V IE mě neustále vyskakují okna z reklamou

Zpráva

Beskyd1 · #1 Příspěvek od **Beskyd1** » 02 dub 2014 20:07

V IE mě vyskakujou okna z reklamou skoro při každém kliknutí na stránkách.Zkusil jsem AdwCleaner a po kontrole mě přestal jít internet,pc hlásil "NEBYL NALEZEN PROXY SERVER" a nakonec jsem to musel vrátit přes bod obnovení.Přidávám log RSIT.Díky za pomoc JAKUB.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Jakub at 2014-04-02 20:38:27
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 75 GB (63%) free of 119 GB
Total RAM: 4061 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:38:59, on 2.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Users\Jakub\AppData\Local\PirritSuggestor\PirritDesktop.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\trend micro\Jakub.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 216.239.32.20 google.com www.google.com
O1 - Hosts: 216.239.32.20 google.com www.google.ad
O1 - Hosts: 216.239.32.20 google.com www.google.ae
O1 - Hosts: 216.239.32.20 google.com www.google.com.af
O1 - Hosts: 216.239.32.20 google.com www.google.com.ag
O1 - Hosts: 216.239.32.20 google.com www.google.com.ai
O1 - Hosts: 216.239.32.20 google.com www.google.al
O1 - Hosts: 216.239.32.20 google.com www.google.am
O1 - Hosts: 216.239.32.20 google.com www.google.co.ao
O1 - Hosts: 216.239.32.20 google.com www.google.com.ar
O1 - Hosts: 216.239.32.20 google.com www.google.as
O1 - Hosts: 216.239.32.20 google.com www.google.at
O1 - Hosts: 216.239.32.20 google.com www.google.com.au
O1 - Hosts: 216.239.32.20 google.com www.google.az
O1 - Hosts: 216.239.32.20 google.com www.google.ba
O1 - Hosts: 216.239.32.20 google.com www.google.com.bd
O1 - Hosts: 216.239.32.20 google.com www.google.be
O1 - Hosts: 216.239.32.20 google.com www.google.bf
O1 - Hosts: 216.239.32.20 google.com www.google.bg
O1 - Hosts: 216.239.32.20 google.com www.google.com.bh
O1 - Hosts: 216.239.32.20 google.com www.google.bi
O1 - Hosts: 216.239.32.20 google.com www.google.bj
O1 - Hosts: 216.239.32.20 google.com www.google.com.bn
O1 - Hosts: 216.239.32.20 google.com www.google.com.bo
O1 - Hosts: 216.239.32.20 google.com www.google.com.br
O1 - Hosts: 216.239.32.20 google.com www.google.bs
O1 - Hosts: 216.239.32.20 google.com www.google.bt
O1 - Hosts: 216.239.32.20 google.com www.google.co.bw
O1 - Hosts: 216.239.32.20 google.com www.google.by
O1 - Hosts: 216.239.32.20 google.com www.google.com.bz
O1 - Hosts: 216.239.32.20 google.com www.google.ca
O1 - Hosts: 216.239.32.20 google.com www.google.cd
O1 - Hosts: 216.239.32.20 google.com www.google.cf
O1 - Hosts: 216.239.32.20 google.com www.google.cg
O1 - Hosts: 216.239.32.20 google.com www.google.ch
O1 - Hosts: 216.239.32.20 google.com www.google.ci
O1 - Hosts: 216.239.32.20 google.com www.google.co.ck
O1 - Hosts: 216.239.32.20 google.com www.google.cl
O1 - Hosts: 216.239.32.20 google.com www.google.cm
O1 - Hosts: 216.239.32.20 google.com www.google.cn
O1 - Hosts: 216.239.32.20 google.com www.google.com.co
O1 - Hosts: 216.239.32.20 google.com www.google.co.cr
O1 - Hosts: 216.239.32.20 google.com www.google.com.cu
O1 - Hosts: 216.239.32.20 google.com www.google.cv
O1 - Hosts: 216.239.32.20 google.com www.google.com.cy
O1 - Hosts: 216.239.32.20 google.com www.google.cz
O1 - Hosts: 216.239.32.20 google.com www.google.de
O1 - Hosts: 216.239.32.20 google.com www.google.dj
O1 - Hosts: 216.239.32.20 google.com www.google.dk
O1 - Hosts: 216.239.32.20 google.com www.google.dm
O1 - Hosts: 216.239.32.20 google.com www.google.com.do
O1 - Hosts: 216.239.32.20 google.com www.google.dz
O1 - Hosts: 216.239.32.20 google.com www.google.com.ec
O1 - Hosts: 216.239.32.20 google.com www.google.ee
O1 - Hosts: 216.239.32.20 google.com www.google.com.eg
O1 - Hosts: 216.239.32.20 google.com www.google.es
O1 - Hosts: 216.239.32.20 google.com www.google.com.et
O1 - Hosts: 216.239.32.20 google.com www.google.fi
O1 - Hosts: 216.239.32.20 google.com www.google.com.fj
O1 - Hosts: 216.239.32.20 google.com www.google.fm
O1 - Hosts: 216.239.32.20 google.com www.google.fr
O1 - Hosts: 216.239.32.20 google.com www.google.ga
O1 - Hosts: 216.239.32.20 google.com www.google.ge
O1 - Hosts: 216.239.32.20 google.com www.google.gg
O1 - Hosts: 216.239.32.20 google.com www.google.com.gh
O1 - Hosts: 216.239.32.20 google.com www.google.com.gi
O1 - Hosts: 216.239.32.20 google.com www.google.gl
O1 - Hosts: 216.239.32.20 google.com www.google.gm
O1 - Hosts: 216.239.32.20 google.com www.google.gp
O1 - Hosts: 216.239.32.20 google.com www.google.gr
O1 - Hosts: 216.239.32.20 google.com www.google.com.gt
O1 - Hosts: 216.239.32.20 google.com www.google.gy
O1 - Hosts: 216.239.32.20 google.com www.google.com.hk
O1 - Hosts: 216.239.32.20 google.com www.google.hn
O1 - Hosts: 216.239.32.20 google.com www.google.hr
O1 - Hosts: 216.239.32.20 google.com www.google.ht
O1 - Hosts: 216.239.32.20 google.com www.google.hu
O1 - Hosts: 216.239.32.20 google.com www.google.co.id
O1 - Hosts: 216.239.32.20 google.com www.google.ie
O1 - Hosts: 216.239.32.20 google.com www.google.co.il
O1 - Hosts: 216.239.32.20 google.com www.google.im
O1 - Hosts: 216.239.32.20 google.com www.google.co.in
O1 - Hosts: 216.239.32.20 google.com www.google.iq
O1 - Hosts: 216.239.32.20 google.com www.google.is
O1 - Hosts: 216.239.32.20 google.com www.google.it
O1 - Hosts: 216.239.32.20 google.com www.google.je
O1 - Hosts: 216.239.32.20 google.com www.google.com.jm
O1 - Hosts: 216.239.32.20 google.com www.google.jo
O1 - Hosts: 216.239.32.20 google.com www.google.co.jp
O1 - Hosts: 216.239.32.20 google.com www.google.co.ke
O1 - Hosts: 216.239.32.20 google.com www.google.com.kh
O1 - Hosts: 216.239.32.20 google.com www.google.ki
O1 - Hosts: 216.239.32.20 google.com www.google.kg
O1 - Hosts: 216.239.32.20 google.com www.google.co.kr
O1 - Hosts: 216.239.32.20 google.com www.google.com.kw
O1 - Hosts: 216.239.32.20 google.com www.google.kz
O1 - Hosts: 216.239.32.20 google.com www.google.la
O1 - Hosts: 216.239.32.20 google.com www.google.com.lb
O1 - Hosts: 216.239.32.20 google.com www.google.li
O1 - Hosts: 216.239.32.20 google.com www.google.lk
O1 - Hosts: 216.239.32.20 google.com www.google.co.ls
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - mscoree.dll (file missing)
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - (no file)
O4 - HKLM\..\Run: [ATKMEDIA] c:\program files (x86)\asus\atk media\dmedia.exe
O4 - HKLM\..\Run: [ATKOSD2] c:\program files (x86)\asus\atkosd2\atkosd2.exe
O4 - HKLM\..\Run: [HControlUser] c:\program files (x86)\asus\atk hotkey\hcontroluser.exe
O4 - HKLM\..\Run: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe -r
O4 - HKLM\..\Run: [UpdateP2GoShortCut] c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0
O4 - HKLM\..\Run: [UpdateLBPShortCut] c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] c:\program files (x86)\microsoft office\office12\groovemonitor.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\MOVIES~1\SAFETY~1\SAFETY~2.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PirritDesktop - Unknown owner - C:\Users\Jakub\AppData\Local\PirritSuggestor\PirritService.exe
O23 - Service: PirritUpdater - Unknown owner - C:\Program Files (x86)\Pirrit\AutoUpdater.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SafetyNut Manager (SafetyNutManager) - SafetyNut Inc. - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinRST - Unknown owner - C:\Program Files (x86)\WinRST\WinRST.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16897 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Jakub\AppData\Local\PirritSuggestor\PirritService.exe
"C:\Program Files (x86)\Pirrit\AutoUpdater.exe"
"C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe"
"C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe" -monitor 504
"C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\WinRST\WinRST.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {D1F022C5-26C5-405D-9810-9C7193D588AC}
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe"
"C:\Program Files\ASUS\Net4Switch\Net4Switch.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe"
"C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
"C:\Windows\System32\igfxpers.exe"
C:/Users/Jakub/AppData/Local/PirritSuggestor\PirritDesktop.exe
"C:\Windows\System32\hkcmd.exe"
Atouch64.exe
"C:\Windows\System32\igfxtray.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" mysyncfolder
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
ATKOSD.exe
KBFiltr.exe
WDC.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
C:\Windows\system32\AUDIODG.EXE 0x948
taskeng.exe {C716B7BA-2DD6-4384-95C5-EF80212CD8E2}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Jakub\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-25 1390368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08 68960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-25 1390368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-25 1143168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}]
IEExtension.Extension - C:\Windows\system32\mscoree.dll [2010-11-05 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-25 1390368]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-25 1390368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-25 1143168]
{3444c3c5-6c56-4a16-a453-832b05bf6ea4}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"=c:\program files\trend micro\internet security\ufseagnt.exe [2010-02-23 1022904]
"Persistence"=c:\windows\system32\igfxpers.exe [2011-02-11 417304]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe [2011-02-11 386584]
"IgfxTray"=c:\windows\system32\igfxtray.exe [2011-02-11 162328]
"ASUS WebStorage"=c:\program files (x86)\asus\asus webstorage\service\asuswsservice.exe [2009-12-24 1736704]
"ETDWare"=c:\program files\elantech\etdctrl.exe [2009-09-30 621440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"CCleaner"=C:\Program Files\CCleaner\CCleaner64.exe [2014-03-18 6277912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun64]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-03-20 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS WebStorage]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
[]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"=c:\program files (x86)\asus\atk media\dmedia.exe [2009-08-20 170624]
"ATKOSD2"=c:\program files (x86)\asus\atkosd2\atkosd2.exe [2009-08-17 6859392]
"HControlUser"=c:\program files (x86)\asus\atk hotkey\hcontroluser.exe [2009-06-19 105016]
"HDAudDeck"=c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe [2009-09-17 2245120]
"UpdateP2GoShortCut"=c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe [2009-05-20 222504]
"UpdateLBPShortCut"=c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe [2009-05-20 222504]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"GrooveMonitor"=c:\program files (x86)\microsoft office\office12\groovemonitor.exe [2009-02-26 30040]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-01-25 3767096]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-01-17 421888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\MOVIES~1\SAFETY~1\x64\SAFETY~2.DLL "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 272896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe]
"Debugger="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-04-02 20:38:26 ----D---- C:\rsit
2014-04-02 16:48:32 ----D---- C:\Program Files\CCleaner
2014-03-31 20:36:21 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-03-31 20:36:21 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2014-03-31 19:26:16 ----D---- C:\ProgramData\FreeRIP
2014-03-31 16:48:36 ----SHD---- C:\Config.Msi
2014-03-29 14:41:09 ----D---- C:\Users\Jakub\AppData\Roaming\Replay Media Catcher 5
2014-03-29 14:40:49 ----D---- C:\Program Files (x86)\Applian Technologies
2014-03-29 14:29:03 ----A---- C:\Windows\system32\roboot64.exe
2014-03-29 14:28:55 ----D---- C:\Program Files (x86)\WinRST
2014-03-29 14:28:40 ----D---- C:\Users\Jakub\AppData\Roaming\Mozilla
2014-03-29 14:28:40 ----D---- C:\Program Files (x86)\Pirrit
2014-03-25 11:20:07 ----D---- C:\ProgramData\Wincert
2014-03-25 11:19:33 ----D---- C:\Program Files (x86)\Movies Toolbar
2014-03-25 11:19:32 ----D---- C:\ProgramData\SafetyNut
2014-03-23 14:28:15 ----D---- C:\Users\Jakub\AppData\Roaming\DivX
2014-03-23 14:27:58 ----D---- C:\Program Files\DivX
2014-03-23 14:13:17 ----D---- C:\Program Files (x86)\DivX
2014-03-23 14:11:46 ----D---- C:\ProgramData\DivX
2014-03-13 16:34:36 ----A---- C:\Windows\SYSWOW64\wer.dll
2014-03-13 16:34:36 ----A---- C:\Windows\system32\wwansvc.dll
2014-03-13 16:34:36 ----A---- C:\Windows\system32\wer.dll
2014-03-13 16:34:35 ----A---- C:\Windows\system32\win32k.sys
2014-03-13 16:34:34 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-03-13 16:34:34 ----A---- C:\Windows\system32\iertutil.dll
2014-03-13 16:34:34 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 16:34:33 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-03-13 16:34:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-03-13 16:34:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-03-13 16:34:33 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-03-13 16:34:32 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-03-13 16:34:31 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-03-13 16:34:31 ----A---- C:\Windows\system32\urlmon.dll
2014-03-13 16:34:31 ----A---- C:\Windows\system32\iernonce.dll
2014-03-13 16:34:30 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-03-13 16:34:30 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-03-13 16:34:30 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-03-13 16:34:30 ----A---- C:\Windows\system32\msfeeds.dll
2014-03-13 16:34:30 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-03-13 16:34:29 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-03-13 16:34:28 ----A---- C:\Windows\system32\iesetup.dll
2014-03-13 16:34:28 ----A---- C:\Windows\system32\ie4uinit.exe
2014-03-13 16:34:27 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-03-13 16:34:27 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-03-13 16:34:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-03-13 16:34:26 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-03-13 16:34:26 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-03-13 16:34:26 ----A---- C:\Windows\system32\jsproxy.dll
2014-03-13 16:34:26 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-03-13 16:34:25 ----A---- C:\Windows\system32\ieui.dll
2014-03-13 16:34:25 ----A---- C:\Windows\system32\ieframe.dll
2014-03-13 16:34:24 ----A---- C:\Windows\system32\jscript9diag.dll
2014-03-13 16:34:24 ----A---- C:\Windows\system32\jscript9.dll
2014-03-13 16:34:24 ----A---- C:\Windows\system32\ieUnatt.exe
2014-03-13 16:34:23 ----A---- C:\Windows\system32\wininet.dll
2014-03-13 16:34:23 ----A---- C:\Windows\system32\msrating.dll
2014-03-13 16:34:23 ----A---- C:\Windows\system32\ieapfltr.dll
2014-03-13 16:34:22 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 16:34:22 ----A---- C:\Windows\system32\mshtml.dll
2014-03-13 16:33:01 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-03-13 16:33:01 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-03-13 16:33:01 ----A---- C:\Windows\system32\qedit.dll
2014-03-13 16:33:00 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll

======List of files/folders modified in the last 1 month======

2014-04-02 20:38:32 ----D---- C:\Program Files\Trend Micro
2014-04-02 20:38:31 ----D---- C:\Windows\Temp
2014-04-02 20:37:27 ----D---- C:\Windows\Prefetch
2014-04-02 18:01:52 ----D---- C:\Windows\inf
2014-04-02 18:01:51 ----D---- C:\Windows
2014-04-02 16:48:36 ----D---- C:\Windows\system32\Tasks
2014-04-02 16:48:32 ----RD---- C:\Program Files
2014-04-02 16:45:22 ----D---- C:\Program Files (x86)
2014-04-02 16:36:02 ----SHD---- C:\Windows\Installer
2014-04-02 16:05:50 ----D---- C:\Windows\system32\config
2014-04-02 15:56:08 ----D---- C:\Windows\System32
2014-04-02 15:56:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-02 08:18:18 ----A---- C:\Windows\system32\acovcnt.exe
2014-04-01 19:13:04 ----SHD---- C:\System Volume Information
2014-04-01 17:20:51 ----D---- C:\Users\Jakub\AppData\Roaming\vlc
2014-04-01 15:41:30 ----D---- C:\Windows\system32\drivers\etc
2014-04-01 15:07:19 ----D---- C:\Windows\system32\catroot
2014-04-01 15:06:48 ----D---- C:\Windows\system32\DriverStore
2014-04-01 15:06:48 ----D---- C:\Windows\system32\drivers
2014-03-31 21:21:10 ----A---- C:\Windows\system32\AutoRunFilter.ini
2014-03-31 20:36:21 ----HD---- C:\ProgramData
2014-03-31 19:34:15 ----D---- C:\Windows\system32\catroot2
2014-03-31 19:32:22 ----D---- C:\Program Files\Google
2014-03-31 19:32:22 ----D---- C:\Program Files (x86)\Google
2014-03-31 19:29:07 ----D---- C:\Windows\SysWOW64
2014-03-31 19:26:05 ----D---- C:\ProgramData\Google
2014-03-31 19:21:01 ----D---- C:\Program Files (x86)\AmIcoSingLun
2014-03-31 18:59:26 ----D---- C:\Windows\Tasks
2014-03-31 18:59:26 ----D---- C:\Windows\system32\wfp
2014-03-31 18:59:24 ----D---- C:\Windows\system32\wbem
2014-03-31 18:58:43 ----D---- C:\Windows\system32\NDF
2014-03-31 18:58:43 ----D---- C:\Windows\system32\CodeIntegrity
2014-03-31 18:58:39 ----D---- C:\ProgramData\P4G
2014-03-31 18:58:35 ----D---- C:\Windows\registration
2014-03-31 16:48:04 ----D---- C:\Program Files (x86)\Common Files
2014-03-29 14:53:22 ----A---- C:\Windows\system32\ServiceFilter.ini
2014-03-25 11:28:54 ----D---- C:\Windows\Minidump
2014-03-25 11:28:54 ----D---- C:\Windows\debug
2014-03-25 10:32:37 ----D---- C:\Program Files (x86)\ASUS
2014-03-24 09:10:15 ----D---- C:\Windows\system32\Service
2014-03-23 14:29:09 ----SD---- C:\ProgramData\Microsoft
2014-03-23 14:29:08 ----RSD---- C:\Windows\Fonts
2014-03-18 20:59:55 ----D---- C:\Windows\system32\MRT
2014-03-18 20:57:26 ----A---- C:\Windows\system32\MRT.exe
2014-03-14 11:55:08 ----D---- C:\Windows\winsxs
2014-03-14 11:53:01 ----D---- C:\Program Files (x86)\Internet Explorer
2014-03-14 11:52:59 ----D---- C:\Program Files\Internet Explorer
2014-03-14 11:52:51 ----D---- C:\Program Files\Microsoft Silverlight
2014-03-14 11:52:49 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 23:11:25 ----D---- C:\ProgramData\Microsoft Help
2014-03-12 18:45:18 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2010-03-20 35384]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-01-25 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-01-25 207904]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-06 408600]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-03-07 28504]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2014-01-25 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2014-01-25 1038072]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2014-01-25 421704]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-12-19 64288]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2009-09-29 107536]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2014-01-25 78648]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 17464]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2011-07-12 42768]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2011-07-12 342288]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2011-07-12 2077456]
R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [2014-01-25 80184]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-08-23 56320]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-12-08 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-01-25 50344]
R2 PirritDesktop;PirritDesktop; C:\Users\Jakub\AppData\Local\PirritSuggestor\PirritService.exe [2014-02-20 52568]
R2 PirritUpdater;PirritUpdater; C:\Program Files (x86)\Pirrit\AutoUpdater.exe [2014-02-20 59904]
R2 SafetyNutManager;SafetyNut Manager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [2014-02-05 3449864]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2010-10-09 859712]
R2 WinRST;WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [2014-02-26 59904]
R3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R3 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 111616]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-09-29 570632]
S3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-09-29 917768]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-03-17 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 02 dub 2014 20:09

Zdravim a pekny vecer preji
Vas log se studuje Obrázek

a pracuje se na nem Obrázek

.
Prosim o strpeni! Obrázek

#3 Příspěvek od **vyosek** » 02 dub 2014 20:13

Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

Vypnete docasne Avast, jinak bude branit nasledujicimu programu pri praci

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

resetIEproxy
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Beskyd1 · #4 Příspěvek od **Beskyd1** » 03 dub 2014 14:49

Zdravím tady je log z Zoek

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Jakub on źt 03.04.2014 at 15:24:47,59.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jakub\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3.4.2014 15:25:53 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-972338823-3558141568-4077314843-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-972338823-3558141568-4077314843-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_USERS\S-1-5-21-972338823-3558141568-4077314843-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SafetyNutManager deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SafetyNutManager deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PirritDesktop deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PirritDesktop deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PirritUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PirritUpdater deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~3\FreeRIP deleted
C:\PROGRA~3\Wincert deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\PROGRA~3\SafetyNut deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Jakub\AppData\LocalLow\DataMngr deleted
C:\Users\Jakub\AppData\LocalLow\somotomoviestoolbar1 deleted
"C:\PROGRA~2\Pirrit\AutoUpdater.exe" deleted
"C:\PROGRA~2\Pirrit\msvcp100.dll" deleted
"C:\PROGRA~2\Pirrit\msvcr100.dll" not deleted
"C:\PROGRA~2\Pirrit\QtCore4.dll" deleted
"C:\PROGRA~2\Pirrit\QtNetwork4.dll" deleted
"C:\PROGRA~2\Pirrit\AutoUpdater.exe" deleted
"C:\PROGRA~2\Pirrit\msvcp100.dll" deleted
"C:\PROGRA~2\Pirrit\msvcr100.dll" not deleted
"C:\PROGRA~2\Pirrit\QtCore4.dll" deleted
"C:\PROGRA~2\Pirrit\QtNetwork4.dll" deleted
"C:\Users\Jakub\AppData\Local\PirritSuggestor\msvcp100.dll" deleted
"C:\Users\Jakub\AppData\Local\PirritSuggestor\msvcr100.dll" not deleted
"C:\Users\Jakub\AppData\Local\PirritSuggestor\PirritDesktop.exe" deleted
"C:\Users\Jakub\AppData\Local\PirritSuggestor\PirritService.exe" deleted
"C:\Users\Jakub\AppData\Local\PirritSuggestor\QtCore4.dll" deleted
"C:\Users\Jakub\AppData\Local\PirritSuggestor\QtNetwork4.dll" deleted
"C:\PROGRA~2\Movies Toolbar\SafetyNut\safetycrt.dll" deleted
"C:\PROGRA~2\Movies Toolbar\SafetyNut\safetyldr.dll" not deleted
"C:\PROGRA~2\Movies Toolbar\SafetyNut\safetynut.exe" not deleted
"C:\PROGRA~2\Movies Toolbar\SafetyNut\x64\safetycrt.dll" deleted
"C:\Users\Jakub\AppData\Roaming\vPacs" deleted
"C:\PROGRA~2\Movies Toolbar" not deleted
"C:\PROGRA~2\Pirrit" not deleted
"C:\PROGRA~2\Pirrit" not deleted
"C:\Users\Jakub\AppData\Local\PirritSuggestor" not deleted
"C:\PROGRA~2\Movies Toolbar\SafetyNut" not deleted
"C:\PROGRA~2\Movies Toolbar\SafetyNut\x64" not deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaimdcedbpbcjjbbnfcbbjcngmomic - C:\Users\Jakub\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{52db1893-8a90-4192-aede-08e00b8f8473} Unknown Url="Not_Found"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=i ... lz=1I7ASUT"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-972338823-3558141568-4077314843-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338A754C-B46E-4BF2-8AC8-23DE36862AD3} deleted successfully
HKEY_USERS\S-1-5-21-972338823-3558141568-4077314843-1001\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{338A754C-B46E-4BF2-8AC8-23DE36862AD3} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{338A754C-B46E-4BF2-8AC8-23DE36862AD3} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-972338823-3558141568-4077314843-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{338A754C-B46E-4BF2-8AC8-23DE36862AD3} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun64 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS WebStorage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jakub\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=44 folders=16 41394598 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jakub\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jakub\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Pirrit\msvcr100.dll" not found
"C:\PROGRA~2\Pirrit\msvcr100.dll" not found
"C:\Users\Jakub\AppData\Local\PirritSuggestor\msvcr100.dll" not found
"C:\PROGRA~2\Movies Toolbar\SafetyNut\safetyldr.dll" not found
"C:\PROGRA~2\Movies Toolbar\SafetyNut\safetynut.exe" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\PROGRA~2\Movies Toolbar" not found
"C:\PROGRA~2\Pirrit" not found
"C:\PROGRA~2\Pirrit" not found
"C:\Users\Jakub\AppData\Local\PirritSuggestor" not found

==== EOF on źt 03.04.2014 at 15:45:48,88 ======================

#5 Příspěvek od **vyosek** » 03 dub 2014 15:49

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Beskyd1 · #6 Příspěvek od **Beskyd1** » 03 dub 2014 15:58

# AdwCleaner v3.023 - Report created 03/04/2014 at 16:58:25
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jakub - JAKUB-PC
# Running from : C:\Users\Jakub\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\MoviesToolbarHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SafetyNut
Key Deleted : HKCU\Software\somotomoviestoolbar1
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Pirrit
Key Deleted : HKLM\Software\SafetyNut
Key Deleted : [x64] HKLM\SOFTWARE\Pirrit
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN32C~1.DLL
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\SAFETY~1\SAFETY~2.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MOVIES~1\SAFETY~1\x64\SAFETY~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6390 octets] - [03/04/2014 16:57:30]
AdwCleaner[S0].txt - [5989 octets] - [03/04/2014 16:58:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6049 octets] ##########

#7 Příspěvek od **vyosek** » 03 dub 2014 15:59

Poprosim FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Beskyd1 · #8 Příspěvek od **Beskyd1** » 03 dub 2014 16:24

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Jakub (administrator) on JAKUB-PC on 03-04-2014 17:22:56
Running from C:\Users\Jakub\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
() C:\Program Files (x86)\WinRST\WinRST.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(forum.viry.cz) C:\Users\Jakub\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UfSeAgnt.exe] - c:\program files\trend micro\internet security\ufseagnt.exe [1022904 2010-02-23] (Trend Micro Inc.)
HKLM\...\Run: [ASUS WebStorage] - c:\program files (x86)\asus\asus webstorage\service\asuswsservice.exe [1736704 2009-12-24] ()
HKLM\...\Run: [ETDWare] - c:\program files\elantech\etdctrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [ATKMEDIA] - c:\program files (x86)\asus\atk media\dmedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - c:\program files (x86)\asus\atkosd2\atkosd2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [HControlUser] - c:\program files (x86)\asus\atk hotkey\hcontroluser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] - c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe [2245120 2009-09-17] (VIA)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - c:\program files (x86)\microsoft office\office12\groovemonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-972338823-3558141568-4077314843-1001\...\Run: [CCleaner] - C:\Program Files\CCleaner\CCleaner64.exe [6277912 2014-03-18] (Piriform Ltd)
HKU\S-1-5-21-972338823-3558141568-4077314843-1001\...\MountPoints2: {80123e26-8575-11e1-a21f-485b3927c81f} - F:\autorun.exe
HKU\S-1-5-21-972338823-3558141568-4077314843-1001\...\MountPoints2: {cb8735de-6f83-11e1-8f47-485b3927c81f} - F:\autorun.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

==================== Internet (Whitelisted) ====================

ProxyServer: http=http://127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ASUT
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx? ... rms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... earchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ASUT
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler - C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Pirrit Suggestor - C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi [2014-03-29]

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-03]
CHR Extension: (Disk Google) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-03]
CHR Extension: (YouTube) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-03]
CHR Extension: (Vyhledávání Google) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-03]
CHR Extension: (Peněženka Google) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (Gmail) - C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2009-09-29] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2009-09-29] (Trend Micro Inc.)
R2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [59904 2014-02-26] ()

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-25] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-25] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-25] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2009-09-29] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
U3 tmlwf;
U3 tmwfp;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-03 17:22 - 2014-04-03 17:23 - 00015126 _____ () C:\Users\Jakub\Desktop\FRST.txt
2014-04-03 17:21 - 2014-04-03 17:22 - 00000000 ____D () C:\FRST
2014-04-03 17:20 - 2014-04-03 17:20 - 00112640 _____ (forum.viry.cz) C:\Users\Jakub\Desktop\FRSTLauncher.exe
2014-04-03 17:18 - 2014-04-03 17:18 - 00000000 _____ () C:\Users\Jakub\Downloads\FRSTLauncher.exe.3c9495e.partial
2014-04-03 17:17 - 2014-04-03 17:17 - 02157056 _____ (Farbar) C:\Users\Jakub\Desktop\FRST64.exe
2014-04-03 17:02 - 2014-04-03 17:03 - 00003831 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 16:57 - 2014-04-03 16:58 - 00000000 ____D () C:\AdwCleaner
2014-04-03 16:56 - 2014-04-03 16:56 - 01426178 _____ () C:\Users\Jakub\Desktop\adwcleaner.exe
2014-04-03 15:42 - 2014-04-03 15:24 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-03 15:37 - 2014-04-03 15:45 - 00000000 ____D () C:\zoek
2014-04-03 15:25 - 2014-04-03 15:45 - 00012237 _____ () C:\zoek-results.log
2014-04-03 15:24 - 2014-04-03 15:38 - 00000000 ____D () C:\zoek_backup
2014-04-03 15:23 - 2014-04-03 15:23 - 01285120 _____ () C:\Users\Jakub\Desktop\zoek.exe
2014-04-02 20:38 - 2014-04-02 20:39 - 00000000 ____D () C:\rsit
2014-04-02 20:36 - 2014-04-02 20:36 - 00935175 _____ () C:\Users\Jakub\Desktop\RSITx64.exe
2014-04-02 16:48 - 2014-04-02 16:48 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-02 16:48 - 2014-04-02 16:48 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-01 17:45 - 2014-04-01 17:45 - 00000721 _____ () C:\Users\Jakub\Desktop\JSDH HERÁLEC – zástupce.lnk
2014-04-01 17:45 - 2014-04-01 17:45 - 00000694 _____ () C:\Users\Jakub\Desktop\Dokumenty – zástupce.lnk
2014-04-01 17:45 - 2014-04-01 17:45 - 00000654 _____ () C:\Users\Jakub\Desktop\Fotky – zástupce.lnk
2014-04-01 17:45 - 2014-04-01 17:45 - 00000654 _____ () C:\Users\Jakub\Desktop\Filmy – zástupce.lnk
2014-04-01 17:45 - 2014-04-01 17:45 - 00000634 _____ () C:\Users\Jakub\Desktop\mp3 – zástupce.lnk
2014-04-01 15:41 - 2014-03-29 14:28 - 00008953 _____ () C:\Windows\system32\Drivers\etc\hosts.20140401-154130.backup
2014-03-31 20:36 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-29 14:41 - 2014-03-29 14:41 - 00000000 ____D () C:\Users\Jakub\Documents\Applian
2014-03-29 14:41 - 2014-03-29 14:41 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Replay Media Catcher 5
2014-03-29 14:41 - 2014-03-29 14:41 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Replay Media Catcher 5
2014-03-29 14:41 - 2014-03-29 14:41 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Jaksta_Technologies_Pty_L
2014-03-29 14:40 - 2014-03-29 14:40 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2014-03-29 14:28 - 2014-03-29 14:28 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Mozilla
2014-03-29 14:28 - 2014-03-29 14:28 - 00000000 ____D () C:\Users\Jakub\AppData\Local\WinRST
2014-03-29 14:28 - 2014-03-29 14:28 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-03-29 14:27 - 2011-11-14 15:23 - 08632480 _____ (Adobe Systems, Inc.) C:\Windows\SysWOW64\flash11e.ocx
2014-03-29 14:27 - 2006-10-17 00:15 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-03-23 14:28 - 2014-03-23 14:28 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\DivX
2014-03-23 14:27 - 2014-03-23 14:33 - 00000000 ____D () C:\Program Files\DivX
2014-03-23 14:13 - 2014-03-23 14:33 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-03-23 14:11 - 2014-03-23 14:33 - 00000000 ____D () C:\ProgramData\DivX
2014-03-13 16:34 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 16:34 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 16:34 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 16:34 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 16:34 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 16:34 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 16:34 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 16:34 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 16:34 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 16:34 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 16:34 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 16:34 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 16:34 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 16:34 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 16:34 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 16:34 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 16:34 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 16:34 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 16:34 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 16:34 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 16:34 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 16:34 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 16:34 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 16:34 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 16:34 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 16:34 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 16:34 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 16:34 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 16:34 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 16:34 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 16:34 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 16:34 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 16:34 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 16:34 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 16:34 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 16:34 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 16:34 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 16:34 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 16:34 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 16:34 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 16:34 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 16:34 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 16:34 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 16:34 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 16:33 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 16:33 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 16:33 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 16:33 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-03 17:23 - 2014-04-03 17:22 - 00015126 _____ () C:\Users\Jakub\Desktop\FRST.txt
2014-04-03 17:22 - 2014-04-03 17:21 - 00000000 ____D () C:\FRST
2014-04-03 17:20 - 2014-04-03 17:20 - 00112640 _____ (forum.viry.cz) C:\Users\Jakub\Desktop\FRSTLauncher.exe
2014-04-03 17:18 - 2014-04-03 17:18 - 00000000 _____ () C:\Users\Jakub\Downloads\FRSTLauncher.exe.3c9495e.partial
2014-04-03 17:17 - 2014-04-03 17:17 - 02157056 _____ (Farbar) C:\Users\Jakub\Desktop\FRST64.exe
2014-04-03 17:07 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 17:07 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 17:03 - 2014-04-03 17:02 - 00003831 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 16:59 - 2012-11-11 11:19 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-04-03 16:59 - 2010-03-20 15:14 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 16:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 16:58 - 2014-04-03 16:57 - 00000000 ____D () C:\AdwCleaner
2014-04-03 16:56 - 2014-04-03 16:56 - 01426178 _____ () C:\Users\Jakub\Desktop\adwcleaner.exe
2014-04-03 16:45 - 2012-04-13 17:48 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 16:36 - 2010-03-20 15:14 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 16:35 - 2013-02-05 14:30 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001UA.job
2014-04-03 15:46 - 2012-08-27 16:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-03 15:45 - 2014-04-03 15:37 - 00000000 ____D () C:\zoek
2014-04-03 15:45 - 2014-04-03 15:25 - 00012237 _____ () C:\zoek-results.log
2014-04-03 15:38 - 2014-04-03 15:24 - 00000000 ____D () C:\zoek_backup
2014-04-03 15:24 - 2014-04-03 15:42 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-03 15:23 - 2014-04-03 15:23 - 01285120 _____ () C:\Users\Jakub\Desktop\zoek.exe
2014-04-03 15:09 - 2014-03-31 20:36 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-03 14:48 - 2012-11-21 11:55 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{91661AA9-F73B-45EA-A043-B7F008D5861B}
2014-04-03 14:46 - 2010-03-20 15:47 - 00001986 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-04-02 20:39 - 2014-04-02 20:38 - 00000000 ____D () C:\rsit
2014-04-02 20:38 - 2010-03-20 15:50 - 00000000 ____D () C:\Program Files\Trend Micro
2014-04-02 20:36 - 2014-04-02 20:36 - 00935175 _____ () C:\Users\Jakub\Desktop\RSITx64.exe
2014-04-02 16:48 - 2014-04-02 16:48 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-02 16:48 - 2014-04-02 16:48 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-02 16:48 - 2014-04-02 16:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-02 16:31 - 2010-03-20 15:14 - 00003962 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 16:31 - 2010-03-20 15:14 - 00003710 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 15:56 - 2009-08-03 22:00 - 00681562 _____ () C:\Windows\system32\perfh005.dat
2014-04-02 15:56 - 2009-08-03 22:00 - 00145976 _____ () C:\Windows\system32\perfc005.dat
2014-04-02 15:56 - 2009-07-14 07:13 - 01610364 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 17:45 - 2014-04-01 17:45 - 00000721 _____ () C:\Users\Jakub\Desktop\JSDH HERÁLEC – zástupce.lnk
2014-04-01 17:45 - 2014-04-01 17:45 - 00000694 _____ () C:\Users\Jakub\Desktop\Dokumenty – zástupce.lnk
2014-04-01 17:45 - 2014-04-01 17:45 - 00000654 _____ () C:\Users\Jakub\Desktop\Fotky – zástupce.lnk
2014-04-01 17:45 - 2014-04-01 17:45 - 00000654 _____ () C:\Users\Jakub\Desktop\Filmy – zástupce.lnk
2014-04-01 17:45 - 2014-04-01 17:45 - 00000634 _____ () C:\Users\Jakub\Desktop\mp3 – zástupce.lnk
2014-04-01 17:20 - 2012-03-31 17:13 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\vlc
2014-03-31 19:32 - 2010-03-20 15:13 - 00000000 ____D () C:\Program Files\Google
2014-03-31 19:32 - 2010-03-20 15:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-31 19:26 - 2012-03-16 17:43 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Google
2014-03-31 19:26 - 2010-03-20 15:13 - 00000000 ____D () C:\ProgramData\Google
2014-03-31 19:21 - 2010-03-20 15:35 - 00000000 ____D () C:\Program Files (x86)\AmIcoSingLun
2014-03-31 19:00 - 2012-03-16 17:17 - 00000000 ____D () C:\Users\Jakub
2014-03-31 18:58 - 2010-03-20 15:47 - 00000000 ____D () C:\ProgramData\P4G
2014-03-31 18:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-31 18:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-03-31 13:35 - 2013-02-05 14:30 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001Core.job
2014-03-29 14:53 - 2010-03-20 15:47 - 00001367 _____ () C:\Windows\system32\ServiceFilter.ini
2014-03-29 14:41 - 2014-03-29 14:41 - 00000000 ____D () C:\Users\Jakub\Documents\Applian
2014-03-29 14:41 - 2014-03-29 14:41 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Replay Media Catcher 5
2014-03-29 14:41 - 2014-03-29 14:41 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Replay Media Catcher 5
2014-03-29 14:41 - 2014-03-29 14:41 - 00000000 ____D () C:\Users\Jakub\AppData\Local\Jaksta_Technologies_Pty_L
2014-03-29 14:40 - 2014-03-29 14:40 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2014-03-29 14:28 - 2014-04-01 15:41 - 00008953 _____ () C:\Windows\system32\Drivers\etc\hosts.20140401-154130.backup
2014-03-29 14:28 - 2014-03-29 14:28 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\Mozilla
2014-03-29 14:28 - 2014-03-29 14:28 - 00000000 ____D () C:\Users\Jakub\AppData\Local\WinRST
2014-03-29 14:28 - 2014-03-29 14:28 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-03-25 11:28 - 2012-03-19 22:32 - 00000000 ____D () C:\Windows\Minidump
2014-03-25 10:32 - 2010-03-20 15:14 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-03-24 09:10 - 2012-09-07 08:02 - 00000000 ____D () C:\Windows\system32\Service
2014-03-23 14:41 - 2012-03-16 17:18 - 00109296 _____ () C:\Users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-23 14:40 - 2009-07-14 06:45 - 00425040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-23 14:33 - 2014-03-23 14:27 - 00000000 ____D () C:\Program Files\DivX
2014-03-23 14:33 - 2014-03-23 14:13 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-03-23 14:33 - 2014-03-23 14:11 - 00000000 ____D () C:\ProgramData\DivX
2014-03-23 14:28 - 2014-03-23 14:28 - 00000000 ____D () C:\Users\Jakub\AppData\Roaming\DivX
2014-03-18 20:59 - 2013-07-13 22:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 20:57 - 2012-03-16 22:06 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-14 11:52 - 2012-05-10 11:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 11:52 - 2012-05-10 11:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 23:11 - 2010-03-20 14:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 18:45 - 2012-04-13 17:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 18:45 - 2012-04-13 17:48 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 18:45 - 2012-03-17 22:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Jakub\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-30 12:46

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:73.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:48.03 GB) NTFS

Available physical RAM: 2523.5 MB
Total physical RAM: 4061.09 MB
Percentage of memory in use: 37%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=335 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001Core.job => C:\Users\Jakub\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001UA.job => C:\Users\Jakub\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA

==================== Security Center ==================

AV: Trend Micro Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Trend Micro Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jakub\Desktop" je 5 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector
C:\Windows\AsScrPro.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#9 Příspěvek od **vyosek** » 03 dub 2014 16:30

Odinstalujte trend micro internet security - koliduje s Avastem

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM-x32\...\Run: [UpdateP2GoShortCut] - c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - c:\program files (x86)\microsoft office\office12\groovemonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-972338823-3558141568-4077314843-1001\...\MountPoints2: {80123e26-8575-11e1-a21f-485b3927c81f} - F:\autorun.exe
HKU\S-1-5-21-972338823-3558141568-4077314843-1001\...\MountPoints2: {cb8735de-6f83-11e1-8f47-485b3927c81f} - F:\autorun.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx? ... C54E70D&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... hx?prefix={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

FF Extension: Pirrit Suggestor - C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi [2014-03-29]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [59904 2014-02-26] ()

S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
U3 tmlwf;
U3 tmwfp; 

C:\Program Files (x86)\WinRST
2014-04-03 17:20 - 2014-04-03 17:20 - 00112640 _____ (forum.viry.cz) C:\Users\Jakub\Desktop\FRSTLauncher.exe
2014-04-03 17:18 - 2014-04-03 17:18 - 00000000 _____ () C:\Users\Jakub\Downloads\FRSTLauncher.exe.3c9495e.partial
2014-04-03 16:56 - 2014-04-03 16:56 - 01426178 _____ () C:\Users\Jakub\Desktop\adwcleaner.exe
2014-04-03 15:42 - 2014-04-03 15:24 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-03 15:37 - 2014-04-03 15:45 - 00000000 ____D () C:\zoek
2014-04-03 15:25 - 2014-04-03 15:45 - 00012237 _____ () C:\zoek-results.log
2014-04-03 15:24 - 2014-04-03 15:38 - 00000000 ____D () C:\zoek_backup
2014-04-03 15:23 - 2014-04-03 15:23 - 01285120 _____ () C:\Users\Jakub\Desktop\zoek.exe
2014-04-01 15:41 - 2014-03-29 14:28 - 00008953 _____ () C:\Windows\system32\Drivers\etc\hosts.20140401-154130.backup
2014-03-31 20:36 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001Core.job => C:\Users\Jakub\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001UA.job => C:\Users\Jakub\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer" /f

Hosts:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Beskyd1 · #10 Příspěvek od **Beskyd1** » 03 dub 2014 16:49

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Jakub at 2014-04-03 17:52:15 Run:1
Running from C:\Users\Jakub\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [UpdateP2GoShortCut] - c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - c:\program files (x86)\microsoft office\office12\groovemonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-972338823-3558141568-4077314843-1001\...\MountPoints2: {80123e26-8575-11e1-a21f-485b3927c81f} - F:\autorun.exe
HKU\S-1-5-21-972338823-3558141568-4077314843-1001\...\MountPoints2: {cb8735de-6f83-11e1-8f47-485b3927c81f} - F:\autorun.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ASUT
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx? ... C54E70D&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... hx?prefix={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ASUT
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}

FF Extension: Pirrit Suggestor - C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi [2014-03-29]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [59904 2014-02-26] ()

S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
U3 tmlwf;
U3 tmwfp;

C:\Program Files (x86)\WinRST
2014-04-03 17:20 - 2014-04-03 17:20 - 00112640 _____ (forum.viry.cz) C:\Users\Jakub\Desktop\FRSTLauncher.exe
2014-04-03 17:18 - 2014-04-03 17:18 - 00000000 _____ () C:\Users\Jakub\Downloads\FRSTLauncher.exe.3c9495e.partial
2014-04-03 16:56 - 2014-04-03 16:56 - 01426178 _____ () C:\Users\Jakub\Desktop\adwcleaner.exe
2014-04-03 15:42 - 2014-04-03 15:24 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-03 15:37 - 2014-04-03 15:45 - 00000000 ____D () C:\zoek
2014-04-03 15:25 - 2014-04-03 15:45 - 00012237 _____ () C:\zoek-results.log
2014-04-03 15:24 - 2014-04-03 15:38 - 00000000 ____D () C:\zoek_backup
2014-04-03 15:23 - 2014-04-03 15:23 - 01285120 _____ () C:\Users\Jakub\Desktop\zoek.exe
2014-04-01 15:41 - 2014-03-29 14:28 - 00008953 _____ () C:\Windows\system32\Drivers\etc\hosts.20140401-154130.backup
2014-03-31 20:36 - 2014-04-03 15:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001Core.job => C:\Users\Jakub\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001UA.job => C:\Users\Jakub\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:A724744F
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer" /f

Hosts:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GoShortCut => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateLBPShortCut => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKU\S-1-5-21-972338823-3558141568-4077314843-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80123e26-8575-11e1-a21f-485b3927c81f} => Key deleted successfully.
HKCR\CLSID\{80123e26-8575-11e1-a21f-485b3927c81f} => Key not found.
HKU\S-1-5-21-972338823-3558141568-4077314843-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb8735de-6f83-11e1-8f47-485b3927c81f} => Key deleted successfully.
HKCR\CLSID\{cb8735de-6f83-11e1-8f47-485b3927c81f} => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.conduit.com/Results.aspx? ... => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
WinRST => Unable to stop service
WinRST => Service deleted successfully.
ipswuio => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
C:\Program Files (x86)\WinRST => Moved successfully.
C:\Users\Jakub\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Jakub\Downloads\FRSTLauncher.exe.3c9495e.partial => Moved successfully.
C:\Users\Jakub\Desktop\adwcleaner.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Jakub\Desktop\zoek.exe => Moved successfully.
C:\Windows\system32\Drivers\etc\hosts.20140401-154130.backup => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-972338823-3558141568-4077314843-1001UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\Temp => ":2F370DA6" ADS removed successfully.
C:\ProgramData\Temp => ":4CF61E54" ADS removed successfully.
C:\ProgramData\Temp => ":A724744F" ADS removed successfully.
C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

The system needed a reboot.

==== End of Fixlog ====

#11 Příspěvek od **vyosek** » 03 dub 2014 16:50

Jak se chova PC

Beskyd1 · #12 Příspěvek od **Beskyd1** » 03 dub 2014 16:52

Zatím bez problémů,reklamy jsou pryč,je o poznání rychlejší.Takže to vypadá že se podařilo moc děkuju.Jakub

Beskyd1 · #13 Příspěvek od **Beskyd1** » 03 dub 2014 16:55

Máš nějakou radu jak tomu předejít,nějaký program nebo něco takového díky.

#14 Příspěvek od **vyosek** » 03 dub 2014 17:05

Bylo tam hodne reklaminiho nezadouciho SW, chce to cist co se instaluje jako doprovod - vice zde http://www.viry.cz/pozor-na-to-co-vsech ... -pocitace/ Na to nepomuze zadny program, jen rozum, cist a at je mozek rychlejsi nez prsty

Beskyd1 · #15 Příspěvek od **Beskyd1** » 03 dub 2014 17:09

Takže moje chyba

ještě jednou díky.

VIRY.CZ

V IE mě neustále vyskakují okna z reklamou

V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou

Re: V IE mě neustále vyskakují okna z reklamou