VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

vir "Policie ČR vás sleduje!" v pc

https://forum.viry.cz:443/viewtopic.php?t=140107

Stránka 1 z 1

vir "Policie ČR vás sleduje!" v pc

Napsal: 07 zář 2014 15:31
od wt56
Dobrý den,
prosím o pomoc s virem. Bohužel se jedná o pc mého dědy, tak nevím, co se s tímto pc provádělo, ale pokud spustím standardním způsobem, tak v něm nejde pracovat a mám pouze okno popsané v článku:
http://www.viry.cz/policie-cr-vas-sleduje/
pracuji pouze v nouzovém režimu - avast nefunguje a nedaří se mi ho zprovoznit, ještě jsem zkoušel super antispyware, který mi bohužel nepomohl.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jarda at 2014-09-07 16:12:07
WIN_XP Service Pack 3
System drive C: has 51 GB (67%) free of 76 GB
Total RAM: 1015 MB (81% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\o4sugqtf.default-1388854428906

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll


C:\Documents and Settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\o4sugqtf.default-1388854428906\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-06 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avas [2013-09-13 6583664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-06 157672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avas [2013-09-13 6583664]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-09-01 77824]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2012-07-24 3091296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2014-08-14 6688024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-05-04 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2012-09-01 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2012-04-24 20065896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"gupdatem"=3
"gupdate"=2
"TuneUp.UtilitiesSvc"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\Jarda\Nabídka Start\Programy\Po spuštění
program.lnk - C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-08 115440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm

======List of files/folders created in the last 1 month======

2014-09-07 16:12:58 ----D---- C:\Program Files\trend micro
2014-09-07 16:12:07 ----D---- C:\rsit
2014-09-07 16:05:53 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-07 16:05:51 ----A---- C:\WINDOWS\ntbtlog.txt
2014-09-07 11:19:52 ----D---- C:\Program Files\Dropbox
2014-09-07 11:08:29 ----D---- C:\Documents and Settings\Jarda\Data aplikací\Dropbox
2014-09-07 10:51:57 ----D---- C:\Documents and Settings\Jarda\Data aplikací\SUPERAntiSpyware.com
2014-09-07 10:51:43 ----D---- C:\Program Files\SUPERAntiSpyware
2014-09-07 10:51:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2014-09-07 10:27:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2014-09-07 10:23:02 ----N---- C:\WINDOWS\SchedLgU.Txt
2014-09-07 10:09:16 ----SHD---- C:\WINDOWS\CSC
2014-08-11 16:22:15 ----D---- C:\WINDOWS\jumpshot.com

======List of files/folders modified in the last 1 month======

2014-09-07 16:12:58 ----D---- C:\Program Files
2014-09-07 16:10:58 ----D---- C:\WINDOWS\system32\CatRoot2
2014-09-07 16:09:20 ----D---- C:\WINDOWS
2014-09-07 16:05:53 ----D---- C:\WINDOWS\system32
2014-09-07 16:03:52 ----D---- C:\WINDOWS\SoftwareDistribution
2014-09-07 16:03:09 ----D---- C:\WINDOWS\Temp
2014-09-07 11:07:07 ----D---- C:\WINDOWS\system32\drivers
2014-09-07 11:07:03 ----SD---- C:\WINDOWS\Tasks
2014-09-07 10:41:10 ----SH---- C:\boot.ini
2014-09-07 10:41:10 ----A---- C:\WINDOWS\win.ini
2014-09-07 10:41:10 ----A---- C:\WINDOWS\system.ini
2014-09-07 07:58:23 ----D---- C:\WINDOWS\Prefetch
2014-09-03 16:52:10 ----D---- C:\Documents and Settings\Jarda\Data aplikací\Intelli-studio
2014-08-13 16:46:09 ----D---- C:\WINDOWS\Debug
2014-08-13 08:41:34 ----D---- C:\WINDOWS\system32\MRT
2014-08-13 08:39:09 ----A---- C:\WINDOWS\system32\MRT.exe
2014-08-13 08:22:14 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-08-06 49944]
S0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-08-06 192352]
S1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-08-06 55112]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-08-06 779536]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-09-07 414520]
S1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-08-06 57800]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
S2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-08-06 24184]
S2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-08-06 67824]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-05-22 6118544]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2014-07-23 142648]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avas [2013-09-13 6583664]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-09-06 161768]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-15 262320]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-08-06 119408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-25 136176]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-25 136176]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: vir "Policie ČR vás sleduje!" v pc

Napsal: 07 zář 2014 16:18
od wt56
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2014
Ran by Jarda (administrator) on TATKA on 07-09-2014 17:07:29
Running from C:\Documents and Settings\Jarda\Plocha
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\aswOfferTool.exe
(Dropbox, Inc.) C:\Documents and Settings\All Users\Plocha\DropboxInstallerAvast.exe
(forum.viry.cz) C:\Documents and Settings\Jarda\Plocha\FRSTLauncher.exe
(Dropbox, Inc.) C:\Documents and Settings\Jarda\Data aplikací\Dropbox\bin\update\Dropbox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-07] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2012-09-01] (Apple Computer, Inc.)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [171008 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1993962763-776561741-1801674531-1003\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [3091296 2012-07-24] (Piriform Ltd)
HKU\S-1-5-21-1993962763-776561741-1801674531-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6688024 2014-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-1993962763-776561741-1801674531-1003\...\MountPoints2: {672dd9a0-6250-11e2-969f-001a4d2d3a13} - F:\iStudio.exe
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Jarda\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Jarda\Data aplikací\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Jarda\Nabídka Start\Programy\Po spuštění\program.lnk
ShortcutTarget: program.lnk -> C:\Documents and Settings\All Users\Data aplikací\CA221FA.cpp ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Jarda\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Jarda\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Jarda\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Jarda\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 5195161828
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 5195250406
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{B70C44E1-B28E-4094-AC03-CB15CF53B645}: [NameServer] 194.228.41.65,194.228.41.113

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\o4sugqtf.default-1388854428906
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: DownloadHelper - C:\Documents and Settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\o4sugqtf.default-1388854428906\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-13]
FF Extension: Adblock Plus - C:\Documents and Settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\o4sugqtf.default-1388854428906\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR CustomProfile: C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-25]
CHR Extension: (YouTube) - C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-25]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-25]
CHR Extension: (Google Wallet Service) - C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-09-06] (Oracle Corporation)
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\DATAAP~1\CC832BB.cpp [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
S1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-09-07] (AVAST Software)
S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-06] ()
S3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 17:07 - 2014-09-07 17:08 - 00013814 _____ () C:\Documents and Settings\Jarda\Plocha\FRST.txt
2014-09-07 17:06 - 2014-09-07 17:07 - 00000000 ____D () C:\FRST
2014-09-07 17:06 - 2014-09-07 17:05 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jarda\Plocha\FRSTLauncher.exe
2014-09-07 17:06 - 2014-09-07 17:03 - 01096704 _____ (Farbar) C:\Documents and Settings\Jarda\Plocha\FRST.exe
2014-09-07 16:32 - 2014-09-07 16:32 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\DropboxMaster
2014-09-07 16:15 - 2014-09-07 16:15 - 00031168 _____ () C:\Documents and Settings\Jarda\Plocha\info.txt
2014-09-07 16:12 - 2014-09-07 16:13 - 00000000 ____D () C:\rsit
2014-09-07 16:12 - 2014-09-07 16:12 - 00000000 ____D () C:\Program Files\trend micro
2014-09-07 16:11 - 2014-09-07 14:53 - 01107968 _____ () C:\Documents and Settings\Jarda\Plocha\RSIT.exe
2014-09-07 16:09 - 2014-09-07 16:11 - 00008316 _____ () C:\WINDOWS\setupapi.log
2014-09-07 16:05 - 2014-09-07 16:05 - 00171488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-07 11:19 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files\Dropbox
2014-09-07 11:10 - 2014-09-07 16:29 - 00000000 ____D () C:\Documents and Settings\Jarda\Nabídka Start\Programy\Dropbox
2014-09-07 11:08 - 2014-09-07 16:32 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\Dropbox
2014-09-07 11:06 - 2014-09-07 11:07 - 36818984 _____ (Dropbox, Inc.) C:\Documents and Settings\All Users\Plocha\DropboxInstallerAvast.exe
2014-09-07 11:01 - 2014-09-07 14:54 - 04862664 _____ (AVAST Software) C:\Documents and Settings\Jarda\Plocha\avast_free_antivirus_setup_online.exe
2014-09-07 10:51 - 2014-09-07 16:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-07 10:51 - 2014-09-07 10:51 - 19143176 _____ (SUPERAntiSpyware) C:\Documents and Settings\Jarda\Plocha\SUPERAntiSpyware.exe
2014-09-07 10:51 - 2014-09-07 10:51 - 00001678 _____ () C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\SUPERAntiSpyware.com
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2014-09-07 10:27 - 2014-09-07 10:49 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-07 10:23 - 2014-09-07 16:04 - 00005279 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-07 10:23 - 2014-09-07 10:23 - 00004572 ____N () C:\WINDOWS\SchedLgU.Txt
2014-09-07 10:09 - 2014-09-07 10:09 - 00000000 __SHD () C:\WINDOWS\CSC
2014-09-07 07:34 - 2014-09-07 07:34 - 00015675 _____ () C:\Documents and Settings\Jarda\Plocha\hs_err_pid2924.log
2014-09-07 07:33 - 2014-09-07 07:33 - 00139264 _____ () C:\Documents and Settings\All Users\Data aplikací\CA221FA.cpp
2014-08-13 08:29 - 2014-08-13 08:29 - 00000000 ____D () C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Temp
2014-08-11 16:22 - 2014-08-11 16:22 - 00000000 ____D () C:\WINDOWS\jumpshot.com

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-07 17:08 - 2014-09-07 17:07 - 00013814 _____ () C:\Documents and Settings\Jarda\Plocha\FRST.txt
2014-09-07 17:08 - 2012-08-17 09:36 - 00000000 ____D () C:\Documents and Settings\Jarda\Local Settings\Temp
2014-09-07 17:07 - 2014-09-07 17:06 - 00000000 ____D () C:\FRST
2014-09-07 17:07 - 2012-08-17 09:36 - 00000000 ____D () C:\Documents and Settings\Jarda\Plocha
2014-09-07 17:06 - 2012-08-17 09:36 - 00000000 ___HD () C:\Documents and Settings\Jarda\Local Settings\Data aplikací
2014-09-07 17:05 - 2014-09-07 17:06 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jarda\Plocha\FRSTLauncher.exe
2014-09-07 17:03 - 2014-09-07 17:06 - 01096704 _____ (Farbar) C:\Documents and Settings\Jarda\Plocha\FRST.exe
2014-09-07 16:32 - 2014-09-07 16:32 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\DropboxMaster
2014-09-07 16:32 - 2014-09-07 11:08 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\Dropbox
2014-09-07 16:32 - 2012-08-17 09:36 - 00000000 __RHD () C:\Documents and Settings\Jarda\Data aplikací
2014-09-07 16:32 - 2012-08-17 09:36 - 00000000 ___RD () C:\Documents and Settings\Jarda\Nabídka Start\Programy\Po spuštění
2014-09-07 16:29 - 2014-09-07 11:10 - 00000000 ____D () C:\Documents and Settings\Jarda\Nabídka Start\Programy\Dropbox
2014-09-07 16:15 - 2014-09-07 16:15 - 00031168 _____ () C:\Documents and Settings\Jarda\Plocha\info.txt
2014-09-07 16:13 - 2014-09-07 16:12 - 00000000 ____D () C:\rsit
2014-09-07 16:12 - 2014-09-07 16:12 - 00000000 ____D () C:\Program Files\trend micro
2014-09-07 16:11 - 2014-09-07 16:09 - 00008316 _____ () C:\WINDOWS\setupapi.log
2014-09-07 16:11 - 2004-08-18 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-07 16:05 - 2014-09-07 16:05 - 00171488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-07 16:04 - 2014-09-07 10:23 - 00005279 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-07 16:03 - 2014-09-07 10:51 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-07 16:03 - 2012-08-17 11:20 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-09-07 16:02 - 2014-03-28 10:49 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-07 16:02 - 2012-12-25 14:29 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-07 16:02 - 2012-09-01 17:28 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-09-07 16:02 - 2012-08-17 12:02 - 00000314 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-07 16:02 - 2012-08-17 09:36 - 00000000 ____D () C:\Documents and Settings\Jarda
2014-09-07 16:02 - 2012-08-17 09:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-07 14:54 - 2014-09-07 11:01 - 04862664 _____ (AVAST Software) C:\Documents and Settings\Jarda\Plocha\avast_free_antivirus_setup_online.exe
2014-09-07 14:53 - 2014-09-07 16:11 - 01107968 _____ () C:\Documents and Settings\Jarda\Plocha\RSIT.exe
2014-09-07 11:20 - 2012-08-17 09:36 - 00000178 ___SH () C:\Documents and Settings\Jarda\ntuser.ini
2014-09-07 11:19 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files\Dropbox
2014-09-07 11:10 - 2012-08-17 09:36 - 00000000 ___RD () C:\Documents and Settings\Jarda\Nabídka Start\Programy
2014-09-07 11:07 - 2014-09-07 11:06 - 36818984 _____ (Dropbox, Inc.) C:\Documents and Settings\All Users\Plocha\DropboxInstallerAvast.exe
2014-09-07 11:07 - 2014-08-06 17:09 - 00001733 _____ () C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
2014-09-07 11:07 - 2012-08-17 12:02 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-09-07 11:06 - 2012-08-17 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-09-07 10:51 - 2014-09-07 10:51 - 19143176 _____ (SUPERAntiSpyware) C:\Documents and Settings\Jarda\Plocha\SUPERAntiSpyware.exe
2014-09-07 10:51 - 2014-09-07 10:51 - 00001678 _____ () C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\SUPERAntiSpyware.com
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2014-09-07 10:51 - 2012-08-17 11:22 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-09-07 10:49 - 2014-09-07 10:27 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-07 10:41 - 2012-09-01 17:28 - 00001409 _____ () C:\WINDOWS\QTFont.for
2014-09-07 10:41 - 2012-08-17 11:19 - 00000211 ___SH () C:\boot.ini
2014-09-07 10:41 - 2004-08-18 14:00 - 00000590 _____ () C:\WINDOWS\win.ini
2014-09-07 10:41 - 2004-08-18 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-09-07 10:23 - 2014-09-07 10:23 - 00004572 ____N () C:\WINDOWS\SchedLgU.Txt
2014-09-07 10:09 - 2014-09-07 10:09 - 00000000 __SHD () C:\WINDOWS\CSC
2014-09-07 07:39 - 2012-12-25 14:29 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-07 07:39 - 2012-08-17 10:35 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-07 07:34 - 2014-09-07 07:34 - 00015675 _____ () C:\Documents and Settings\Jarda\Plocha\hs_err_pid2924.log
2014-09-07 07:33 - 2014-09-07 07:33 - 00139264 _____ () C:\Documents and Settings\All Users\Data aplikací\CA221FA.cpp
2014-09-03 16:52 - 2013-01-19 17:54 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\Intelli-studio
2014-08-28 16:25 - 2012-08-17 09:36 - 00000000 ___RD () C:\Documents and Settings\Jarda\Dokumenty
2014-08-28 15:46 - 2012-09-06 08:25 - 00002539 _____ () C:\Documents and Settings\Jarda\Plocha\Microsoft Word.lnk
2014-08-20 20:49 - 2013-10-29 18:32 - 00000000 ____D () C:\Documents and Settings\Jarda\Dokumenty\Stažené soubory
2014-08-17 07:44 - 2012-12-25 14:30 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-08-13 08:41 - 2013-08-16 14:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-13 08:39 - 2012-08-17 12:29 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-13 08:29 - 2014-08-13 08:29 - 00000000 ____D () C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Temp
2014-08-13 08:22 - 2012-09-06 08:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-11 16:22 - 2014-08-11 16:22 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-08-11 16:22 - 2014-03-28 10:49 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job

Some content of TEMP:
====================
C:\Documents and Settings\Jarda\Local Settings\Temp\8123.dll
C:\Documents and Settings\Jarda\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw7cqeb.dll
C:\Documents and Settings\Jarda\Local Settings\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Jarda\Plocha" je 6167 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking
C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
C:\WINDOWS\system32\igfxpers.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL
Reim ECHO je vypnut.


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
gusvc REG_DWORD 0x3
gupdatem REG_DWORD 0x3
gupdate REG_DWORD 0x2
TuneUp.UtilitiesSvc REG_DWORD 0x2

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: vir "Policie ČR vás sleduje!" v pc

Napsal: 07 zář 2014 16:40
od wt56
děda se bez pc obejde a já nemám problém k němu pár dní po práci sjet a dořešovat vymazání viru, takže si můžeš hrát, jak budeš chtít - pokud ti to nevadí. Pokud roguekiller bude rychlý, dám sem ještě dnes log, pokud ne, tak až zítra na večer.

Re: vir "Policie ČR vás sleduje!" v pc

Napsal: 07 zář 2014 17:04
od wt56
posílám log - díky

RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : https://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Jarda [Práva správce]
Mód : Kontrola -- Datum : 09/07/2014 17:59:30

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 16 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B70C44E1-B28E-4094-AC03-CB15CF53B645} | NameServer : 194.228.41.65,194.228.41.113 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B70C44E1-B28E-4094-AC03-CB15CF53B645} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B70C44E1-B28E-4094-AC03-CB15CF53B645} | NameServer : 194.228.41.65,194.228.41.113 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B70C44E1-B28E-4094-AC03-CB15CF53B645} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{B70C44E1-B28E-4094-AC03-CB15CF53B645} | NameServer : 194.228.41.65,194.228.41.113 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{B70C44E1-B28E-4094-AC03-CB15CF53B645} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1993962763-776561741-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1993962763-776561741-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[Rans.Gendarm] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winmgmt\Parameters | ServiceDll : C:\DOCUME~1\ALLUSE~1\DATAAP~1\CC832BB.cpp -> NALEZENO
[Rans.Gendarm] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt\Parameters | ServiceDll : C:\DOCUME~1\ALLUSE~1\DATAAP~1\CC832BB.cpp -> NALEZENO
[Rans.Gendarm] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\winmgmt\Parameters | ServiceDll : C:\DOCUME~1\ALLUSE~1\DATAAP~1\CC832BB.cpp -> NALEZENO
[PUM.HomePage] HKEY_USERS\S-1-5-21-1993962763-776561741-1801674531-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 1 ¤¤¤
[Rans.Gendarm][soubor] program.lnk -- C:\Documents and Settings\Jarda\Nabídka Start\Programy\Po spuštění\program.lnk [LNK@] C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\DATAAP~1\CA221FA.cpp,xSS1 -> NALEZENO

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: NENAHRÁNO [0x2]) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] o4sugqtf.default-1388854428906 : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> NALEZENO

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] b2595ac247b13351141c658d48f0bea8
[BSP] ab416d091a260dc7960111458ab85431 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 221948fb32c3b051223e0b58fed97d1a
[BSP] 771f3d458f8e414984c9773df869955c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 32 | Size: 122 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Re: vir "Policie ČR vás sleduje!" v pc

Napsal: 07 zář 2014 17:44
od wt56
ještě jsem se zdržel a dodělal podle tvého návodu
pc funguje normálně
je to takto všechno nebo ještě něco (log, něco dočistit,...)?
díky za rady

Re: vir "Policie ČR vás sleduje!" v pc

Napsal: 09 zář 2014 15:21
od wt56
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by Jarda (administrator) on TATKA on 09-09-2014 16:18:42
Running from C:\Documents and Settings\Jarda\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
( ) C:\Program Files\HP\HP UT\bin\hppusg.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Software 2000 Limited) C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\Jarda\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-07] (AVAST Software)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065896 2012-04-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [171008 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1993962763-776561741-1801674531-1003\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [3091296 2012-07-24] (Piriform Ltd)
HKU\S-1-5-21-1993962763-776561741-1801674531-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6688024 2014-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-1993962763-776561741-1801674531-1003\...\MountPoints2: {672dd9a0-6250-11e2-969f-001a4d2d3a13} - F:\iStudio.exe
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Jarda\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Jarda\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Jarda\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Jarda\Data aplikací\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 5195161828
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 5195250406
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{B70C44E1-B28E-4094-AC03-CB15CF53B645}: [NameServer] 194.228.41.65,194.228.41.113

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\o4sugqtf.default-1388854428906
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: DownloadHelper - C:\Documents and Settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\o4sugqtf.default-1388854428906\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-13]
FF Extension: Adblock Plus - C:\Documents and Settings\Jarda\Data aplikací\Mozilla\Firefox\Profiles\o4sugqtf.default-1388854428906\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR CustomProfile: C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-25]
CHR Extension: (YouTube) - C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-25]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-25]
CHR Extension: (Google Wallet Service) - C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
R4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-09-06] (Oracle Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-08-06] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-08-06] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-08-06] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-08-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-09-07] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-08-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-08-06] ()
R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [33512 2014-09-07] ()
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 16:18 - 2014-09-09 16:19 - 00014105 _____ () C:\Documents and Settings\Jarda\Plocha\FRST.txt
2014-09-09 16:17 - 2014-09-09 16:17 - 01097728 _____ (Farbar) C:\Documents and Settings\Jarda\Plocha\FRST.exe
2014-09-09 16:17 - 2014-09-09 16:17 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jarda\Plocha\FRSTLauncher.exe
2014-09-09 16:16 - 2014-09-09 16:16 - 00000000 ____D () C:\Documents and Settings\Jarda\Plocha\Nová složka
2014-09-08 09:35 - 2014-09-09 16:13 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-09-08 09:35 - 2014-09-09 16:13 - 00001409 _____ () C:\WINDOWS\QTFont.for
2014-09-07 17:36 - 2014-09-07 18:15 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-09-07 17:36 - 2014-09-07 17:36 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2014-09-07 17:36 - 2014-09-07 17:35 - 04857944 _____ () C:\Documents and Settings\Jarda\Plocha\RogueKiller.exe
2014-09-07 17:06 - 2014-09-09 16:18 - 00000000 ____D () C:\FRST
2014-09-07 16:32 - 2014-09-09 16:10 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\DropboxMaster
2014-09-07 16:12 - 2014-09-07 16:13 - 00000000 ____D () C:\rsit
2014-09-07 16:12 - 2014-09-07 16:12 - 00000000 ____D () C:\Program Files\trend micro
2014-09-07 16:11 - 2014-09-07 14:53 - 01107968 _____ () C:\Documents and Settings\Jarda\Plocha\RSIT.exe
2014-09-07 11:19 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files\Dropbox
2014-09-07 11:10 - 2014-09-07 18:44 - 00000000 ____D () C:\Documents and Settings\Jarda\Nabídka Start\Programy\Dropbox
2014-09-07 11:08 - 2014-09-09 16:10 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\Dropbox
2014-09-07 10:51 - 2014-09-09 16:08 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-07 10:51 - 2014-09-07 10:51 - 19143176 _____ (SUPERAntiSpyware) C:\Documents and Settings\Jarda\Plocha\SUPERAntiSpyware.exe
2014-09-07 10:51 - 2014-09-07 10:51 - 00001678 _____ () C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\SUPERAntiSpyware.com
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2014-09-07 10:27 - 2014-09-07 10:49 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-07 10:23 - 2014-09-09 16:11 - 00010374 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-07 10:23 - 2014-09-08 10:04 - 00016174 ____N () C:\WINDOWS\SchedLgU.Txt
2014-09-07 10:09 - 2014-09-07 10:09 - 00000000 __SHD () C:\WINDOWS\CSC
2014-09-07 07:34 - 2014-09-07 07:34 - 00015675 _____ () C:\Documents and Settings\Jarda\Plocha\hs_err_pid2924.log
2014-09-07 07:33 - 2014-09-07 07:33 - 00139264 _____ () C:\Documents and Settings\All Users\Data aplikací\CA221FA.cpp
2014-08-13 08:29 - 2014-08-13 08:29 - 00000000 ____D () C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Temp
2014-08-11 16:22 - 2014-08-11 16:22 - 00000000 ____D () C:\WINDOWS\jumpshot.com

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 16:19 - 2014-09-09 16:18 - 00014105 _____ () C:\Documents and Settings\Jarda\Plocha\FRST.txt
2014-09-09 16:19 - 2012-08-17 09:36 - 00000000 ____D () C:\Documents and Settings\Jarda\Local Settings\Temp
2014-09-09 16:18 - 2014-09-07 17:06 - 00000000 ____D () C:\FRST
2014-09-09 16:18 - 2013-10-29 18:32 - 00000000 ____D () C:\Documents and Settings\Jarda\Dokumenty\Stažené soubory
2014-09-09 16:18 - 2012-08-17 09:36 - 00000000 ___HD () C:\Documents and Settings\Jarda\Local Settings\Data aplikací
2014-09-09 16:18 - 2012-08-17 09:36 - 00000000 ____D () C:\Documents and Settings\Jarda\Plocha
2014-09-09 16:17 - 2014-09-09 16:17 - 01097728 _____ (Farbar) C:\Documents and Settings\Jarda\Plocha\FRST.exe
2014-09-09 16:17 - 2014-09-09 16:17 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Jarda\Plocha\FRSTLauncher.exe
2014-09-09 16:16 - 2014-09-09 16:16 - 00000000 ____D () C:\Documents and Settings\Jarda\Plocha\Nová složka
2014-09-09 16:16 - 2012-08-17 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-09-09 16:13 - 2014-09-08 09:35 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-09-09 16:13 - 2014-09-08 09:35 - 00001409 _____ () C:\WINDOWS\QTFont.for
2014-09-09 16:13 - 2013-11-09 17:37 - 00000000 ____D () C:\WINDOWS\pss
2014-09-09 16:13 - 2012-08-17 11:19 - 00000211 ___SH () C:\boot.ini
2014-09-09 16:13 - 2012-08-17 09:36 - 00000000 ___RD () C:\Documents and Settings\Jarda\Nabídka Start\Programy\Po spuštění
2014-09-09 16:13 - 2004-08-18 14:00 - 00000590 _____ () C:\WINDOWS\win.ini
2014-09-09 16:13 - 2004-08-18 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-09-09 16:12 - 2014-03-28 10:49 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-09 16:11 - 2014-09-07 10:23 - 00010374 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-09 16:10 - 2014-09-07 16:32 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\DropboxMaster
2014-09-09 16:10 - 2014-09-07 11:08 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\Dropbox
2014-09-09 16:08 - 2014-09-07 10:51 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-09 16:08 - 2014-03-28 10:49 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-09-09 16:08 - 2012-12-25 14:29 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 16:08 - 2012-08-17 12:02 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-09 16:08 - 2012-08-17 09:36 - 00000000 ____D () C:\Documents and Settings\Jarda
2014-09-09 16:08 - 2012-08-17 09:35 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-09 16:08 - 2004-08-18 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-08 10:04 - 2014-09-07 10:23 - 00016174 ____N () C:\WINDOWS\SchedLgU.Txt
2014-09-08 10:04 - 2012-08-17 09:36 - 00000178 ___SH () C:\Documents and Settings\Jarda\ntuser.ini
2014-09-08 09:39 - 2012-08-17 10:35 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-08 09:38 - 2012-12-25 14:29 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-07 18:44 - 2014-09-07 11:10 - 00000000 ____D () C:\Documents and Settings\Jarda\Nabídka Start\Programy\Dropbox
2014-09-07 18:44 - 2012-12-25 14:30 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-09-07 18:15 - 2014-09-07 17:36 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-09-07 17:36 - 2014-09-07 17:36 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2014-09-07 17:36 - 2012-08-17 11:20 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-09-07 17:35 - 2014-09-07 17:36 - 04857944 _____ () C:\Documents and Settings\Jarda\Plocha\RogueKiller.exe
2014-09-07 16:32 - 2012-08-17 09:36 - 00000000 __RHD () C:\Documents and Settings\Jarda\Data aplikací
2014-09-07 16:13 - 2014-09-07 16:12 - 00000000 ____D () C:\rsit
2014-09-07 16:12 - 2014-09-07 16:12 - 00000000 ____D () C:\Program Files\trend micro
2014-09-07 14:53 - 2014-09-07 16:11 - 01107968 _____ () C:\Documents and Settings\Jarda\Plocha\RSIT.exe
2014-09-07 11:19 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files\Dropbox
2014-09-07 11:10 - 2012-08-17 09:36 - 00000000 ___RD () C:\Documents and Settings\Jarda\Nabídka Start\Programy
2014-09-07 11:07 - 2014-08-06 17:09 - 00001733 _____ () C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
2014-09-07 11:07 - 2012-08-17 12:02 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-09-07 10:51 - 2014-09-07 10:51 - 19143176 _____ (SUPERAntiSpyware) C:\Documents and Settings\Jarda\Plocha\SUPERAntiSpyware.exe
2014-09-07 10:51 - 2014-09-07 10:51 - 00001678 _____ () C:\Documents and Settings\All Users\Plocha\SUPERAntiSpyware Free Edition.lnk
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\SUPERAntiSpyware.com
2014-09-07 10:51 - 2014-09-07 10:51 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2014-09-07 10:51 - 2012-08-17 11:22 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-09-07 10:49 - 2014-09-07 10:27 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-07 10:09 - 2014-09-07 10:09 - 00000000 __SHD () C:\WINDOWS\CSC
2014-09-07 07:34 - 2014-09-07 07:34 - 00015675 _____ () C:\Documents and Settings\Jarda\Plocha\hs_err_pid2924.log
2014-09-07 07:33 - 2014-09-07 07:33 - 00139264 _____ () C:\Documents and Settings\All Users\Data aplikací\CA221FA.cpp
2014-09-03 16:52 - 2013-01-19 17:54 - 00000000 ____D () C:\Documents and Settings\Jarda\Data aplikací\Intelli-studio
2014-08-28 16:25 - 2012-08-17 09:36 - 00000000 ___RD () C:\Documents and Settings\Jarda\Dokumenty
2014-08-28 15:46 - 2012-09-06 08:25 - 00002539 _____ () C:\Documents and Settings\Jarda\Plocha\Microsoft Word.lnk
2014-08-13 08:41 - 2013-08-16 14:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-13 08:39 - 2012-08-17 12:29 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-13 08:29 - 2014-08-13 08:29 - 00000000 ____D () C:\Documents and Settings\Jarda\Local Settings\Data aplikací\Temp
2014-08-13 08:22 - 2012-09-06 08:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-11 16:22 - 2014-08-11 16:22 - 00000000 ____D () C:\WINDOWS\jumpshot.com

Some content of TEMP:
====================
C:\Documents and Settings\Jarda\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjfd2jt.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:74.52 GB) (Free:51.03 GB) NTFS ==>[Drive with boot components (Windows XP)]

Available physical RAM: 286.86 MB
Total physical RAM: 1015.48 MB
Percentage of memory in use: 71%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 74.5 GB) (Disk ID: DE3ADE3A)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Jarda\Plocha" je 6168 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking
C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jarda^Nabdka Start^Programy^Po sputn^Dropbox.lnk
C:\DOCUME~1\Jarda\DATAAP~1\Dropbox\bin\Dropbox.exe /systemstartup [x]


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
TuneUp.UtilitiesSvc REG_DWORD 0x2
JavaQuickStarterService REG_DWORD 0x2
gusvc REG_DWORD 0x3
gupdatem REG_DWORD 0x3
gupdate REG_DWORD 0x2

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Documents and Settings\\Jarda\\Data aplikac\\Dropbox\\bin\\Dropbox.exe"="C:\\Documents and Settings\\Jarda\\Data aplikac\\Dropbox\\bin\\Dropbox.exe:*:Enabled:Dropbox"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: vir "Policie ČR vás sleduje!" v pc

Napsal: 10 zář 2014 07:11
od wt56
super, moc díky za pomoc
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz