace k 30 12 2013 (1).xls
2014-01-20 14:17 - 2014-01-20 22:21 - 00501762 _____ () C:\Users\Josef\Documents\a-medicos - prezentace - final.pptx
2014-01-19 10:54 - 2014-01-19 10:54 - 01302800 _____ () C:\Users\Josef\Downloads\862_Harmonogram (2).xlsx
2014-01-19 10:31 - 2014-01-19 10:31 - 03225432 _____ () C:\Users\Josef\Downloads\test.rar
2014-01-18 13:14 - 2014-01-18 13:14 - 00373207 _____ () C:\Users\Josef\Documents\a-medicos - prezentace.pptx

==================== One Month Modified Files and Folders =======

2014-02-17 17:20 - 2014-02-17 17:20 - 00011065 _____ () C:\Users\Josef\Desktop\FRST.txt
2014-02-17 17:20 - 2014-02-17 17:20 - 00000000 ____D () C:\FRST
2014-02-17 17:17 - 2014-02-17 17:18 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Desktop\FRSTLauncher.exe
2014-02-17 17:17 - 2014-02-17 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\Nepotvrzeno 473550.crdownload
2014-02-17 17:17 - 2014-02-17 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\FRSTLauncher (2).exe
2014-02-17 17:16 - 2014-02-17 17:16 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\Nepotvrzeno 856973.crdownload
2014-02-17 17:15 - 2014-02-17 17:18 - 01141248 _____ (Farbar) C:\Users\Josef\Desktop\FRST.exe
2014-02-17 17:15 - 2014-02-17 17:15 - 01141248 _____ (Farbar) C:\Users\Josef\Downloads\FRST.exe
2014-02-17 17:12 - 2014-01-30 08:46 - 00000000 ____D () C:\pracovni
2014-02-17 17:07 - 2009-07-14 05:34 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-17 17:07 - 2009-07-14 05:34 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-17 17:03 - 2013-11-18 16:35 - 02027919 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 17:01 - 2013-12-08 19:54 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Skype
2014-02-17 17:00 - 2014-02-17 16:27 - 00006719 _____ () C:\zoek-results.log
2014-02-17 16:58 - 2014-02-17 15:35 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 16:58 - 2014-02-17 15:09 - 00001316 _____ () C:\Windows\PFRO.log
2014-02-17 16:58 - 2014-02-17 15:09 - 00000280 _____ () C:\Windows\setupact.log
2014-02-17 16:58 - 2014-02-16 23:24 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-17 16:58 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 16:48 - 2014-02-17 16:57 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-17 16:45 - 2014-02-17 16:49 - 00007818 _____ () C:\zoek-results2014-02-17-154508.log
2014-02-17 16:44 - 2010-11-20 22:01 - 01713070 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 16:40 - 2014-02-17 15:35 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 16:35 - 2014-02-17 16:27 - 00000000 ____D () C:\zoek_backup
2014-02-17 16:35 - 2013-11-18 16:46 - 00000000 ____D () C:\Users\Josef
2014-02-17 16:26 - 2014-02-17 16:48 - 01284608 _____ () C:\Users\Josef\Desktop\zoek.exe
2014-02-17 16:26 - 2014-02-17 16:26 - 01284608 _____ () C:\Users\Josef\Downloads\zoek.exe
2014-02-17 15:54 - 2014-02-17 15:53 - 00000000 ____D () C:\rsit
2014-02-17 15:53 - 2014-02-17 15:53 - 00781383 _____ () C:\Users\Josef\Downloads\RSIT.exe
2014-02-17 15:53 - 2014-02-17 15:53 - 00000000 ____D () C:\Program Files\trend micro
2014-02-17 15:38 - 2013-11-18 22:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-17 15:37 - 2014-02-17 15:36 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-02-17 15:37 - 2013-11-18 22:14 - 00000000 ____D () C:\Program Files\Java
2014-02-17 15:37 - 2013-11-18 18:48 - 00000000 ____D () C:\Users\Josef\AppData\Local\Google
2014-02-17 15:36 - 2014-02-17 15:36 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-17 15:36 - 2013-11-18 18:48 - 00000000 ____D () C:\Program Files\Google
2014-02-17 15:34 - 2013-11-18 18:48 - 00000000 ____D () C:\Users\Josef\AppData\Local\Deployment
2014-02-17 15:22 - 2014-02-17 15:22 - 00007584 _____ () C:\Users\Josef\Documents\záložky_17.2.14.html
2014-02-17 15:09 - 2014-02-17 15:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-17 15:05 - 2014-02-17 15:05 - 00060866 _____ () C:\Users\Josef\Documents\cc_20140217_150544.reg
2014-02-17 15:05 - 2014-02-17 07:39 - 00000000 ____D () C:\Users\Josef\AppData\Local\CrashDumps
2014-02-17 15:03 - 2014-02-17 13:31 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-02-17 14:49 - 2014-02-16 22:33 - 00000000 ____D () C:\Users\Josef\Desktop\RK_Quarantine
2014-02-17 14:32 - 2014-02-17 12:23 - 00000000 ____D () C:\AdwCleaner
2014-02-17 13:48 - 2014-01-02 18:17 - 00000000 ____D () C:\Program Files\Y+ Image Converter
2014-02-17 13:31 - 2014-02-17 13:31 - 00010278 _____ () C:\Users\Josef\Documents\HitmanPro_20140217_1331.log
2014-02-17 13:31 - 2014-02-17 13:25 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-17 13:26 - 2014-02-17 13:26 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-17 13:26 - 2014-02-17 13:26 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-17 13:17 - 2014-02-17 13:17 - 09988304 _____ (SurfRight B.V.) C:\Users\Josef\Downloads\HitmanPro.exe
2014-02-17 12:46 - 2014-02-17 12:46 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Malwarebytes
2014-02-17 12:45 - 2014-02-17 12:45 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-17 12:45 - 2014-02-17 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 12:45 - 2014-02-17 12:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 12:44 - 2014-02-17 12:44 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Josef\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-17 12:35 - 2014-02-17 12:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 12:34 - 2014-02-17 12:34 - 01037530 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-02-17 12:23 - 2014-02-17 12:23 - 01166132 _____ () C:\Users\Josef\Downloads\adwcleaner.exe
2014-02-17 09:10 - 2014-02-17 09:10 - 02347384 _____ (ESET) C:\Users\Josef\Downloads\esetsmartinstaller_enu.exe
2014-02-16 23:41 - 2014-02-16 23:41 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\LavasoftStatistics
2014-02-16 23:40 - 2014-02-16 23:40 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Lavasoft
2014-02-16 23:23 - 2014-02-16 23:23 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-16 23:22 - 2014-02-16 23:22 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-16 23:21 - 2014-02-16 23:21 - 01727624 _____ () C:\Users\Josef\Downloads\Adaware_Installer.exe
2014-02-16 23:21 - 2014-02-16 23:21 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-16 23:05 - 2014-02-16 19:12 - 01893194 _____ () C:\Users\Josef\Documents\Dream senescence - Josef Ulrich.pptx
2014-02-16 22:49 - 2014-02-16 22:49 - 00006286 _____ () C:\Users\Josef\Documents\cc_20140216_224930.reg
2014-02-16 22:44 - 2014-02-16 22:44 - 00003938 _____ () C:\Users\Josef\Documents\RKreport[0]_S_02162014_223842.txt
2014-02-16 22:31 - 2014-02-16 22:31 - 03813376 _____ () C:\Users\Josef\Downloads\RogueKiller (1).exe
2014-02-16 22:30 - 2014-02-16 22:30 - 03809280 _____ () C:\Users\Josef\Downloads\RogueKiller.exe
2014-02-16 22:27 - 2014-02-15 12:36 - 00000000 ____D () C:\Users\Josef\AppData\Local\PirritSuggestor
2014-02-16 17:23 - 2014-02-03 09:29 - 00021183 _____ () C:\Users\Josef\Documents\Evidenční tabulka.xlsx
2014-02-14 13:38 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-14 09:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-13 12:57 - 2014-02-13 12:42 - 00000000 ____D () C:\Users\Josef\Documents\Karolka - učení
2014-02-13 12:52 - 2014-02-13 12:51 - 09409045 _____ () C:\Users\Josef\Downloads\ZSEI-Základy-světové-a-evropské-integrace.rar
2014-02-13 12:41 - 2014-02-13 12:41 - 00305174 _____ () C:\Users\Josef\Downloads\Filosofie-a-základy-etiky.rar
2014-02-13 09:28 - 2013-11-18 17:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 09:18 - 2013-11-18 17:12 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 09:13 - 2014-02-13 09:13 - 00001316 _____ () C:\Users\Josef\Desktop\Dokumenty CEPA.lnk
2014-02-13 09:12 - 2013-11-20 14:13 - 00000000 ___RD () C:\Users\Josef\SharePoint
2014-02-13 00:21 - 2014-02-13 00:21 - 00035022 ____H () C:\Users\Josef\Documents\~WRL0450.tmp
2014-02-12 21:15 - 2014-02-12 21:00 - 00000000 ____D () C:\Users\Josef\AppData\Local\Windows Live
2014-02-12 21:07 - 2014-02-12 21:07 - 00000000 ____D () C:\Windows\cs
2014-02-12 21:06 - 2014-02-12 21:06 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-02-12 21:06 - 2014-02-12 21:05 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-12 21:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-12 21:00 - 2014-02-12 21:00 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-02-12 20:59 - 2014-02-12 20:59 - 01243120 _____ (společnost Microsoft Corporation) C:\Users\Josef\Downloads\wlsetup-web.exe
2014-02-12 14:35 - 2014-02-12 14:35 - 00014438 _____ () C:\Users\Josef\Downloads\zivotopis Lucie.odt
2014-02-10 23:20 - 2014-02-10 23:20 - 00232960 _____ () C:\Users\Josef\Downloads\Calc_NZU_0710.xlsm
2014-02-10 23:19 - 2014-02-10 23:19 - 02077490 _____ () C:\Users\Josef\Downloads\NZU web.zip
2014-02-10 15:09 - 2014-02-10 15:09 - 00014438 _____ () C:\Users\Josef\Downloads\ivotopis Lucie.odt
2014-02-09 17:47 - 2014-02-09 17:47 - 00545880 _____ () C:\Users\Josef\Downloads\PRÁVO FRANC.zip
2014-02-07 14:48 - 2014-02-07 14:48 - 02067968 _____ () C:\Users\Josef\Downloads\1400lRizeni_zasob.ppt
2014-02-06 11:38 - 2014-02-13 09:29 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:20 - 2014-02-13 09:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:19 - 2014-02-13 09:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:01 - 2014-02-13 09:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:00 - 2014-02-13 09:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 09:29 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 10:52 - 2014-02-13 09:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 09:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:49 - 2014-02-13 09:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:47 - 2014-02-13 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:47 - 2014-02-13 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:46 - 2014-02-13 09:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:34 - 2014-02-13 09:29 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:25 - 2014-02-13 09:29 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:25 - 2014-02-13 09:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:13 - 2014-02-13 09:29 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 09:29 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 09:29 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:41 - 2014-02-13 09:29 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:36 - 2014-02-13 09:29 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:34 - 2014-02-13 09:29 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 22:10 - 2014-02-05 22:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-05 22:01 - 2014-02-05 22:00 - 06951048 _____ (Microsoft Corporation) C:\Users\Josef\Downloads\Silverlight.exe
2014-02-05 14:29 - 2014-02-05 14:29 - 00160256 _____ () C:\Users\Josef\Downloads\MOTIVACE.ppt
2014-02-05 11:21 - 2014-02-05 11:20 - 01270272 _____ () C:\Users\Josef\Downloads\SvF_rezim-schvalovani-sablon_2014_02_03.xls
2014-02-05 10:22 - 2013-11-22 06:58 - 00000000 ____D () C:\Users\Josef\Documents\Poznámkové bloky aplikace OneNote
2014-02-05 08:28 - 2014-02-05 08:28 - 00000165 ____H () C:\Users\Josef\Documents\~$Evidenční tabulka.xlsx
2014-02-04 17:06 - 2013-11-18 17:21 - 00111904 _____ () C:\Users\Josef\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-04 17:06 - 2009-07-14 05:33 - 00438944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-04 14:23 - 2014-02-04 14:23 - 00046592 _____ () C:\Users\Josef\Downloads\uznámí předmětu.xls
2014-02-04 13:33 - 2014-02-04 13:26 - 00041472 _____ () C:\Users\Josef\Downloads\zadost_o_uznani_zapoctu_a_zkousek-2.xls
2014-02-04 13:32 - 2014-02-04 13:32 - 00019968 _____ () C:\Users\Josef\Downloads\Uzn__n___z__po__t___a_zkou__ek.xls
2014-02-03 19:39 - 2014-02-03 19:39 - 00047961 _____ () C:\Users\Josef\Desktop\Bylo nás pět.htm
2014-02-02 14:06 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-01-31 10:30 - 2014-01-31 10:27 - 01308784 _____ () C:\Users\Josef\Documents\862_Harmonogram-Ulrich-změna.xlsx
2014-01-30 14:38 - 2014-01-30 11:35 - 00027083 _____ () C:\Users\Josef\Documents\Schválené projekty výzvy 94 - Adaptabilita VELKÉ PODNIKY.xlsx
2014-01-30 11:30 - 2014-01-28 15:27 - 00028761 _____ () C:\Users\Josef\Documents\Kopie - Schválené-projekty-výzvy94-Adaptabilita-MALÉ PODNIKY.xlsx
2014-01-29 18:17 - 2014-01-29 18:13 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Xilisoft
2014-01-29 18:13 - 2014-01-29 18:13 - 00000000 ____D () C:\Users\Josef\Documents\Xilisoft
2014-01-29 18:13 - 2014-01-29 18:13 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Macromedia
2014-01-29 18:13 - 2014-01-29 18:13 - 00000000 ____D () C:\Users\Josef\AppData\Local\Xilisoft
2014-01-29 18:10 - 2014-01-29 18:10 - 20761594 _____ () C:\Users\Josef\Downloads\x-download-youtube-video2.exe
2014-01-29 12:37 - 2014-01-29 12:37 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-01-28 19:07 - 2014-01-28 18:56 - 00678085 ____H () C:\Users\Josef\Documents\~WRL1636.tmp
2014-01-28 18:59 - 2014-01-28 18:59 - 00000165 ____H () C:\Users\Josef\Documents\~$Dream senescence s.r.o. - Josef Ulrich - final.pptx
2014-01-28 15:27 - 2014-01-28 15:27 - 00000165 ____H () C:\Users\Josef\Documents\~$Kopie - Schválené-projekty-výzvy94-Adaptabilita-MALÉ PODNIKY.xlsx
2014-01-28 13:56 - 2014-01-07 18:18 - 00000000 ____D () C:\Windows\Minidump
2014-01-28 13:56 - 2013-11-18 16:31 - 00000000 ____D () C:\Windows\Panther
2014-01-28 13:33 - 2014-01-28 13:33 - 00155504 _____ () C:\Users\Josef\Documents\cc_20140128_133346.reg
2014-01-28 13:32 - 2014-01-28 13:32 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-28 13:32 - 2014-01-28 13:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-28 13:30 - 2014-01-28 13:29 - 04721920 _____ (Piriform Ltd) C:\Users\Josef\Downloads\ccsetup410.exe
2014-01-27 21:58 - 2014-01-15 19:44 - 00000000 ____D () C:\Users\Josef\Documents\Vlastní šablony Office
2014-01-27 21:57 - 2014-01-27 21:57 - 00061147 _____ () C:\Users\Josef\Documents\Pracovní výkaz stážisty - Ulrich Josef.xlsm
2014-01-27 21:52 - 2014-01-27 21:44 - 00084992 _____ () C:\Users\Josef\Documents\Pracovní výkaz stážisty - Ulrich Josef.xls
2014-01-27 21:24 - 2014-01-16 00:39 - 00082944 _____ () C:\Users\Josef\Desktop\Pracovní výkaz stážisty 97-03.xls
2014-01-27 18:52 - 2014-01-02 18:17 - 00000000 ____D () C:\Users\Josef\Desktop\milacek
2014-01-27 08:30 - 2014-01-27 08:30 - 11839880 _____ (Hewlett-Packard ) C:\Users\Josef\Downloads\sp48679.exe
2014-01-27 08:25 - 2014-01-27 08:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Josef\Downloads\MicrosoftFixit.Devices.RNP.1393135888561776.2.1.Run.exe
2014-01-26 17:09 - 2014-01-26 17:09 - 00026677 _____ () C:\Users\Josef\Downloads\20. Listina základních práv a svobod.odt
2014-01-26 17:09 - 2014-01-26 15:41 - 731924480 _____ () C:\Users\Josef\Downloads\50-krát-a-stále-poprvé-cz.avi
2014-01-26 17:08 - 2014-01-26 17:08 - 00031797 _____ () C:\Users\Josef\Downloads\15.Evropská unie – vznik, hlavní smlouvy, pilíře, orgány EU.odt
2014-01-25 21:23 - 2014-01-25 20:38 - 373745101 _____ () C:\Users\Josef\Downloads\50-krát-a-stále-poprvé-cz.avi.crdownload
2014-01-25 19:09 - 2014-01-25 19:09 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-22 22:29 - 2014-01-22 22:26 - 00000000 ____D () C:\Users\Josef\Downloads\ples
2014-01-22 22:25 - 2014-01-22 22:04 - 1188112131 _____ () C:\Users\Josef\Downloads\ples.zip
2014-01-21 22:02 - 2014-01-04 23:10 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\FlvtoConverter
2014-01-20 22:21 - 2014-01-20 21:59 - 00635620 _____ () C:\Users\Josef\Documents\a-medicos - prezentace - final2.pptx
2014-01-20 22:21 - 2014-01-20 14:17 - 00501762 _____ () C:\Users\Josef\Documents\a-medicos - prezentace - final.pptx
2014-01-20 15:44 - 2014-01-20 15:44 - 01260032 _____ () C:\Users\Josef\Downloads\Kopie - Rezim sablon stazi 18 12 2013_aktualizace k 30 12 2013 (1).xls
2014-01-19 10:54 - 2014-01-19 10:54 - 01302800 _____ () C:\Users\Josef\Downloads\862_Harmonogram (2).xlsx
2014-01-19 10:31 - 2014-01-19 10:31 - 03225432 _____ () C:\Users\Josef\Downloads\test.rar
2014-01-19 08:32 - 2013-11-18 17:07 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 13:14 - 2014-01-18 13:14 - 00373207 _____ () C:\Users\Josef\Documents\a-medicos - prezentace.pptx

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 17:15




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.66 GB) (Free:387.48 GB) NTFS

Available physical RAM: 1619.9 MB
Total physical RAM: 3036.27 MB
Percentage of memory in use: 46%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B05CD80C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Josef\Desktop" je 53 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
bosss15
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 16 úno 2014 23:08

Re: 1place.org a hotspotaward malware - bosss15

#10 Příspěvek od bosss15 »

additional.zip
Přílohy
Addition.zip
additional
(14.89 KiB) Staženo 103 x
Nahoru
bosss15
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 16 úno 2014 23:08

Re: 1place.org a hotspotaward malware - bosss15

#11 Příspěvek od bosss15 »

Je to ono? co jsi potřeboval? :?:
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: 1place.org a hotspotaward malware - bosss15

#12 Příspěvek od vyosek »

:arrow: Odinstalujte Ad-Aware Antivirus

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [3643224 2014-01-23] ()
HKU\S-1-5-21-4046643792-4147377480-1180286658-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4046643792-4147377480-1180286658-1000\...\MountPoints2: {57bb0d32-56f8-11e3-8485-00247eb51cad} - F:\SETUP.EXE
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9880
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

FF Extension: Pirrit Suggestor - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi [2014-01-04]

CHR HKLM\...\Chrome\Extension: [hglljpndoeopcpehilglkbnincooinnb] - C:\Users\Josef\AppData\Local\Flvto Plugin for Google Chrome\the_extension.crx [2014-02-17]

R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [651232 2014-01-23] ()
U2 PirritDesktop; C:\Users\Josef\AppData\Local\PirritSuggestor\PirritService.exe [52568 2014-02-14] ()

C:\Program Files\Lavasoft
C:\Users\Josef\AppData\Local\PirritSuggestor
2014-02-17 17:18 - 2014-02-17 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Desktop\FRSTLauncher.exe
2014-02-17 17:17 - 2014-02-17 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\Nepotvrzeno 473550.crdownload
2014-02-17 17:17 - 2014-02-17 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\FRSTLauncher (2).exe
2014-02-17 17:16 - 2014-02-17 17:16 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\Nepotvrzeno 856973.crdownload
2014-02-17 17:15 - 2014-02-17 17:15 - 01141248 _____ (Farbar) C:\Users\Josef\Downloads\FRST.exe
2014-02-17 16:57 - 2014-02-17 16:48 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-17 16:49 - 2014-02-17 16:45 - 00007818 _____ () C:\zoek-results2014-02-17-154508.log
2014-02-17 16:48 - 2014-02-17 16:26 - 01284608 _____ () C:\Users\Josef\Desktop\zoek.exe
2014-02-17 16:27 - 2014-02-17 17:00 - 00006719 _____ () C:\zoek-results.log
2014-02-17 16:27 - 2014-02-17 16:35 - 00000000 ____D () C:\zoek_backup
2014-02-17 16:26 - 2014-02-17 16:26 - 01284608 _____ () C:\Users\Josef\Downloads\zoek.exe
2014-02-17 15:53 - 2014-02-17 15:53 - 00781383 _____ () C:\Users\Josef\Downloads\RSIT.exe
2014-02-17 13:31 - 2014-02-17 15:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-02-17 13:31 - 2014-02-17 13:31 - 00010278 _____ () C:\Users\Josef\Documents\HitmanPro_20140217_1331.log
2014-02-17 13:26 - 2014-02-17 13:26 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-17 13:26 - 2014-02-17 13:26 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-17 13:25 - 2014-02-17 13:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-17 13:17 - 2014-02-17 13:17 - 09988304 _____ (SurfRight B.V.) C:\Users\Josef\Downloads\HitmanPro.exe
2014-02-17 12:34 - 2014-02-17 12:34 - 01037530 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-02-17 12:23 - 2014-02-17 12:23 - 01166132 _____ () C:\Users\Josef\Downloads\adwcleaner.exe
2014-02-17 09:10 - 2014-02-17 09:10 - 02347384 _____ (ESET) C:\Users\Josef\Downloads\esetsmartinstaller_enu.exe
014-02-16 23:41 - 2014-02-16 23:41 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\LavasoftStatistics
2014-02-16 23:40 - 2014-02-16 23:40 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Lavasoft
2014-02-16 23:24 - 2014-02-17 16:58 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-16 23:23 - 2014-02-16 23:23 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-16 23:22 - 2014-02-16 23:22 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-16 23:21 - 2014-02-16 23:21 - 01727624 _____ () C:\Users\Josef\Downloads\Adaware_Installer.exe
2014-02-16 23:21 - 2014-02-16 23:21 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-16 22:44 - 2014-02-16 22:44 - 00003938 _____ () C:\Users\Josef\Documents\RKreport[0]_S_02162014_223842.txt
2014-02-16 22:33 - 2014-02-17 14:49 - 00000000 ____D () C:\Users\Josef\Desktop\RK_Quarantine
2014-02-16 22:31 - 2014-02-16 22:31 - 03813376 _____ () C:\Users\Josef\Downloads\RogueKiller (1).exe
2014-02-16 22:30 - 2014-02-16 22:30 - 03809280 _____ () C:\Users\Josef\Downloads\RogueKiller.exe
2014-02-15 12:36 - 2014-02-16 22:27 - 00000000 ____D () C:\Users\Josef\AppData\Local\PirritSuggestor

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Hosts:
CMD: shutdown /r /f /t 2

End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
bosss15
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 16 úno 2014 23:08

Re: 1place.org a hotspotaward malware - bosss15

#13 Příspěvek od bosss15 »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-02-2014
Ran by Josef at 2014-02-18 15:32:12 Run:1
Running from C:\Users\Josef\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [3643224 2014-01-23] ()
HKU\S-1-5-21-4046643792-4147377480-1180286658-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4046643792-4147377480-1180286658-1000\...\MountPoints2: {57bb0d32-56f8-11e3-8485-00247eb51cad} - F:\SETUP.EXE
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9880
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}

FF Extension: Pirrit Suggestor - C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi [2014-01-04]

CHR HKLM\...\Chrome\Extension: [hglljpndoeopcpehilglkbnincooinnb] - C:\Users\Josef\AppData\Local\Flvto Plugin for Google Chrome\the_extension.crx [2014-02-17]

R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [651232 2014-01-23] ()
U2 PirritDesktop; C:\Users\Josef\AppData\Local\PirritSuggestor\PirritService.exe [52568 2014-02-14] ()

C:\Program Files\Lavasoft
C:\Users\Josef\AppData\Local\PirritSuggestor
2014-02-17 17:18 - 2014-02-17 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Desktop\FRSTLauncher.exe
2014-02-17 17:17 - 2014-02-17 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\Nepotvrzeno 473550.crdownload
2014-02-17 17:17 - 2014-02-17 17:17 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\FRSTLauncher (2).exe
2014-02-17 17:16 - 2014-02-17 17:16 - 00112640 _____ (forum.viry.cz) C:\Users\Josef\Downloads\Nepotvrzeno 856973.crdownload
2014-02-17 17:15 - 2014-02-17 17:15 - 01141248 _____ (Farbar) C:\Users\Josef\Downloads\FRST.exe
2014-02-17 16:57 - 2014-02-17 16:48 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-17 16:49 - 2014-02-17 16:45 - 00007818 _____ () C:\zoek-results2014-02-17-154508.log
2014-02-17 16:48 - 2014-02-17 16:26 - 01284608 _____ () C:\Users\Josef\Desktop\zoek.exe
2014-02-17 16:27 - 2014-02-17 17:00 - 00006719 _____ () C:\zoek-results.log
2014-02-17 16:27 - 2014-02-17 16:35 - 00000000 ____D () C:\zoek_backup
2014-02-17 16:26 - 2014-02-17 16:26 - 01284608 _____ () C:\Users\Josef\Downloads\zoek.exe
2014-02-17 15:53 - 2014-02-17 15:53 - 00781383 _____ () C:\Users\Josef\Downloads\RSIT.exe
2014-02-17 13:31 - 2014-02-17 15:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-02-17 13:31 - 2014-02-17 13:31 - 00010278 _____ () C:\Users\Josef\Documents\HitmanPro_20140217_1331.log
2014-02-17 13:26 - 2014-02-17 13:26 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-17 13:26 - 2014-02-17 13:26 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-17 13:25 - 2014-02-17 13:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-17 13:17 - 2014-02-17 13:17 - 09988304 _____ (SurfRight B.V.) C:\Users\Josef\Downloads\HitmanPro.exe
2014-02-17 12:34 - 2014-02-17 12:34 - 01037530 _____ (Thisisu) C:\Users\Josef\Downloads\JRT.exe
2014-02-17 12:23 - 2014-02-17 12:23 - 01166132 _____ () C:\Users\Josef\Downloads\adwcleaner.exe
2014-02-17 09:10 - 2014-02-17 09:10 - 02347384 _____ (ESET) C:\Users\Josef\Downloads\esetsmartinstaller_enu.exe
014-02-16 23:41 - 2014-02-16 23:41 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\LavasoftStatistics
2014-02-16 23:40 - 2014-02-16 23:40 - 00000000 ____D () C:\Users\Josef\AppData\Roaming\Lavasoft
2014-02-16 23:24 - 2014-02-17 16:58 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-02-16 23:23 - 2014-02-16 23:23 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-16 23:22 - 2014-02-16 23:22 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-16 23:21 - 2014-02-16 23:21 - 01727624 _____ () C:\Users\Josef\Downloads\Adaware_Installer.exe
2014-02-16 23:21 - 2014-02-16 23:21 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-16 22:44 - 2014-02-16 22:44 - 00003938 _____ () C:\Users\Josef\Documents\RKreport[0]_S_02162014_223842.txt
2014-02-16 22:33 - 2014-02-17 14:49 - 00000000 ____D () C:\Users\Josef\Desktop\RK_Quarantine
2014-02-16 22:31 - 2014-02-16 22:31 - 03813376 _____ () C:\Users\Josef\Downloads\RogueKiller (1).exe
2014-02-16 22:30 - 2014-02-16 22:30 - 03809280 _____ () C:\Users\Josef\Downloads\RogueKiller.exe
2014-02-15 12:36 - 2014-02-16 22:27 - 00000000 ____D () C:\Users\Josef\AppData\Local\PirritSuggestor

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdAwareTray => Unable to delete value
HKU\S-1-5-21-4046643792-4147377480-1180286658-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57bb0d32-56f8-11e3-8485-00247eb51cad} => Key not found.
HKCR\CLSID\{57bb0d32-56f8-11e3-8485-00247eb51cad} => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
C:\Users\Josef\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\hglljpndoeopcpehilglkbnincooinnb => Key deleted successfully.
"C:\Users\Josef\AppData\Local\Flvto Plugin for Google Chrome\the_extension.crx" => File/Directory not found.
LavasoftAdAwareService11 => Service not found.
PirritDesktop => Service deleted successfully.
"C:\Program Files\Lavasoft" => File/Directory not found.
C:\Users\Josef\AppData\Local\PirritSuggestor => Moved successfully.
C:\Users\Josef\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Josef\Downloads\Nepotvrzeno 473550.crdownload => Moved successfully.
C:\Users\Josef\Downloads\FRSTLauncher (2).exe => Moved successfully.
C:\Users\Josef\Downloads\Nepotvrzeno 856973.crdownload => Moved successfully.
C:\Users\Josef\Downloads\FRST.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results2014-02-17-154508.log => Moved successfully.
C:\Users\Josef\Desktop\zoek.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Josef\Downloads\zoek.exe => Moved successfully.
C:\Users\Josef\Downloads\RSIT.exe => Moved successfully.
C:\Windows\system32\bootdelete.exe => Moved successfully.
C:\Users\Josef\Documents\HitmanPro_20140217_1331.log => Moved successfully.
C:\Users\Public\Desktop\HitmanPro.lnk => Moved successfully.
C:\Program Files\HitmanPro => Moved successfully.
C:\ProgramData\HitmanPro => Moved successfully.
C:\Users\Josef\Downloads\HitmanPro.exe => Moved successfully.
C:\Users\Josef\Downloads\JRT.exe => Moved successfully.
C:\Users\Josef\Downloads\adwcleaner.exe => Moved successfully.
C:\Users\Josef\Downloads\esetsmartinstaller_enu.exe => Moved successfully.
"C:\Users\Josef\AppData\Roaming\Lavasoft" => File/Directory not found.
"C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk" => File/Directory not found.
"C:\Program Files\Lavasoft" => File/Directory not found.
"C:\Program Files\Common Files\Lavasoft" => File/Directory not found.
C:\Users\Josef\Downloads\Adaware_Installer.exe => Moved successfully.
C:\ProgramData\Lavasoft => Moved successfully.
C:\Users\Josef\Documents\RKreport[0]_S_02162014_223842.txt => Moved successfully.
C:\Users\Josef\Desktop\RK_Quarantine => Moved successfully.
C:\Users\Josef\Downloads\RogueKiller (1).exe => Moved successfully.
C:\Users\Josef\Downloads\RogueKiller.exe => Moved successfully.
"C:\Users\Josef\AppData\Local\PirritSuggestor" => File/Directory not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: 1place.org a hotspotaward malware - bosss15

#14 Příspěvek od vyosek »

:arrow: Stahnete Host permissions http://www.bleepingcomputer.com/download/hosts-permbat/
  • Ulozte na plochu a spustte
  • Probehne oprava, objevi se hlaska o uspesne resetu prav k hosts souboru
  • Stisknete libovolnou klavesu k ukonceni
:arrow: Pak znovu vytvorte fixlist.txt s timto obsahem

Kód: Vybrat vše

Start

Hosts:

End
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
bosss15
Návštěvník
Návštěvník
Příspěvky: 29
Registrován: 16 úno 2014 23:08

Re: 1place.org a hotspotaward malware - bosss15

#15 Příspěvek od bosss15 »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-02-2014
Ran by Josef at 2014-02-18 15:49:10 Run:2
Running from C:\Users\Josef\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start

Hosts:

End
*****************

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“