VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Preventivka

https://forum.viry.cz:443/viewtopic.php?t=140148

Stránka 1 z 1

Preventivka

Napsal: 09 zář 2014 18:18
od gloomy
Zdravim

Mam starsi pocitac (2007 :) ), niekedy ked na nom dlhsie robim sa dost spomaly a vsetko trva dlhsie (predpokladam ze to bude vekom), ale aj tak by som chcel nejaku dobru dusu poprosit a preventivku.

btw.. RSIT mi spravilo log v zlozke ale ked sa mal nacitavat mi vyhodilo error ktory je v prilohe


Logfile of random's system information tool 1.10 (written by random/random)
Run by Elchappo at 2014-09-09 19:15:49
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 4 GB (6%) free of 65 GB
Total RAM: 3583 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:15:53, on 09.09.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Elchappo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
C:\Windows\system32\conhost.exe
D:\Program Files\Battle.net\Battle.net.4944\Battle.net.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Stiahnute Veci\RSIT (1).exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\trend micro\Elchappo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Elchappo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN32C133JT05SZ:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASGT - Unknown owner - C:\Windows\System32\ASGT.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Elchappo\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (file missing)
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 8381 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GlaryInitialize 4.job - D:\Program Files\Glary Utilities 4\Initialize.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001Core.job - C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001UA.job - C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - ""

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.179 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Doplnok iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=D:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.67.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

D:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
search-here.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-24 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-24 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-31 43816]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2014-08-01 152392]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 136176]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
""= []
"Spotify Web Helper"=C:\Users\Elchappo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-09-08 1245752]
"HP Deskjet 3520 series (NET)"=C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2012-10-17 1837672]

Re: Preventivka

Napsal: 10 zář 2014 18:26
od Rudy
Zdravím!
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Preventivka

Napsal: 10 zář 2014 22:32
od gloomy
Dobry vecer.

Prikladam ziadany log:

# AdwCleaner v3.309 - Report created 10/09/2014 at 23:27:11
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Elchappo - ELCHAPPO-PC
# Running from : C:\Users\Elchappo\Desktop\adwcleaner_3.309.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : DefaultTabUpdate
Service Deleted : ASGT

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Users\Elchappo\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Elchappo\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\ICQToolbarData
File Deleted : C:\Windows\system32\ASGT.exe
File Deleted : C:\Users\Elchappo\daemonprocess.txt
File Deleted : C:\Users\Elchappo\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\defaulttab.config
File Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\searchplugins\icqplugin.gif
File Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\searchplugins\icqplugin.src
File Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\searchplugins\search-here.xml
File Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\user.js
File Deleted : C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Vittalia

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v32.0 (x86 sk)

[ File : C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default\prefs.js ]

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015&tt=220512_53ctrl");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "4c675c17000000000000001d60566c9f");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "4c675c17000000000000001d60566c9f");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15490");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111015&tt=220512_53ctrl&babsrc=NT_ss&mntrId=4c675c17000000000000001d60566c9f");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:52:33");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", false);
Line Deleted : user_pref("icqtoolbar.firstTbRun", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1385327079);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options itb_people itb_zoom_in itb_zoom_out itb_zoom_default itb_games itb_highlight");
Line Deleted : user_pref("icqtoolbar.history", "0900%20kod%20banky||Melgar%20-%20Uni%C3%B3n%20Comercio||est||ifortuna||windows%207%20ovladace%20grafiky||ovladac%20grafiky||western%20digital%20support||DIN%20audio%20[...]
Line Deleted : user_pref("icqtoolbar.icqgeo", 4201);
Line Deleted : user_pref("icqtoolbar.installTime", "1356966511");
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "25.0.1");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.uninstStatSent", true);
Line Deleted : user_pref("icqtoolbar.uniqueID", "135678567613568292361356862099195");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1385635514);
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "sk");

-\\ Google Chrome v

[ File : C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&tt=220512_53ctrl&babsrc=SP_crm
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={BB12E6A7-2F49-4FDB-A285-2914AD180121}&mid=6ecb97b55f4f47d1a7d1d15426b2856c-e438294c48cce930de9d78c4e01e568db813c71c&lang=en&ds=or011&pr=sa&d=2012-03-08 16:41:58&v=10.0.0.7&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : dednnpigldgdbpgcdpfppmlcnnbjciel
Deleted [Extension] : jcdgjdiieiljkfkdcloehkohchhpekkn

*************************

AdwCleaner[R0].txt - [8464 octets] - [10/09/2014 23:24:08]
AdwCleaner[S0].txt - [8474 octets] - [10/09/2014 23:27:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8534 octets] ##########

Re: Preventivka

Napsal: 11 zář 2014 17:47
od Rudy
Dejte nový log RSIT.

Re: Preventivka

Napsal: 12 zář 2014 11:09
od gloomy
ten error pri RSIT stale vyhadzuje :)


Logfile of random's system information tool 1.10 (written by random/random)
Run by Elchappo at 2014-09-12 12:07:08
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 4 GB (7%) free of 65 GB
Total RAM: 3583 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:07:48, on 12.09.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Elchappo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
C:\Windows\system32\conhost.exe
D:\Program Files\Battle.net\Battle.net.4944\Battle.net.exe
D:\Program Files\World of Warcraft\Wow.exe
D:\Program Files\World of Warcraft\Utils\WowBrowserProxy.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Stiahnute Veci\RSIT.exe
C:\Program Files\trend micro\Elchappo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Elchappo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN32C133JT05SZ:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7990 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GlaryInitialize 4.job - D:\Program Files\Glary Utilities 4\Initialize.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001Core.job - C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001UA.job - C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - ""

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=Doplnok iTunes Detector
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=D:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.67.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

D:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-24 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-24 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-31 43816]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 974432]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2014-09-01 152392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 136176]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
""= []
"Spotify Web Helper"=C:\Users\Elchappo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-09-08 1245752]
"HP Deskjet 3520 series (NET)"=C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2012-10-17 1837672]

Re: Preventivka

Napsal: 12 zář 2014 18:41
od Rudy
Zkuste dát místo RSIT log FRST: http://forum.viry.cz/viewtopic.php?f=30&t=133101 .

Re: Preventivka

Napsal: 13 zář 2014 00:27
od gloomy
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Elchappo (administrator) on ELCHAPPO-PC on 13-09-2014 01:18:12
Running from C:\Users\Elchappo\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Elchappo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Blizzard Entertainment) D:\Program Files\Battle.net\Battle.net.4944\Battle.net.exe
(Google Inc.) C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
(Google Inc.) C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) D:\Program Files\World of Warcraft\Wow.exe
(Google Inc.) C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) D:\Program Files\World of Warcraft\Utils\WowBrowserProxy.exe
(Google Inc.) C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Elchappo\Desktop\FRSTLauncher (2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\Run: [Google Update] => C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-06] (Google Inc.)
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\Run: [] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
pdate.exe" /c




































































































































(the data entry has 824 more characters).
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\Run: [Spotify Web Helper] => C:\Users\Elchappo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-08] (Spotify Ltd)
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {2805002e-87b5-11e1-9f13-001d60566c9f} - F:\Autorun.exe
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {28bcf242-419c-11e3-aa6b-001d60566c9f} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {376a693a-56ae-11e3-987f-001d60566c9f} - F:\Autorun\autorun.exe
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {c6278bc8-f78c-11e1-9652-001d60566c9f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\EGO-wmv-480x360.wmv
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {ceea842c-782b-11e1-89e7-001d60566c9f} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {eeb8599a-7cc2-11e1-8983-001d60566c9f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\EGO-wmv-480x360.wmv
Startup: C:\Users\Elchappo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
BootExecute: autocheck autochk * BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF39FB1DCAFECC01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - {7B7E241A-FB41-47ED-94B0-2507226229E6} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default
FF DefaultSearchEngine: ICQ Search
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: user_pref("browser.startup.homepage", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Elchappo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Elchappo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ditec.sk/DSigXadesFb -> C:\Program Files\Ditec\DSigXades\npDitec.Zep.DSigXadesFb.dll (Ditec,a.s.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "about:blank"
CHR DefaultSearchKeyword: Default -> CAF8D4F2A7A4F2A0B2FC09A2948EFED500122098F76571A15F54986E2E4C4B01
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR CustomProfile: C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-06]
CHR Extension: (AdBlocker - Blokovač reklám pre YouTube™) - C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2013-11-04]
CHR Extension: (Hľadať v Google) - C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-06]
CHR Extension: (Top Eleven) - C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2013-10-07]
CHR Extension: (Pocket) - C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-02-27]
CHR Extension: (Save to Pocket) - C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-02-27]
CHR Extension: (Peňaženka Google) - C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]
CHR Extension: (Gmail) - C:\Users\Elchappo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx []
CHR StartMenuInternet: Google Chrome - C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-07-18] (Teruten) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Angelnt; C:\Windows\System32\Drivers\ANGELNT.SYS [51072 2014-02-25] (Identcode Ltd.) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-11-27] (Disc Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [13344 2013-04-19] ()
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 01:18 - 2014-09-13 01:20 - 00014986 _____ () C:\Users\Elchappo\Desktop\FRST.txt
2014-09-13 01:17 - 2014-09-13 01:18 - 00000000 ____D () C:\FRST
2014-09-13 01:15 - 2014-09-13 01:14 - 00112640 _____ (forum.viry.cz) C:\Users\Elchappo\Desktop\FRSTLauncher (2).exe
2014-09-13 01:15 - 2014-09-13 01:12 - 01097728 _____ (Farbar) C:\Users\Elchappo\Desktop\FRST.exe
2014-09-11 19:30 - 2014-09-11 19:30 - 00001550 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-11 19:28 - 2014-09-11 19:28 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 23:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-10 23:19 - 2014-09-10 23:17 - 01370467 _____ () C:\Users\Elchappo\Desktop\adwcleaner_3.309.exe
2014-09-10 23:18 - 2014-09-10 23:29 - 00000000 ____D () C:\AdwCleaner
2014-09-10 19:01 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 19:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 19:01 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 19:01 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 19:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 19:00 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 19:00 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 19:00 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 19:00 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 19:00 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 19:00 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 19:00 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 19:00 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 19:00 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 19:00 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 19:00 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 19:00 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 19:00 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 19:00 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 19:00 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 19:00 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 19:00 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 19:00 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 19:00 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 19:00 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 19:00 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 19:00 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 19:00 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 19:00 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 19:00 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 18:59 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 13:41 - 2014-09-10 13:41 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-10 11:26 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 11:26 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 11:26 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 11:26 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 11:26 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 11:25 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 11:17 - 2014-09-13 00:59 - 00000336 _____ () C:\Windows\setupact.log
2014-09-10 11:17 - 2014-09-10 23:30 - 00001144 _____ () C:\Windows\PFRO.log
2014-09-10 11:17 - 2014-09-10 11:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-28 15:02 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:02 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 19:23 - 2014-08-27 19:24 - 00000262 _____ () C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2014-08-27 19:22 - 2014-08-27 19:22 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-08-25 08:37 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-25 08:37 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-25 08:37 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-25 08:37 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-25 08:37 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-25 08:37 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-25 08:37 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-25 08:37 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-25 08:37 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-24 11:41 - 2014-08-24 11:42 - 00000303 ____H () C:\Users\Elchappo\Documents\.picasa.ini
2014-08-24 11:14 - 2014-09-10 20:32 - 00000000 ____D () C:\Windows\rescache
2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\Users\Elchappo\AppData\Roaming\Oracle
2014-08-24 10:22 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-24 10:22 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-24 10:22 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-24 10:22 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-24 10:18 - 2014-08-24 10:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-24 10:17 - 2014-08-24 10:17 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-24 10:17 - 2014-08-24 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-24 10:17 - 2014-08-24 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-24 10:17 - 2014-08-24 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-24 09:35 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-24 09:35 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-24 09:35 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-24 09:35 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-24 09:34 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-24 09:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-24 09:34 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-24 09:34 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-24 09:34 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-24 09:34 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 01:20 - 2014-09-13 01:18 - 00014986 _____ () C:\Users\Elchappo\Desktop\FRST.txt
2014-09-13 01:19 - 2013-10-27 21:45 - 00000000 ____D () C:\Users\Elchappo\AppData\Local\Battle.net
2014-09-13 01:18 - 2014-09-13 01:17 - 00000000 ____D () C:\FRST
2014-09-13 01:16 - 2012-03-06 18:17 - 01652024 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 01:14 - 2014-09-13 01:15 - 00112640 _____ (forum.viry.cz) C:\Users\Elchappo\Desktop\FRSTLauncher (2).exe
2014-09-13 01:12 - 2014-09-13 01:15 - 01097728 _____ (Farbar) C:\Users\Elchappo\Desktop\FRST.exe
2014-09-13 01:07 - 2009-07-14 06:34 - 00015312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 01:07 - 2009-07-14 06:34 - 00015312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 01:06 - 2013-10-03 13:28 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-13 01:04 - 2012-03-06 18:35 - 01586846 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 01:01 - 2014-02-28 01:23 - 00000322 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-09-13 01:00 - 2013-10-03 13:28 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-13 00:59 - 2014-09-10 11:17 - 00000336 _____ () C:\Windows\setupact.log
2014-09-13 00:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 18:41 - 2012-04-11 15:35 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 18:30 - 2013-05-23 22:46 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001UA.job
2014-09-12 18:04 - 2014-01-17 15:11 - 00000000 ____D () C:\Users\Elchappo\AppData\Roaming\Spotify
2014-09-12 17:46 - 2014-01-17 15:11 - 00000000 ____D () C:\Users\Elchappo\AppData\Local\Spotify
2014-09-12 16:53 - 2014-05-23 02:42 - 00000000 ____D () C:\Users\Elchappo\AppData\Local\Deployment
2014-09-12 12:07 - 2014-02-28 02:26 - 00000000 ____D () C:\Program Files\trend micro
2014-09-12 03:33 - 2013-10-07 16:12 - 00000000 ____D () C:\Users\Elchappo\AppData\Roaming\BitTorrent
2014-09-12 02:21 - 2014-03-12 03:58 - 00000000 ____D () C:\Users\Elchappo\AppData\Roaming\BSplayer PRO
2014-09-11 19:30 - 2014-09-11 19:30 - 00001550 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-11 19:28 - 2014-09-11 19:28 - 00000000 ____D () C:\Program Files\iPod
2014-09-11 19:28 - 2012-03-06 18:51 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-11 19:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 23:30 - 2014-09-10 11:17 - 00001144 _____ () C:\Windows\PFRO.log
2014-09-10 23:29 - 2014-09-10 23:18 - 00000000 ____D () C:\AdwCleaner
2014-09-10 23:27 - 2012-03-06 18:24 - 00000000 ____D () C:\Users\Elchappo
2014-09-10 23:17 - 2014-09-10 23:19 - 01370467 _____ () C:\Users\Elchappo\Desktop\adwcleaner_3.309.exe
2014-09-10 20:32 - 2014-08-24 11:14 - 00000000 ____D () C:\Windows\rescache
2014-09-10 18:59 - 2013-10-03 15:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 18:49 - 2012-03-09 02:42 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 18:49 - 2012-03-06 23:33 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-10 18:48 - 2014-05-06 19:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 18:48 - 2012-03-06 23:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 13:41 - 2014-09-10 13:41 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-10 13:41 - 2012-04-11 15:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 13:41 - 2012-03-12 02:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 11:17 - 2014-09-10 11:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-09 19:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-09 18:55 - 2012-03-06 18:53 - 00000000 ____D () C:\Users\Elchappo\AppData\Roaming\Apple Computer
2014-09-09 18:55 - 2012-03-06 18:53 - 00000000 ____D () C:\Users\Elchappo\AppData\Local\Apple Computer
2014-09-09 11:10 - 2014-03-08 22:48 - 00000000 ____D () C:\Users\Elchappo\AppData\Roaming\DiskDefrag
2014-09-08 15:50 - 2014-01-22 16:16 - 00000000 ____D () C:\Users\Elchappo\Desktop\Blocky
2014-09-08 10:31 - 2014-07-07 08:34 - 00000000 ____D () C:\Users\Elchappo\AppData\Local\Adobe
2014-09-05 03:52 - 2014-09-10 11:26 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-10 11:25 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 16:25 - 2012-03-06 19:02 - 00000000 ____D () C:\Users\Elchappo\AppData\Roaming\Skype
2014-09-04 00:07 - 2012-07-29 19:58 - 00000000 ____D () C:\Users\Elchappo\AppData\Roaming\Mumble
2014-08-29 13:04 - 2012-04-20 12:24 - 00000000 ____D () C:\Users\Elchappo\AppData\Local\CrashDumps
2014-08-29 00:31 - 2009-07-14 06:33 - 00414840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 19:24 - 2014-08-27 19:23 - 00000262 _____ () C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2014-08-27 19:22 - 2014-08-27 19:22 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-08-26 09:30 - 2013-05-23 22:46 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001Core.job
2014-08-24 11:42 - 2014-08-24 11:41 - 00000303 ____H () C:\Users\Elchappo\Documents\.picasa.ini
2014-08-24 11:40 - 2012-03-06 18:34 - 00000000 ____D () C:\Users\Elchappo\AppData\Local\Google
2014-08-24 11:38 - 2012-03-10 21:07 - 00000000 ____D () C:\Program Files\Google
2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\Users\Elchappo\AppData\Roaming\Oracle
2014-08-24 10:18 - 2014-08-24 10:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-24 10:17 - 2014-08-24 10:17 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-24 10:17 - 2014-08-24 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-24 10:17 - 2014-08-24 10:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-24 10:17 - 2014-08-24 10:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-23 03:46 - 2014-08-28 15:02 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 15:02 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 19:39 - 2014-09-10 19:00 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-10 19:00 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-10 19:00 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-10 19:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-10 19:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-10 19:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-10 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-10 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 19:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 19:00 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-10 19:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-10 19:01 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-10 19:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-10 19:00 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-10 19:01 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-10 19:00 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-10 19:00 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-10 19:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 19:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-10 19:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 19:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-10 19:00 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-10 19:00 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 19:00 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-10 19:00 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-10 19:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-10 19:00 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-10 19:00 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-10 19:00 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Elchappo\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => D:\Program Files\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001Core.job => C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001UA.job => C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Elchappo\Desktop" je 7 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Preventivka

Napsal: 13 zář 2014 18:41
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {2805002e-87b5-11e1-9f13-001d60566c9f} - F:\Autorun.exe
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {28bcf242-419c-11e3-aa6b-001d60566c9f} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {376a693a-56ae-11e3-987f-001d60566c9f} - F:\Autorun\autorun.exe
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {c6278bc8-f78c-11e1-9652-001d60566c9f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\EGO-wmv-480x360.wmv
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {ceea842c-782b-11e1-89e7-001d60566c9f} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {eeb8599a-7cc2-11e1-8983-001d60566c9f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\EGO-wmv-480x360.wmv
FF DefaultSearchEngine: ICQ Search
FF Plugin: @microsoft.com/GENUINE -> disabled No File
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001UA.job
C:\Users\Elchappo\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Dále stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:commands
[Purity]
[Emptytemp]
[Emptyflash]
[Resethost]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Re: Preventivka

Napsal: 13 zář 2014 19:33
od gloomy
Prvy log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Elchappo at 2014-09-13 20:21:14 Run:1
Running from C:\Users\Elchappo\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {2805002e-87b5-11e1-9f13-001d60566c9f} - F:\Autorun.exe
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {28bcf242-419c-11e3-aa6b-001d60566c9f} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {376a693a-56ae-11e3-987f-001d60566c9f} - F:\Autorun\autorun.exe
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {c6278bc8-f78c-11e1-9652-001d60566c9f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\EGO-wmv-480x360.wmv
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {ceea842c-782b-11e1-89e7-001d60566c9f} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\...\MountPoints2: {eeb8599a-7cc2-11e1-8983-001d60566c9f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\EGO-wmv-480x360.wmv
FF DefaultSearchEngine: ICQ Search
FF Plugin: @microsoft.com/GENUINE -> disabled No File
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001UA.job
C:\Users\Elchappo\AppData\Local\Temp
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
"HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1302123622-1747697599-3381875975-1001" => Key not found.
"HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2805002e-87b5-11e1-9f13-001d60566c9f}" => Key deleted successfully.
"HKCR\CLSID\{2805002e-87b5-11e1-9f13-001d60566c9f}" => Key not found.
"HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28bcf242-419c-11e3-aa6b-001d60566c9f}" => Key deleted successfully.
"HKCR\CLSID\{28bcf242-419c-11e3-aa6b-001d60566c9f}" => Key not found.
"HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{376a693a-56ae-11e3-987f-001d60566c9f}" => Key deleted successfully.
"HKCR\CLSID\{376a693a-56ae-11e3-987f-001d60566c9f}" => Key not found.
"HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6278bc8-f78c-11e1-9652-001d60566c9f}" => Key deleted successfully.
"HKCR\CLSID\{c6278bc8-f78c-11e1-9652-001d60566c9f}" => Key not found.
"HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ceea842c-782b-11e1-89e7-001d60566c9f}" => Key deleted successfully.
"HKCR\CLSID\{ceea842c-782b-11e1-89e7-001d60566c9f}" => Key not found.
"HKU\S-1-5-21-1302123622-1747697599-3381875975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eeb8599a-7cc2-11e1-8983-001d60566c9f}" => Key deleted successfully.
"HKCR\CLSID\{eeb8599a-7cc2-11e1-8983-001d60566c9f}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key Deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001UA.job => Moved successfully.

"C:\Users\Elchappo\AppData\Local\Temp" directory move:

C:\Users\Elchappo\AppData\Local\Temp\31991CDF-90A9-4339-AECE-00A882B12142.Diagnose.0.etl => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\31991CDF-90A9-4339-AECE-00A882B12142.Repair.1.etl => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\31991CDF-90A9-4339-AECE-00A882B12142.Verify.2.etl => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\31FB4DDD-DF48-4332-8CBD-4D0A63914F38.Diagnose.0.etl => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\31FB4DDD-DF48-4332-8CBD-4D0A63914F38.Repair.1.etl => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\31FB4DDD-DF48-4332-8CBD-4D0A63914F38.Verify.2.etl => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\C90E9E7D-6263-4FDB-9E22-AE0AA086E595.Diagnose.0.etl => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\C90E9E7D-6263-4FDB-9E22-AE0AA086E595.Repair.1.etl => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\C90E9E7D-6263-4FDB-9E22-AE0AA086E595.Verify.2.etl => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\chrome_installer.log => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\Donate.ico => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Elchappo\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Elchappo\AppData\Local\Temp\geColladaModelCacheLock => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\geIconCacheLock => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\log3 => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\LogSolidConverterPDFDriverInstall.txt => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\modules00 => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\modules11 => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\SetupAdmin1538.log => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\wmplog01.sqm => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\~737A.tmp => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\~8297.bat => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\~8297.tmp => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\~gu3-ver.dat => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\~upgrade.dat => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\teamspeak_temp_0\msvcp110.dll => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\teamspeak_temp_0\msvcr110.dll => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\teamspeak_temp_0\Qt5Core.dll => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\teamspeak_temp_0\Qt5Gui.dll => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\teamspeak_temp_0\Qt5Network.dll => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\teamspeak_temp_0\Qt5Widgets.dll => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\teamspeak_temp_0\update.exe => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\teamspeak_temp_0\platforms\qwindows.dll => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\teamspeak_temp_0\imageformats\qgif.dll => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\teamspeak_temp_0\imageformats\qjpeg.dll => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\teamspeak_temp_0\accessible\qtaccessiblewidgets.dll => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_28308\output.0.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_28308\output.1.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_28308\output.2.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_28308\output.3.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_22965\output.0.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_22965\output.1.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_22965\output.2.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_22965\output.3.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_22965\output.4.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_2046\output.0.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_2046\output.1.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_2046\output.2.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_2046\output.3.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_11902\output.0.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_11902\output.1.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_11902\output.2.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\scoped_dir3724_11902\output.3.emf => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\HP\AtStatus\hpinkstsb011lm.log => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\Curse\CurseHardware_dxdiag.xml => Moved successfully.
C:\Users\Elchappo\AppData\Local\Temp\CR_81D20.tmp\SETUP_PATCH.PACKED.7Z => Moved successfully.
Could not move "C:\Users\Elchappo\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-13 20:26:53)<=

C:\Users\Elchappo\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Elchappo\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

Re: Preventivka

Napsal: 13 zář 2014 19:34
od gloomy
Druhy log

Logfile of random's system information tool 1.10 (written by random/random)
Run by Elchappo at 2014-09-13 20:33:21
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 4 GB (6%) free of 65 GB
Total RAM: 3583 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:34:16, on 13.09.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Elchappo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Stiahnute Veci\RSIT.exe
C:\Program Files\trend micro\Elchappo.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elchappo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Elchappo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN32C133JT05SZ:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7636 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize 4.job - D:\Program Files\Glary Utilities 4\Initialize.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1302123622-1747697599-3381875975-1001Core.job - C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe /c

=========Mozilla firefox=========

ProfilePath - C:\Users\Elchappo\AppData\Roaming\Mozilla\Firefox\Profiles\nnrxp0t0.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - ""

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=D:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.67.2]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=
"Path"=

D:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-24 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-24 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-31 43816]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 974432]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28 49208]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2014-09-01 152392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Elchappo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 136176]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
""= []
"Spotify Web Helper"=C:\Users\Elchappo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-09-08 1245752]
"HP Deskjet 3520 series (NET)"=C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2012-10-17 1837672]

Re: Preventivka

Napsal: 13 zář 2014 20:52
od Rudy
Máte málo volného místa na disku. Přesuňte některá svá data na jiné úložište, příp.odinstalujte již nepoužívané programy. Jinak smazáno, log OK.

Re: Preventivka

Napsal: 13 zář 2014 21:16
od gloomy
musim sa niekedy povenovat presuvaniu veci z C na D alebo zvacsit Ccko.

Dakujem velmi pekne za pomoc :)

Re: Preventivka

Napsal: 13 zář 2014 22:12
od Rudy
Asi ano. Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz