VIRY.CZ

Logfile of random's system information tool 1.10 (written by random/random)
Run by Lukáš at 2014-10-13 11:23:53
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 99 GB (70%) free of 141 GB
Total RAM: 2046 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:55, on 13.10.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Lukáš\Desktop\RSIT.exe
C:\Program Files\trend micro\Lukáš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 3531 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\xo5q6kss.default-1410209516260

"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-08-11 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-08-11 4085896]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Programy\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2014-09-26 4811032]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"QuickLaunchEnabled"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"MSVideo8"=VfWWDM32.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.mp43"=mpg4c32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-10-13 11:23:53 ----D---- C:\rsit
2014-10-13 10:04:56 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-13 10:04:55 ----A---- C:\Windows\system32\msrating.dll
2014-10-13 10:04:55 ----A---- C:\Windows\system32\jscript.dll
2014-10-13 10:04:54 ----A---- C:\Windows\system32\jscript9.dll
2014-10-13 10:04:54 ----A---- C:\Windows\system32\dxtmsft.dll
2014-10-13 10:04:53 ----A---- C:\Windows\system32\jsproxy.dll
2014-10-13 10:04:53 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-13 10:04:52 ----A---- C:\Windows\system32\ieui.dll
2014-10-13 10:04:52 ----A---- C:\Windows\system32\iesetup.dll
2014-10-13 10:04:51 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-13 10:04:51 ----A---- C:\Windows\system32\iesysprep.dll
2014-10-13 10:04:51 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-13 10:04:50 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-13 10:04:50 ----A---- C:\Windows\system32\iertutil.dll
2014-10-13 10:04:50 ----A---- C:\Windows\system32\iernonce.dll
2014-10-13 10:04:49 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-13 10:04:48 ----A---- C:\Windows\system32\wininet.dll
2014-10-13 10:04:48 ----A---- C:\Windows\system32\urlmon.dll
2014-10-13 10:04:44 ----A---- C:\Windows\system32\ieframe.dll
2014-10-13 10:04:42 ----A---- C:\Windows\system32\mshtml.dll
2014-10-13 09:50:32 ----A---- C:\Windows\system32\infocardapi.dll
2014-10-13 09:50:28 ----A---- C:\Windows\system32\icardres.dll
2014-10-13 09:50:17 ----A---- C:\Windows\system32\icardagt.exe
2014-10-13 09:50:13 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-10-13 09:34:37 ----A---- C:\Windows\system32\rpcrt4.dll
2014-10-13 09:34:33 ----A---- C:\Windows\system32\msi.dll
2014-10-13 09:34:32 ----A---- C:\Windows\system32\msihnd.dll
2014-10-13 09:34:32 ----A---- C:\Windows\system32\consent.exe
2014-10-13 09:34:32 ----A---- C:\Windows\system32\authui.dll
2014-10-13 09:34:26 ----A---- C:\Windows\system32\ntkrnlpa.exe
2014-10-13 09:34:25 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-10-13 09:34:24 ----A---- C:\Windows\system32\winlogon.exe
2014-10-13 09:34:24 ----A---- C:\Windows\system32\objsel.dll
2014-10-13 09:34:24 ----A---- C:\Windows\system32\KernelBase.dll
2014-10-13 09:34:23 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-10-13 09:34:23 ----A---- C:\Windows\system32\dimsroam.dll
2014-10-13 09:34:23 ----A---- C:\Windows\system32\cngprovider.dll
2014-10-13 09:34:23 ----A---- C:\Windows\system32\capiprovider.dll
2014-10-13 09:34:23 ----A---- C:\Windows\system32\adprovider.dll
2014-10-13 09:34:22 ----A---- C:\Windows\system32\wincredprovider.dll
2014-10-13 09:34:13 ----A---- C:\Windows\system32\msxml6r.dll
2014-10-13 09:34:13 ----A---- C:\Windows\system32\msxml6.dll
2014-10-13 09:34:13 ----A---- C:\Windows\system32\msxml3.dll
2014-10-13 09:34:12 ----A---- C:\Windows\system32\msxml3r.dll
2014-10-13 09:34:10 ----A---- C:\Windows\system32\qedit.dll
2014-10-13 09:34:06 ----A---- C:\Windows\system32\lsasrv.dll
2014-10-13 09:34:06 ----A---- C:\Windows\system32\kerberos.dll
2014-10-13 09:33:46 ----A---- C:\Windows\system32\osk.exe
2014-10-13 09:33:45 ----A---- C:\Windows\system32\win32k.sys
2014-10-13 09:33:45 ----A---- C:\Windows\system32\gdi32.dll
2014-10-13 09:33:36 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-10-13 09:33:35 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-10-13 09:33:34 ----A---- C:\Windows\system32\shell32.dll
2014-10-13 09:33:33 ----A---- C:\Windows\system32\drivers\afd.sys
2014-10-13 09:33:32 ----A---- C:\Windows\system32\usp10.dll
2014-10-13 09:33:32 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2014-10-13 09:33:32 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-10-13 09:33:31 ----A---- C:\Windows\system32\cdd.dll
2014-10-13 09:23:47 ----A---- C:\Windows\system32\wdigest.dll
2014-10-13 09:23:47 ----A---- C:\Windows\system32\TSpkg.dll
2014-10-13 09:23:47 ----A---- C:\Windows\system32\schannel.dll
2014-10-13 09:23:47 ----A---- C:\Windows\system32\msv1_0.dll
2014-10-13 09:23:46 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-10-13 09:23:44 ----A---- C:\Windows\system32\sspicli.dll
2014-10-13 09:23:44 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-10-13 09:23:43 ----A---- C:\Windows\system32\lsass.exe
2014-10-13 09:23:40 ----A---- C:\Windows\system32\credssp.dll
2014-10-13 09:23:39 ----A---- C:\Windows\system32\sspisrv.dll
2014-10-13 09:23:39 ----A---- C:\Windows\system32\secur32.dll
2014-10-13 09:22:24 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-10-13 09:22:24 ----A---- C:\Windows\system32\rdpcorets.dll
2014-09-25 08:36:57 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2014-10-13 11:23:54 ----D---- C:\Program Files\trend micro
2014-10-13 11:20:44 ----D---- C:\Windows\Microsoft.NET
2014-10-13 11:20:39 ----RSD---- C:\Windows\assembly
2014-10-13 11:06:15 ----D---- C:\Windows
2014-10-13 10:49:35 ----D---- C:\Windows\system32\config
2014-10-13 10:29:55 ----D---- C:\Program Files\SUPERAntiSpyware
2014-10-13 10:29:25 ----D---- C:\Windows\temp
2014-10-13 10:21:46 ----D---- C:\Windows\SoftwareDistribution
2014-10-13 10:20:39 ----D---- C:\Windows\Panther
2014-10-13 10:20:39 ----D---- C:\Windows\inf
2014-10-13 10:20:37 ----D---- C:\Windows\debug
2014-10-13 10:14:37 ----D---- C:\Windows\winsxs
2014-10-13 10:08:59 ----D---- C:\Windows\System32
2014-10-13 10:08:59 ----D---- C:\Windows\ehome
2014-10-13 10:08:59 ----D---- C:\Program Files\Internet Explorer
2014-10-13 10:08:58 ----D---- C:\Windows\system32\drivers
2014-10-13 10:08:58 ----D---- C:\Program Files\Windows Journal
2014-10-13 10:08:49 ----D---- C:\Windows\system32\zh-TW
2014-10-13 10:08:49 ----D---- C:\Windows\system32\tr-TR
2014-10-13 10:08:49 ----D---- C:\Windows\system32\sv-SE
2014-10-13 10:08:49 ----D---- C:\Windows\system32\ru-RU
2014-10-13 10:08:49 ----D---- C:\Windows\system32\pt-PT
2014-10-13 10:08:49 ----D---- C:\Windows\system32\pt-BR
2014-10-13 10:08:49 ----D---- C:\Windows\system32\pl-PL
2014-10-13 10:08:49 ----D---- C:\Windows\system32\nb-NO
2014-10-13 10:08:49 ----D---- C:\Windows\system32\it-IT
2014-10-13 10:08:49 ----D---- C:\Windows\system32\fr-FR
2014-10-13 10:08:49 ----D---- C:\Windows\system32\es-ES
2014-10-13 10:08:49 ----D---- C:\Windows\system32\en-US
2014-10-13 10:08:49 ----D---- C:\Windows\system32\el-GR
2014-10-13 10:08:49 ----D---- C:\Windows\system32\de-DE
2014-10-13 10:08:49 ----D---- C:\Windows\system32\da-DK
2014-10-13 10:08:49 ----D---- C:\Windows\system32\cs-CZ
2014-10-13 10:08:49 ----D---- C:\Windows\system32\ar-SA
2014-10-13 10:08:34 ----D---- C:\Windows\PolicyDefinitions
2014-10-13 10:05:34 ----D---- C:\Windows\system32\catroot
2014-10-13 10:05:32 ----D---- C:\Windows\system32\catroot2
2014-10-13 10:03:07 ----D---- C:\Windows\Prefetch
2014-10-13 09:59:16 ----D---- C:\Windows\system32\MRT
2014-10-13 09:54:51 ----SHD---- C:\Windows\Installer
2014-10-13 09:40:50 ----SHD---- C:\System Volume Information
2014-10-13 09:39:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-10-13 09:11:01 ----D---- C:\Users\Lukáš\AppData\Roaming\uTorrent
2014-10-13 09:08:09 ----D---- C:\Program Files\CCleaner
2014-09-29 15:44:51 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-09-27 08:39:10 ----D---- C:\Program Files\Common Files\Steam
2014-09-26 07:18:41 ----D---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-11 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-11 192352]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-08-11 81768]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-08-11 779536]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-08-11 414520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-11 24184]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-11 67824]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-08-11 71944]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 AF15BDA;AF9015 BDA Device; C:\Windows\system32\DRIVERS\AF15BDA.sys [2011-06-09 483200]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2013-03-05 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2013-03-05 25200]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2013-02-23 40776]
S3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2009-07-14 657408]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 pgfilter;pgfilter; \??\D:\Programy\PeerGuardian2\pgfilter.sys []
S3 pneteth;PdaNet Broadband; C:\Windows\system32\DRIVERS\pneteth.sys [2011-11-25 13440]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\Windows\system32\DRIVERS\usb8023.sys [2013-02-12 15872]
S3 USB28xxBGA;PCTV 330e/8x0e Device; C:\Windows\system32\DRIVERS\emBDA.sys [2007-08-08 476288]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM.sys [2007-08-08 38656]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinUsb;Sony sa0102 ADB Interface; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2014-10-13 142648]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-08-11 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-11 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-11 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-25 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2014-09-23 833728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Zdravím, přes Odebrat programy odinstaluj Pando Media Booster.


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.


Pak použij Mbam z mého podpisu a dej mi sem z něj také log, předem nic nemazat !

Tak Pando Media Booster jsem nikde nenašel.

# AdwCleaner v4.000 - Report created 13/10/2014 at 18:08:08
# Updated 12/10/2014 by Xplode
# Database :
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Lukáš - LUKÁŠ-PC
# Running from : C:\Users\Lukáš\Desktop\adwcleaner_4.000.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Lukáš\AppData\Local\Pokki
Folder Found : C:\Users\Lukáš\AppData\Roaming\OpenCandy

***** [ Scheduled Tasks ] *****

Task Found : Your File Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dt soft\daemon tools toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Key Found : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17088


-\\ Mozilla Firefox v32.0.3 (x86 cs)


-\\ Google Chrome v37.0.2062.124

Found [Search Provider] : hxxp://start.facemoods.com/?a=ddrnw&f=4&q={searchTerms}

*************************

AdwCleaner[R0].txt - [2083 octets] - [13/10/2014 18:08:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2143 octets] ##########


Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 13.10.2014
Scan Time: 18:20:49
Logfile: text.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.13.05
Rootkit Database: v2014.10.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: LukA!A!

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317187
Time Elapsed: 8 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3620230372-1335459042-152950401-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [4fea74a0c7b532048604cfcc8b772cd4],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.OpenCandy, C:\Users\LukA!A!\AppData\Roaming\OpenCandy, , [e752997b225a1b1b3211697fb74b8d73],
PUP.Optional.OpenCandy, C:\Users\LukA!A!\AppData\Roaming\OpenCandy\1B1570804F1D45779526E73756FF9A6E, , [e752997b225a1b1b3211697fb74b8d73],

Files: 2
PUP.Optional.OpenCandy, C:\Users\LukA!A!\Desktop\DTLite4491-0356.exe, , [4dec5bb99ce0d66009240d36d92c31cf],
PUP.Optional.OpenCandy, C:\Users\LukA!A!\AppData\Roaming\OpenCandy\1B1570804F1D45779526E73756FF9A6E\avg_tuht_stf_cs_2014_206_CZ.exe, , [e752997b225a1b1b3211697fb74b8d73],

Physical Sectors: 0
(No malicious items detected)


(end)

Znovu spusť AdwCleaner ale tentokrát klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zase zkopíruj Report.


To co Mbam našel nech smazat.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

# AdwCleaner v4.000 - Report created 14/10/2014 at 18:24:55
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Lukáš - LUKÁŠ-PC
# Running from : C:\Users\Lukáš\Desktop\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Lukáš\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Lukáš\AppData\Local\Pokki

***** [ Scheduled Tasks ] *****

Task Deleted : Your File Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17088


-\\ Mozilla Firefox v32.0.3 (x86 cs)


-\\ Google Chrome v37.0.2062.124


*************************

AdwCleaner[R0].txt - [2223 octets] - [13/10/2014 18:08:08]
AdwCleaner[R1].txt - [2283 octets] - [14/10/2014 18:22:39]
AdwCleaner[S0].txt - [2160 octets] - [14/10/2014 18:24:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2220 octets] ##########

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\Program Files\Pando Networks\Media Booster folder moved successfully.
C:\Program Files\Pando Networks folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Luk ç

User: Lukáš
->Temp folder emptied: 12191526 bytes
->Temporary Internet Files folder emptied: 22477 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4334037 bytes
->Google Chrome cache emptied: 373817650 bytes
->Flash cache emptied: 597 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9743104 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78213 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 382,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 10142014_184720

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Pak písni jaký je stav PC.

Vypadá, že vše běží jak má. Díky

Není zač a